Lead Application Security Architect (Hybrid)
Eversource Energy
Lead Application Security Architect (Hybrid)
07/24/2024 Locations Berlin-CT; Westwood-MALead Application Security Architect (Hybrid)
This is a hybrid role. The first three months are fulltime in the office.
Our Team
Manage the activities of a team of Application Security specialists across multiple projects and collaborate across multiple business lines and technical domains in the architecture function to execute critical initiatives of the function. Expertise is applied cross-functionally to drive the ideation, adoption, and implementation of technical methods within various teams and aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity. Must work seamlessly with the Eversource developers to ensure the successful adoption of required security approaches and capabilities.
Essential Functions:
- Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea. This vision must enable business outcomes and continuously raise the security bar and not one or the other.
- Serve as an application security thought leader. Learn from your many projects and cybersecurity teams and share best practices in both directions. Be recognized in the enterprise as the clear point of escalation and subject matter expert for Application Security and associated IT Risk. Serve as a cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI.
- Act with urgency managing emerging issues. Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause/key themes.
- Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications.
- Leads Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives.
- Fosters a culture of innovation, collaboration, and continuous improvement within the Application Security team.
- Acts as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cyber security objectives.
Technical Knowledge/Skill/Education/Licenses/Certifications:
Technical Knowledge/Skill:
- Has experience with and is fluent in expressing security concerns within the following languages: VB .Net, Python, YAML, Terraform
- Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness.
- Applies extensive organizational and/or project management expertise and has full knowledge of other related disciplines.
- May be viewed as expert within a given field.
- Formal training or certification on software engineering concepts and 5+ years applied experience.
- Experience running teams of architects that design cybersecurity solutions operations on cloud-based platforms and applications.
- Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to:
- Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
- Modern Security Engineering/Architecture practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration, OWASP Top 10)
- Solution Development & Delivery
- Hands-on practical experience in cybersecurity architecture that can be applied and repeated across businesses, functions, and systems. Experience reviewing and securing cybersecurity products and solutions for public cloud-based applications and infrastructure, external-facing web-based solutions, and mobile.
- Experience growing and leading large, cross-functional teams of technologists.
- Subject matter expertise in multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security, etc.)
- Demonstrated prior experience influencing across highly matrixed, complex organizations and delivering value at scale.
- Experience leading complex projects and supporting system design, testing, and operational stability.
- Experience hiring, developing, and recognizing talent.
Education:
Bachelor’s Degree in Engineering, Computer Science, Data Science, Information Technology or related experience
Experience:
10 years related experience that includes 5 years of Senior level cyber security experience and:
- Experience in Cross Domain Solutions
- Familiarity with Zero-Trust Architecture
- Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas.
- Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC, CIP).
- Exposure to projects using an Agile methodology and DEVSECOPS environment.
- Experience leading mid to large security initiatives and managing small teams.
- Should have experience scripting and coding.
Licenses & Certifications:
- Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2.
- Systems Security Certified Practitioner (SSCP) certification
- Certified Information Systems Security Professional (CISSP)
Working Conditions:
- Must be available to work emergency restoration assignment as required.
- Must be available to travel between MA/CT/NH as necessary.
Mental Aspects:
Leadership Behaviors/Competencies:
Set and Communicate Direction and Priorities
- Communicate priorities and goals (company, department, team)
- Show how employee’s work fits in
- Provide business updates, news
- Communicate, communicate, communicate
Build Trusting Relationships
- Role model honesty/integrity in communication and action
- Balance “getting results” with concern for individual needs
- Have honest dialogue with employees; get to know them
Manage and Develop People
- Set realistic performance objectives and expectations
- Give ongoing, honest feedback; coach for success
- Recognize good performance
- Visit crews in the field
- Remove obstacles to day-to-day performance
- Provide tools, information, training
Foster Teamwork and Cross-functional Collaboration
- Encourage cooperation/remove obstacles between work groups/departments
- Encourage collaboration/peers helping peers
Create a Diverse, Inclusive Workforce
- Ask for employee input on work process/practice improvements and before implementing change that will affect them
- Encourage ideas
Lead Change
- Deliver effective, positive communications about change to your team
- Exhibit a “can-do” attitude to successfully implement changes in priorities and work processes
- Respond positively to new demands or circumstances
Focus on the Customer
- Ensure that everyone on the team understands our customer promise and provides superior customer service
- Be a role model for the team on delivering superior customer service
Compensation and Benefits
Eversource offers a competitive total rewards program. The annual salary range for this position is $151,700 to $168,560.00, plus incentive. Salary is commensurate with your experience. Check out the career site for an overview of our benefits.
Worker Type:
RegularNumber of Openings:
1EEO Statement
Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.
VEVRRA Federal Contractor
Emergency Response:
Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment. This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.