Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance. All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change.
Role and Scope of Position:
As the Application Security Architect, and part of the Cybersecurity Architecture team at Eversource, you will work alongside other cybersecurity specialists within the Cybersecurity, Network, and Compliance organization. You'll have the opportunity to apply your knowledge across multiple projects and collaborate across multiple business lines and technical domains.
You will aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity.
The Application Security Architect will interact with the technology and business colleagues associated with projects. They will deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
One of your primary tasks will be to get deeply involved in security issues around secure coding and secure design. You will assist others in resolving security issues by offering alternative coding solutions and other means. You will also work with project teams to incorporate security into the design architecture.
The Application Security Architect will continuously raise the security bar by promoting a security mindset and educating application developers regarding Eversource security practices. They will cultivate a security culture as you interact with the developers, project teams, and business areas.
Essential Functions: - Assess the current design and codebase to identify areas in need of improvement. Work with members of project teams to resolve security issues.
- Must work seamlessly with the Eversource developers to ensure the successful adoption of required security approaches and capabilities.
- Conduct threat modeling for new and existing applications. Perform security testing such as static code analysis, pentesting, and dynamic application security testing.
- Apply a cybersecurity background to perform code analysis when resolving false positives and provide remediation recommendations.
- Establish application security requirements based on company standards and industry best practices.
- Develop and maintain infrastructure as code security policies.
- Test and evaluate security tools, and products.
Technical Knowledge/Skill/Education/Licenses/Certifications:Education:
- Bachelor's degree in Information Systems or a related technical field or equivalent experience
Experience:
- 5+ years applied experience in application security or related position.
- Must have a background performing cybersecurity code analysis. This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and providing remediation recommendations to development teams.
- Experience with software composition analysis and tools to scan source and binary code for the purpose of identifying dependency vulnerabilities.
- Experience with implementing and using static and dynamic analysis tools. Experience performing penetration testing is preferred.
- Experience using and/or maintaining Checkmarx, Burp Suite, or Contrast preferred.
- Experience with DevSecOps. Experience with automating security operations within CICD workflows preferred.
- Experience in writing code using a major programming language is preferred. Specifically, .NET.
- Experience with cloud methodology and terminology. Experience working with cloud-based platforms and applications. Experience with Azure is preferred.
- Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness.
- Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management.
- Familiarity with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
Education:
- Bachelor's degree or equivalent in Engineering, Computer Science, Data Science or Information Technology is preferred.
Licenses &Certifications:
- Azure cloud certification(s), or similar cloud certifications preferred.
- Industry security certifications such as CISSP, CCSP, Azure certifications, HTB Certified Penetration Testing Specialist, or OSCP preferred.
Working Conditions: - Must be available to work emergency restoration assignment as required.
- Must be available to travel between MA/CT/NH as necessary.
#LI-KS1
#corpajd
Competencies:Build trusting relationships
Manage and develop people
Foster teamwork and cross-functional collaboration
Lead change
Communicate strategic vision
Create an engaged workforce
Focus on the customer
Take ownership & accountability
Compensation and Benefits: Eversource offers a competitive total rewards program. Check out our careers site for an overview of our benefits programs. Salary is commensurate with your experience. This position is eligible for a potential incentive. The annual salary range for this position is:
$137,730.00-$153,030.00
Worker Type:Regular
Number of Openings:1
Emergency Response:Responding to emergency situations to meet customers' needs is part of every employee's role. If employed, you will be given an Emergency Restoration assignment. This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.
