Lead Application Security Architect; Hybrid

Position: Lead Application Security Architect (Hybrid) Eversource will not offer immigration-related sponsorship for this position. Applicants who require immigration sponsorship—either now or in the future—should not apply. This includes, but is not limited to, direct company sponsorship, listing Eversource as the employer of record on immigration documents, or any work authorization that requires company involvement or documentation (e.g., H-1B, OPT, STEM OPT, CPT, TN, J-1, O-1, etc.). Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance. All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change. Role and Scope of Position As the Lead Application Security Architect, and as part of the Cybersecurity Architecture team at Eversource, you will lead a team that works alongside other cybersecurity specialists within the Cybersecurity, Network, and Compliance organization. You’ll have the opportunity to shape Application Security and collaborate across multiple business lines and technical domains. One of your primary tasks will be a focus on security issues involving secure coding and secure design. You will lead a team and assist others in resolving security issues by offering alternative coding solutions and other means. You will also work with project teams and business management to promote a security mindset. The Lead Application Security Architect will interact closely with the technology and business colleagues associated with projects. They will deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning). You will aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity. Essential Functions

• Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives.
• Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea.
• Serve as an application security thought leader. Be recognized in the enterprise as the clear point of escalation and subject matter expert for Application Security and associated IT Risk. Serve as an appsec cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI.
• Foster a culture of innovation, collaboration, and continuous improvement by developing and maintaining security policies, and testing and evaluating security tools and products.

Technical Knowledge/Skill/Education/Licenses/Certifications Technical Knowledge/Skill

• 5+ years of senior level Cyber Security experience required.
• Must have experience leading mid to large security initiatives and managing small teams within Security.
• Must have a background performing cybersecurity code analysis. This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and serving as an escalation point for the appsec team.
• Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas.
• Must have experience with Dev Sec Ops and Agile methodology.
• Must be able to produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging…

Apply tot his job Apply To this Job