What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization ensures the confidentiality, integrity and availability of technology assets and information across all Verizon networks, systems and applications. To achieve these goals, CIS integrates cybersecurity governance, policies, technologies and operations across Verizon. The Product Security team within CIS works to embed security seamlessly into the development lifecycle of technology systems and services.

We are looking for an experienced Senior Manager to lead Security Architecture within Product Security. In this role, you will be responsible for the following primary activities:

  • Lead and grow a team of high performing individuals who define, implement and improve Secure-SDLC standards, policies & processes.
  • Drive adoption of Secure-SDLC policies and best practices by Security Mavens and Product teams, through training, certification, and automation.
  • Lead security architecture and design, and build CoE for security reference architectures, frameworks and tools.
  • Define product cloud operating model, cloud security services and controls.
  • Define and continually update security requirements to align with emerging architectures, technologies, regulatory and threat landscape.
  • Define security standards (architecture, design, coding, cryptographic solutions, third-party components) for adoption by product development teams across the organization.
  • Conduct Secure-SDLC activities including threat modeling to identify security vulnerabilities, determine risk and identify mitigations.
  • Develop and improve metrics that drive desired behavior and security outcomes.
  • Maintain a team culture of collaboration, openness and approachability while being firm on security policies, and facilitating progress with product teams.

What we’re looking for...

You’ll need to have:

  • Bachelor’s degree or four or more years of work experience.

  • Six or more years of relevant work experience.

  • Experience in Information Security and Application Development, with significant Application Security experience in production environments.

  • Experience in application architecture and development.

  • Experience managing teams of engineers, and leading managers.

Even better if you have:

  • A degree in Computer Science, Information Technology, Software Engineering, Information Security etc.

  • Security certifications: CRISC, GSEC, CISA, CISM or CISSP, or willingness to obtain within 9 months of start date.

  • Experience implementing and integrating security tools into CI/CD.

  • Experience with various application security tools including SAST, SCA, DAST, IAST, RASP, Penetration testing, Fuzzing etc.

  • Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.

  • Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.

  • Experience leading application security vulnerability remediation and mitigation activities.

  • Proficient with common web application attack vectors and related mitigation strategies

  • Possess domain knowledge of common information security management frameworks and regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, Sarbanes-Oxley, etc.

  • Ability to deal with ambiguity, make meaningful decisions and demonstrate concrete progress even with incomplete information.

  • Experience coding in Java, Python, or Go, and at least one scripting language.

  • Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.

  • Knowledge of AWS, Azure, GCP and OCI native security tools.

  • Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.

  • Experience with data architecture, modeling and integration.

  • Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.

  • Knowledge of developer tools and environments, project management and bug tracking systems.

  • Ability to secure container-centric deployments using Docker & Kubernetes.

  • Experience with process improvement, automation release management, and system development life cycles.

  • Experience with Data security and Governance.

  • Experience implementing quantitative risk methodologies.

  • Willingness to travel up to 25%.

When you join Verizon...

You’ll have the power to go beyond – doing the work that’s transforming how people, businesses and things connect with each other. Not only do we provide the fastest and most reliable network for our customers, but we were first to 5G - a quantum leap in connectivity. Our connected solutions are making communities stronger and enabling energy efficiency. Here, you’ll have the ability to make an impact and create positive change. Whether you think in code, words, pictures or numbers, join our team of the best and brightest. We offer great pay, amazing benefits and opportunity to learn and grow in every role. Together we’ll go far.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.