IT Application Security Architect; Hybrid

Eversource will not offer immigration‑related sponsorship for this position (e.g., H‑1B, O‑1, J‑1, TN, E‑3, etc.). Applicants requiring visa sponsorship to start employment with Eversource will not be considered.

Eversource supports work‑life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance.

All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or if the policy changes.

As the Application Security Architect within the Cybersecurity Architecture team at Eversource, you will work alongside other cybersecurity specialists across the Cybersecurity, Network, and Compliance organization. You will apply your knowledge across multiple projects and collaborate across various business lines and technical domains, helping the firm remain at the forefront of industry trends, best practices, and technological advances in application cybersecurity.

The role involves delivering project‑level planning, design, and implementation of security solutions and controls related to the Secure Software Development Life Cycle (SSDLC) such as code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning. You will assist others in resolving security issues, provide alternative coding solutions, and work with project teams to incorporate security into the design architecture, fostering a security culture and promoting a security mindset among developers, project teams, and business areas.

• Assess the current design and codebase to identify areas in need of improvement and work with project teams to resolve security issues.
• Work seamlessly with Eversource developers to ensure successful adoption of required security approaches and capabilities.
• Conduct threat modeling for new and existing applications and perform security testing such as static code analysis, penetration testing, and dynamic application security testing.
• Apply a cybersecurity background to perform code analysis when resolving false positives and provide remediation recommendations.
• Establish application security requirements based on company standards and industry best practices.
• Develop and maintain infrastructure‑as‑code security policies.
• Test and evaluate security tools and products.

• Bachelor’s degree in Information Systems or a related technical field, or equivalent experience.
• (Preferred) Bachelor’s degree or equivalent in Engineering, Computer Science, Data Science or Information Technology.

• 5+ years of applied experience in application security or a related position.
• Background performing cybersecurity code analysis, including identifying and resolving false positives, explaining vulnerabilities to project teams, and providing remediation recommendations.
• Experience with software composition analysis and tools to scan source and binary code for dependency vulnerabilities.
• Experience with static and dynamic analysis tools; penetration testing experience is preferred.
• Experience using or maintaining Checkmarx, Burp Suite, or Contrast preferred.
• Experience with Dev Sec Ops  and automating security operations within CI/CD workflows preferred.
• Experience writing code in a major programming language; .NET preferred.
• Experience with cloud methodology and terminology, working with cloud‑based platforms and applications, Azure preferred.
• Exhibits exceptional ingenuity, creativity, and resourcefulness.
• Produces high‑quality oral and written work, presenting complex technical matters clearly and concisely to peers and senior management.
• Familiarity with current and proposed laws, regulations, industry standards, and ethical requirements related to information…