Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services. The Application Security Architect will be a critical member of the Platform Security team in CIS that supports New Business Incubation (NBI) focused on enabling the secure delivery of solutions that expand the Verizon strategic portfolio and leverage and/or complement Verizon core assets and services. New Business Incubation is a team of explorers setting out to discover, build and scale the next generation of software business that will thrive in the 5G future. With portfolio investments in aerial and terrestrial robotics, location services, digital twinning and simulation, adaptive manufacturing and Industrial IoT, the team is comprised of full stack businesses that run like startups, with 80% of the team in a technical role. We are looking for a cyber security architect that understands application full-stack, designs and implements the security controls for the NBI portfolio of Platforms and Products. The architect shall have significant working experience, knowledge and accreditation in the design, implementation and operation of security programs and controls.
Be a contributing member of a balanced team within an Agile development or DevOps environment.
Focus on security-as-code and continuous compliance practices.
Produce design of security controls for business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging.
Provide Threat modeling, Secure SDLC, coding standards, web-based and mobile application security standards and testing tools.
Conduct integration of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
Utilize technical understanding of virtualization, cloud infrastructure, and public cloud offerings and designing security configuration and controls within cloud based solutions.
Defining operational models and procedures for business solutions including the administration and maintenance of infrastructure and application security controls.
Mentor and train Product teams on security practices.
Where you'll be working...
This role will be based out of any Verizon work location as listed in the posting. In this role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
What we’re looking for...
You'll need to have:
Bachelor’s degree or four or more years of work experience.
Six or more years of relevant work experience.
Experience in development and application security.
Even better if you have one or more of the following:
Security certifications: CISSP, CISM, CRISC, GSEC or willingness to obtain within 12 months of hire.
Experience coding in Java, Python, or Go, and at least one scripting language.
Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
Experience securing cloud infrastructure and cloud applications.
Knowledge of AWS, Azure, GCP and OCI native security tools.
In-depth knowledge of application security concepts, best practices and methods
Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
Experience with data architecture, modeling and integration.
Understanding of security by design principles and architecture level security concepts.
Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.
Knowledge of developer tools and environments, project management and bug tracking systems.
Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
Ability to secure container-centric deployments using Docker & Kubernetes.
Experience in implementing and integrating security tools into CI/CD.
Experience with process improvement, automation release management, and system development life cycle (Waterfall and Agile).
Communication, presentation and analytical skills along with the ability to thrive in a dynamic environment and handle multiple priorities.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.