Lead Application Security Architect (Hybrid)

Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance. All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change.

Please note: Authorization to work in the United States is a precondition to employment in this position. Eversource will not sponsor candidates for work visas for this position.

Role and Scope of Position:
As the Lead Application Security Architect, and as part of the Cybersecurity Architecture team at Eversource, you will lead a team that works alongside other cybersecurity specialists within the Cybersecurity, Network, and Compliance organization. You’ll have the opportunity to shape Application Security and collaborate across multiple business lines and technical domains.
One of your primary tasks will be a focus on security issues involving secure coding and secure design. You will lead a team and assist others in resolving security issues by offering alternative coding solutions and other means. You will also work with project teams and business management to promote a security mindset.
The Lead Application Security Architect will interact closely with the technology and business colleagues associated with projects. They will deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
You will aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity.

Essential Functions:

• 
  Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives.
  
• 
  Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea.
  
• 
  Serve as an application security thought leader. Be recognized in the enterprise as the clear point of escalation and subject matter expert for Application Security and associated IT Risk. Serve as an appsec cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI.
  
• 
  Foster a culture of innovation, collaboration, and continuous improvement by developing and maintaining security policies, and testing and evaluating security tools and products.
  
  
  
  
  
  

Technical Knowledge/Skill/Education/Licenses/Certifications:

Technical Knowledge/Skill: 

• 
  5 years of senior level Cyber Security experience required.
  
• 
  Must have experience leading mid to large security initiatives and managing small teams within Security.
  
• 
  Must have a background performing cybersecurity code analysis. This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and serving as an escalation point for the appsec team.
  
• 
  Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas.
  
• 
  Must have experience with DevSecOps and Agile methodology.
  
• 
  Must be able to produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management.
  
• 
  Experience with cloud methodology and terminology. Experience working with cloud-based platforms and applications. Experience with Azure is preferred.
  
• 
  Experience with implementing and using static and dynamic analysis tools. Experience using and/or maintaining Checkmarx, Burp Suite, or Contrast preferred. Experience performing or interpreting penetration testing is preferred.
  
• 
  Experience with automating security operations within CICD workflows preferred.
  
• 
  Experience in writing code using a major programming language is preferred. Specifically, .NET.
  
• 
  Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness.
  
• 
  Be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
  
  
  
  
  

Education:          

Bachelor’s Degree in Engineering, Computer Science, Data Science, Information Technology or related experience



Experience:

10 years related experience that includes 5 years of Senior level cyber security experience and:

• 
  Experience in Cross Domain Solutions 
  
• 
  Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas. 
  
• 
  Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC, CIP). 
  
• 
  Exposure to projects using an Agile methodology and DEVSECOPS environment. 
  
• 
  Experience leading mid to large security initiatives 
  
  
  
  
  

Licenses & Certifications:  

• 
  Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2. 
  
• 
  Industry security certifications such as CISSP, CCSP, Azure certifications, HTB Certified Penetration Testing Specialist, or OSCP preferred.
  
  
  
  
  
  

Working Conditions:

• 
  Must be available to work emergency restoration assignment as required.
  
• 
  Must be available to travel between MA/CT/NH as necessary.
  
  
  
  
  

#corpajd






Competencies:

Build trusting relationships

Manage and develop people

Foster teamwork and cross-functional collaboration

Lead change

Communicate strategic vision

Create an engaged workforce

Focus on the customer

Take ownership & accountability

Compensation and Benefits:

Eversource offers a competitive total rewards program. Check out our careers site for an overview of our benefits programs. Salary is commensurate with your experience. This position is eligible for a potential incentive. The annual salary range for this position is:
$156,260.00-$173,620.00

Worker Type:
Regular

Number of Openings:
1

Emergency Response:

Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment.  This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location. 

EEO Statement:

Eversource Energy is an Equal Opportunity and Affirmative Action Employer.  All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.

VEVRRA Federal Contractor