Lead Application Security Architect (Hybrid) at Eversource Energy

Berlin, Connecticut, United States

Apply Now

Not SpecifiedCompensation

Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

NoVisa

Energy, UtilitiesIndustries

Requirements

5+ years of senior level Cyber Security experience
Experience leading mid to large security initiatives and managing small teams within Security
Background performing cybersecurity code analysis, including identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and serving as an escalation point for the appsec team
Excellent communications and interpersonal skills to convey technical aspects to personnel who may not be well-versed in those areas
Experience with DevSecOps and Agile methodology
Ability to produce high quality oral and written work, presenting complex technical matters clearly and concisely to audiences ranging from peers to Sr. Management
Experience with cloud methods
Authorization to work in the United States (no sponsorship for work visas)
Ability to work hybrid schedule (at least three days in office, including Tuesdays and Wednesdays, up to five days if needed)

Responsibilities

Lead a team alongside other cybersecurity specialists, shaping Application Security and collaborating across business lines and technical domains
Focus on security issues involving secure coding and secure design; assist in resolving security issues by offering alternative coding solutions
Work with project teams and business management to promote a security mindset
Interact closely with technology and business colleagues on projects; deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC), e.g., code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning
Aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity
Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives
Cultivate security culture with product technology and business colleagues; build a vision around the next level of security maturity for application developers, with inputs from the security organization, and work with Cyber Security leadership to deliver on that idea
Serve as an application security thought leader, recognized in the enterprise as the clear point of escalation and subject matter expert for Application Security and associated IT Risk
Serve as an appsec cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI
Foster a culture of innovation, collaboration, and continuous improvement by developing and maintaining security policies, and testing and evaluating security tools and products

Skills

Key technologies and capabilities for this role

Application SecuritySecure CodingSecure DesignSSDLCCode ReviewRisk AssessmentsThreat ModelingStatic Code AnalysisDynamic AnalysisCybersecurity Architecture

Questions & Answers

Common questions about this position

What is the work arrangement for this role?

This is a hybrid role requiring employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor. All applicants must be able to work up to five days in the office if needed, such as for emergencies, training, or policy changes.

What salary or compensation does this position offer?

This information is not specified in the job description.

What are the key responsibilities and skills needed for the Lead Application Security Architect role?

The role involves leading application security implementations, focusing on Secure Software Development Life Cycle (SSDLC) practices like code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning. Expertise in secure coding, secure design, and serving as a thought leader in application security is essential.

What is the company culture like for this position?

The culture emphasizes collaboration, innovation, continuous improvement, and cultivating a security mindset across technology and business teams. It fosters a supportive environment within the Cybersecurity Architecture team, working alongside other cybersecurity specialists.

What makes a strong candidate for this role?

Strong candidates will have leadership experience in application security, deep knowledge of SSDLC practices, and the ability to act as a thought leader and advisor on cyber risks. Experience shaping security maturity visions and collaborating across business lines is key.