IT Application Security Architect (Hybrid)

About The Position

Requirements

• Bachelor's degree in Information Systems or a related technical field or equivalent experience
• 5+ years applied experience in application security or related position.
• Must have a background performing cybersecurity code analysis. This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and providing remediation recommendations to development teams.
• Experience with software composition analysis and tools to scan source and binary code for the purpose of identifying dependency vulnerabilities.
• Experience with implementing and using static and dynamic analysis tools. Experience performing penetration testing is preferred.
• Experience using and/or maintaining Checkmarx, Burp Suite, or Contrast preferred.
• Experience with DevSecOps. Experience with automating security operations within CICD workflows preferred.
• Experience in writing code using a major programming language is preferred. Specifically, .NET.
• Experience with cloud methodology and terminology. Experience working with cloud-based platforms and applications. Experience with Azure is preferred.
• Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness.
• Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management.
• Familiarity with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.

Nice To Haves

• Bachelor's degree or equivalent in Engineering, Computer Science, Data Science or Information Technology is preferred.
• Azure cloud certification(s), or similar cloud certifications preferred.
• Industry security certifications such as CISSP, CCSP, Azure certifications, HTB Certified Penetration Testing Specialist, or OSCP preferred.

Responsibilities

• Assess the current design and codebase to identify areas in need of improvement. Work with members of project teams to resolve security issues.
• Must work seamlessly with the Eversource developers to ensure the successful adoption of required security approaches and capabilities.
• Conduct threat modeling for new and existing applications. Perform security testing such as static code analysis, pentesting, and dynamic application security testing.
• Apply a cybersecurity background to perform code analysis when resolving false positives and provide remediation recommendations.
• Establish application security requirements based on company standards and industry best practices.
• Develop and maintain infrastructure as code security policies.
• Test and evaluate security tools, and products.