Senior Application Security Architect

Job Details

What you will do

The future is being built today, and Johnson Controls is making that future safer, greener, efficient building solutions and services. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people's lives - and the world - better.

In this career defining opportunity within the Global Product Security organization, you will drive continuous improvement initiatives aligned to our cybersecurity maturity framework and roadmap, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. You will apply your expertise in secure software development practices to ensure security and privacy by design requirements are fulfilled and that products, solutions, and services are released to market with strong cybersecurity.

How you will do it

Provide cybersecurity expertise and guidance to product development teams and business leaders throughout all phases of the software development life cycle.
Architect security and privacy by design and secure-by-default into the entire stack from design through operations in the cloud.
Drive secure SDLC activities - requirements, architectures, threat models, SAST, DAST, penetration testing
Specify and design secure operations features for platforms
Review security policies, standards, and metrics to drive improvements
Quantify residual product risk and identify appropriate security controls.
Review changes made via the DevOps pipeline and processes
Develop methodologies and processes that align product risk assessments to DevOps
Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
Assist coordination of penetration testing engagements with product teams.
Help engineers and product managers identify solutions to meet cybersecurity requirements.
Help business leaders understand security risks during resource planning.
Assist coordination and tracking of vulnerability remediation activities.
Support reporting to executive leadership on the status of product security, risks, mitigations, and trends.
Use agile project management to manage resources and track milestones and deliverables.
Identify cybersecurity features that enhance developer and customer experiences.

What we look for

Required:

Bachelor's or higher degree in engineering, cybersecurity, or related technical degree
Minimum 10 years of product or application cybersecurity experience
Expert knowledge and practical product and software security experience, including secure SDLC practices, defense-in-depth design architectures, and secure by default configurations
5 years of experience delivering results using agile methodologies and tools
3 years of experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models
2 + years experience with Cloud technologies;
Ability to build trust with stakeholders and explain complex security topics to all audiences

Preferred:

CSSLP, CISSP, CCSP, OSCP, CEH or other cybersecurity certifications
Masters degree in Cybersecurity, Computer Science, Engineering, or Information Systems
2 years of experience with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable
Demonstrated ability to lead change initiatives that intelligently manage software security
Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls
Practical experience with operating systems
Practical experience with programming and scripting languages
Practical experience security tools
Practical experience building multi-tenant platforms or service offerings

Read the full job description and apply online on the recuiter's web-site

Related Job Postings

Pensions Administrator - Lisbon

Aptia

United Kingdom - East Sussex - East Sussex - Brighton
May 15, 2024

About Aptia Aptia is a new force in the employee benefits and pensions administration services, on a mission to change the world of administration for the better. • In an underserved market, with huge potential for growth, Aptia will serve 1,100 clients in the US and UK markets and will be...

Find Jobs Hiring Now Near You!

Get Jobilize Job Search Mobile App Now