Overview
Senior Application Security Architect Jobs in Sunbury-on-Thames – England – UK at Johnson Controls International
Title: Senior Application Security Architect
Company: Johnson Controls International
Location: Sunbury-on-Thames – England – UK
Category: IT/Tech, Software Development
Job Details
What you will do
The future is being built today, and Johnson Controls is making that future safer, greener, efficient building solutions and services. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.
In this career defining opportunity within the Global Product Security organization, you will drivecontinuous improvementinitiatives aligned to our cybersecurity maturity framework and roadmap, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. You will apply your expertise in secure software development practices to ensure security and privacy by design requirements are fulfilled and that products, solutions, and services are released to market with strong cybersecurity.
How you will do it
Provide cybersecurity expertise and guidance to product development teams and business leaders throughout all phases of the software development life cycle.
Architect security and privacy by design and secure-by-default into the entire stack from design through operations in the cloud.
Drive secure SDLC activities — requirements, architectures, threat models, SAST, DAST, penetration testing
Specify and design secure operations features for platforms
Review security policies, standards, and metrics to drive improvements
Quantify residual product risk and identify appropriate security controls.
Review changes made via the Dev Ops pipeline and processes
Develop methodologies and processes that align product risk assessments to Dev Ops
Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
Assist coordination of penetration testing engagements with product teams.
Help engineers and product managers identify solutions to meet cybersecurity requirements.
Help business leaders understand security risks during resource planning.
Assist coordination and tracking of vulnerability remediation activities.
Support reporting to executiveleadershipon the status of product security, risks, mitigations, and trends.
Use agileproject managementto manage resources and track milestones and deliverables.
Identify cybersecurity features that enhance developer and customer experiences.
What we look for
Required:
Bachelor’s or higher degree in engineering, cybersecurity, or related technical degree
Minimum 10 years of product or application cybersecurity experience
Expert knowledge and practical product and software security experience, including secure SDLC practices, defense-in-depth design architectures, and secure by default configurations
5 years of experiencedelivering results using agile methodologies and tools
3 years of experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models
2 + years experience with Cloud technologies;
Ability to build trust with stakeholders and explain complex security topics to all audiences
Preferred:
CSSLP, CISSP, CCSP, OSCP, CEH or other cybersecurity certifications
Masters degree in Cybersecurity, Computer Science, Enginee…
