Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. We are seeking a Manager who will not only manage a team of talented individuals but will also be act as a Product Security Architect who conducts security assessments on both Consumer and Business products You will help to create, define, and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the VZ Connect group.
Lead and grow a team of high performing individuals who partner across multiple teams to define, implement and improve Secure-SDLC standards, policies & processes.
Define and continually update security requirements to align with emerging architectures, technologies, regulatory and threat landscape.
Define security standards (architecture, design, coding, cryptographic solutions, third-party components) for adoption by product development teams across the organization.
Work with the product teams to perform security design/code reviews and vulnerability assessment.
Provide security guidance to Engineering and Product teams.
Build threat models and conduct risk assessments for new features and services.
Create application threat models and provide guidance on effective countermeasures.
Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology.
Provide subject matter expertise on encryption, security controls, and secure design and programming practices across the Technology organization.
Help create product security inventory and product security lifecycle to align with standards.
Train and mentor New Hires, Product Security Architects and or Security Champions throughout the development.
Share thought leadership in the product and application security space.
Create security user stories and security test cases for products that are tailored to the product attributes and technology.
What we’re looking for...
You'll need to have:
Bachelor's degree in a relevant field (Computer Science, Software Engineer, Security, or others) or relevant work experience.
Experience performing security requirements analyses to secure the deployment of large globally distributed platforms, building threat models, do design reviews and document relevant mitigation techniques, implementing security best practices, applying applications security design patterns.
Experience with any combination of at least three of the following: Cloud Security, Application Security, Mobile Security, Secure Development methodologies, Software Development and Coding.
Even better if you have:
Good understanding of Cloud Services, like AWS, Azure or GCP, Docker, Kubernetes and CI/CD pipeline.
Understanding of Docker, Kubernetes and CI/CD pipeline.
Experience with various application security tools including SAST, SCA, DAST, IAST, RASP, Penetration testing, Fuzzing etc.
Understanding of OWASP Top 10, CIS Top 20.
Domain knowledge of common information security management frameworks and regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, Sarbanes-Oxley, etc.
Knowledge of application security vulnerabilities, secure coding, and countermeasures.
Written and verbal skills for communicating security concepts and solutions.
Ability to prioritize between and execute on multiple work streams.
Experience with application programming and the overall software development life cycle.
Excellent organizational and interpersonal skills.
One of more of the following certifications: CISSP, CISM, SANS, CCSK.