IT Application Security Architect; Hybrid Job Manchester New Hampshire USA,IT/Tech

Position: IT Application Security Architect (Hybrid)
Eversource will not offer immigration related sponsorship for this position e g , H 1B, O 1, J 1, TN, E 3, etc     Applicants requiring visa sponsorship to start employment with Eversource will not be considered

Eversource supports work life balance by offering hybrid schedules for certain roles Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance All applicants must be able to work up to five days in the office if needed for example: emergencies, training, or other business needs or should the policy change

Role and Scope of Position:

As the Application Security Architect, and part of the Cybersecurity Architecture team at Eversource, you will work alongside other cybersecurity specialists within the Cybersecurity, Network, and Compliance organization You'll have the opportunity to apply your knowledge across multiple projects and collaborate across multiple business lines and technical domains

You will aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity

The Application Security Architect will interact with the technology and business colleagues associated with projects They will deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle SSDLC   e g code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning

One of your primary tasks will be to get deeply involved in security issues around secure coding and secure design You will assist others in resolving security issues by offering alternative coding solutions and other means You will also work with project teams to incorporate security into the design architecture

The Application Security Architect will continuously raise the security bar by promoting a security mindset and educating application developers regarding Eversource security practices They will cultivate a security culture as you interact with the developers, project teams, and business areas

*
* Essential Functions:

*
* + Assess the current design and codebase to identify areas in need of improvement Work with members of project teams to resolve security issues
+ Must work seamlessly with the Eversource developers to ensure the successful adoption of required security approaches and capabilities
+ Conduct threat modeling for new and existing applications Perform security testing such as static code analysis, pentesting, and dynamic application security testing
+ Apply a cybersecurity background to perform code analysis when resolving false positives and provide remediation recommendations
+ Establish application security requirements based on company standards and industry best practices
+ Develop and maintain infrastructure as code security policies
+ Test and evaluate security tools, and products

** Technical Knowledge/Skill/Education/

Licenses/Certifications:

*
* _

Education:

_

+ Bachelor's degree in Information Systems or a related technical field or equivalent experience

_Experience_ :

+ 5 years applied experience in application security or related position
+ Must have a background performing cybersecurity code analysis This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and providing remediation recommendations to development teams
+

Experience with software composition analysis and tools to scan source and binary code for the purpose of identifying dependency vulnerabilities
+

Experience with implementing and using static and dynamic analysis tools Experience performing penetration testing is preferred
+ Experience using and/or maintaining Checkmarx, Burp Suite, or Contrast preferred
+

Experience with Dev Sec Ops

Experience with automating security operations within CICD workflows preferred
+ Experience in writing code using a major programming language is preferred Specifically, NET
+

Experience with cloud methodology and terminology Experience working with cloud based platforms and applications

Experience with Azure is preferred
+ Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness
+ Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr Management
+ Familiarity with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy

_

Education:

_

+ Bachelor's degree or equivalent in Engineering, Computer Science, Data Science or Information Technology is…