Senior Application Security Architect

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

The Platform Security team within the Verizon Corporate Information Security (CIS) works to embed security seamlessly into the development lifecycle of technology systems and services.

We are looking for an experienced Application Security Architect to join our Software Security Center of Excellence team.

• Work in active partnership with Center of Excellence working group leads and stakeholders to architect application security solutions using security tools and services aligned with Verizon security standards and industry best practices.
• Lead definition of secure-SDLC (system development life cycle) and product security maturity model, to adopt a shift-left approach to security.
• Develop secure design patterns for adoption across all business units and products.
• Lead projects to drive adoption and operationalize new technologies, tool and services.
• Hands on with application security assessment tools including use of static, dynamic and behavioral assessment tools.
• Integrate security tools into commercial and open source CI/CD pipeline tools.
• Identify new and emerging security tools and practices for adoption.
• Develop security controls and processes for products developed and deployed in cloud environments.
• Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements.
• Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code.
• Drive open innovation in product security best practices through industry collaboration.
• Provide application security related coaching and mentoring to elevate security expertise of development teams.

Where you’ll be working:

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What we’re looking for...

You'll need to have:

• Bachelor’s degree or four or more years of work experience.
• Six or more years of relevant work experience.
• Experience in development and application security.

Even better if you have:

• A degree.
• Security certifications: CISSP, CISM, CRISC, GSEC or willingness to obtain within 12 months of hire.
• Experience coding in Java, Python, or Go, and at least one scripting language.
• Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
• Experience securing cloud infrastructure and cloud applications.
• Knowledge of AWS, Azure, GCP and OCI native security tools.
• In-depth knowledge of application security concepts, best practices and methods.
• Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
• Experience with data architecture, modeling and integration.
• Understanding of security by design principles and architecture level security concepts.
• Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
• Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.
• Knowledge of developer tools and environments, project management and bug tracking systems.
• Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
• Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
• Ability to secure container-centric deployments using Docker & Kubernetes.
• Experience in implementing and integrating security tools into CI/CD.
• Experience with process improvement, automation release management, and system development life cycle (Waterfall and Agile).
• Experience with Data security and Governance.
• Experience implementing quantitative risk methodologies.
• Communication, presentation and analytical skills along with the ability to thrive in a dynamic environment and handle multiple priorities.

22CyberAPP

Compensation

Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefits, short term incentives, 401 (k) Savings Plan, stock incentive programs, paid time off, parental leave, adoption assistance and tuition assistance, plus other incentives,we’ve got you covered with our award-winning total rewards package. For part-timers, your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.

If you are hired into a Colorado work location, the compensation range for this position is between $142,000 and $265,000 based on a full-time schedule. The salary will vary depending on your location and confirmed job-related skills and experience. This is an incentive based position with the potential to earn more. For part-time roles, your compensation will be adjusted to reflect your hours.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

Verizon requires new hires to be fully vaccinated against COVID-19. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons).