Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

Verizon Communications Inc

Verizon Communications Inc

https://mycareer.verizon.com/

Senior Product Security Architect

Law Enforcement and Security

Diplomatic Security

No

Cary, North Carolina, United States

When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Senior Product Security Architect, you will work to conduct security assessments on both Consumer and Business products and solutions. You will help to create, define, and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.
You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group.

  • Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible.
  • Work with the product development teams to perform security design/code reviews and vulnerability assessment.
  • Provide security guidance to Engineering and Product teams.
  • Build threat models and conduct risk assessments for new features and services.
  • Create application threat models and provide guidance on effective countermeasures.
  • Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology.
  • Provide subject matter expertise on encryption, security controls, and secure design and programming practices across the Technology organization.
  • Contribute to security policy, standards, and guidelines related to Information Security.
  • Evaluate and operationalize new technologies for securing the organization.
  • Train and mentor Security Champions throughout the development.
  • Share thought leadership in the product and application security space.
  • Create security user stories and security test cases for products that are tailored to the product attributes and technology.
  • Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance.
  • Experience with secure SDLC, governance and compliance for PCI, FedRAMP and NIST.

What we’re looking for...

You'll need to have:

  • Bachelor’s degree or four or more years of work experience.
  • Six or more years of relevant work experience.
  • Experience with one of the following security disciplines:
    • Application Security: Experience with building security for Web Clients and Services with a focus on security aspects of application and operating system platforms.
    • Cloud Security: Experience with AWS services such as EC2, S3, Lambda, ELB, VPC, CloudFormation, Security Groups, and AWS Organizations, Applying security for Cloud Architecture with various orchestration (Mesos, Docker Swarm, K8).

Even better if you have one or more of the following:

  • Experience with security requirements analyses, building threat models, performing security design reviews, applying zero trust principles.
  • Knowledge of application security vulnerabilities, secure coding, attack surfaces and countermeasures.
  • Knowledge of S-SDLC, best practices for secure coding, understanding of OWASP Top 10, CIS Top 20
  • Understanding of Docker, Kubernetes, container security best practices.
  • Experience with Threat Management and Monitoring tools (like CrowdSrike, GuardDuty, Tenable, CloudTrail, Cloudwatch) and container security tools.
  • Experience with building security and hardening Cloud Containers, Cloud OS, on-premise/cloud storage, like Cassandra, MongoDB, Data Warehouse and Object-Based storage.
  • Hands on experience on security testing like SAST, DAST, SCA and Pen testing
  • Understanding of authentication protocols like OID, OAuth2.0, SAML
  • Hands-on experience in securing software development projects using iOS/Android platforms
  • Experience with Content Streaming Services Security like DRM, CA (Widevine, Playready, FairPlay)
  • Experience with application programming (C/C++/Java/Kotlin/Swift/JavaScript or any other languages) and the overall software development life cycle.
  • Written and verbal skills for communicating security concepts and solutions.
  • Ability to prioritize between and execute on multiple work streams.
  • Excellent organizational and interpersonal skills.
  • One of more of the following certifications: CISSP, CISM, SANS, CCSK.

22CyberAPP
22CyberNET

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

Share