Acuity Technology Group is the North American market leader and one of the world's leading providers of innovative lighting systems. Our LED lights are computing, sensing, network connected platforms, and everywhere there are people. We are perfectly positioned to transform the world of IoT and have plenty of awesome projects to work on! We are driving the industry's transformation to smart lighting; redefining how people live, work, play and interact with others.
ABOUT THE ROLE
We're seeking a talented and enthusiastic Application Security Engineer who will work with the development teams to ensure security is embedded in the overall Software Development Life Cycle (SDLC) process and technology risk are addressed at each phase. You will serve as highest level technical architecture expert for software development / infrastructure teams at the program level and are expected to have extensive experience developing secure designs and architecture documents that the engineering teams can follow. You will research and evaluate vulnerabilities, attack vectors, and associated risks to determine the impact to our application systems. You will also assess and recommend technologies related to cyber-security detection and/or prevention and assist in the definition of standard work for systems software development with an emphasis on security.
WHAT YOU WILL DO
Develop and implement the application security program in-line with industry best practices and compliance across all of Acuity Brands engineering teams.
Perform application and source-code reviews, threat modeling and penetration tests to build application visibility
Proactively identify and mitigate against application security risks or incidents
Provide guidance and oversight into secure application coding practices conducted by other teams by acting as a mentor to software developers
Provide security training to internal engineering, DevOps and infrastructure teams.
Raise awareness of application security requirements through development and review of application security standards, policies and secure SDLC processes
Participate in the architecture of mobile and web applications including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security and appropriate technology use.
Monitor and manage the web and mobile application infrastructure to detect anomalies and security incidents
Research and evaluate vulnerabilities, attack vectors, and associated risks to our systems, applications and technology.
Evaluate, recommend and deploy tools and products to enhance the cyber-security detection and/or prevention of evolving threats.
Continuous learning and researching in security related trends and best practices.
Guide vendor security activities to ensure 3rd?party software and development meets security standards
Attend security technology conferences and events.
You are proactive, passionate and optimistic.
You are Innovative. You challenge assumptions.
You encourage those around you to create their best work.
You work for the best interest of the group at all times.
You have unwavering personal integrity and work ethic.
You graciously give and receive feedback
You buy into the scrum methodology, and demand a project oriented, collaborative, and very positive environment. REQUIRED SKILLS
Bachelor's Degree in Computer Science (CS) or equivalent
8+ years of experience in the security domain with working knowledge of Software Development and required knowledge of application testing
Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.
Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)
Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
Experience with Cloud Service Providers (Azure and/or AWS)
Security certifications, such as CISSP, CEH, OSCP, CISA, are desirable
Communication skills to create documentation, videos and conduct training classes
Internal Number: 1087
About Acuity Brands
Acuity Brands, Inc. (NYSE: AYI) is the North American market leader and one of the world’s leading providers of lighting and building management solutions for commercial, institutional, industrial, infrastructure, and residential applications throughout North America and select international markets. With fiscal year 2018 net sales of $3.7 billion, Acuity Brands currently employs over 12,000 associates and is headquartered in Atlanta, Georgia with operations throughout North America, and in Europe and Asia.
The Company’s lighting and building management solutions vary from individual devices to intelligent network systems. Individual devices include luminaires, lighting controls, lighting components, controllers for various building systems (including HVAC, lighting, shades and access control), power supplies, and prismatic skylights. Among other benefits, intelligent network systems can optimize energy efficiency and comfort as well as enhance the occupant experience for various indoor and outdoor applications, all the while reducing operating costs. Additionally, the Company continues to expand its solutions portfolio, including software and services, to provide a host of othe...r economic benefits resulting from data analytics that enables the “Internet of Things” ("IoT") and supports the advancement of smart buildings, smart cities, and the smart grid.
Our century of tradition, our current financial strength and our commitment to a sustainable future, provides us with an opportunity to grow, innovate and further capture the rapidly growing market opportunities before us.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.