When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Product Security Team ensures security by design product engineering and architecture for Verizon products. In this role as a Senior Product Security Architect, you will conduct security assessments for products and solutions developed by the Verizon Consumer Group. You will collaborate with various cross functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams.

  • Evaluate security postures and provide recommendations for improvement and risk reduction for Cloud services, Mobile, Web and Embedded applications (e.g., build threat models, design reviews, document mitigation techniques, apply security design patterns, code review).
  • Manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.
  • Design and contribute to security architecture processes that enable the enterprise to implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers while ensuring the highest level of data protection.
  • Participate in deep architectural discussions to build confidence and ensure success when building new or migrating existing cloud infrastructures, applications, software, and services.
  • Support projects at various levels, from ground level up to fully evolved projects, be able to dive into existing environments or help with the security design and requirements of a new project by evaluating the end-to-end environment of different types of services (SaaS, IaaS, PaaS) and client platforms (mobile, web, embedded applications).
  • Continually evaluate new threats and attacks to identify the impact on business and help to develop and implement appropriate security controls.
  • Apply cryptographic primitives and protocols for authentication, authorization and data protection. Recommend and manage transmission protection requirements for all environments (e.g., systems, applications, containers) such as VPC peering best practices, SSL certificate management, RSA key pairs, etc.
  • Implement security modules, tools, and code snippets when needed.
  • Develop architectural documentation and best practices for infrastructure, applications, data protection and IAM security
  • Train and coach engineering teams to integrate CI/CD pipeline tools, test plans and vulnerabilities assessment tools for Cloud and other platforms.

Where you'll be working...

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What we’re looking for...

You will need to have:

  • Bachelor’s degree or four or more years of work experience.
  • Six or more years of relevant work experience.
  • Experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms.
  • Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.

Even better if you have one or more of the following:

  • Master’s degree in Computer Science or equivalent engineering experience.
  • Direct experience with implementing Security Services and tools in AWS such as GuardDuty, Macie, CloudTrail, CloudWatch, KMS, Compute (e.g., EC2, GCE).
  • Programming skills in C++/C, Swift, Java, Scala, Python or other languages and the ability to solve complex operational issues.
  • Experience with storage technologies such as: S3, Networking: VPC, IDS/IPS, WPA, firewalls, reverse proxies, Load Balancers, Security Groups/List.
  • Experience with configuration tools: AWS Config, AWS Inspector, SDK/CLI. Vulnerabilities tools: Prisma Cloud, Crowdstrike, etc.
  • Container Security experience with Docker, ECS, Kubernetes.
  • Experience with configuration languages/IaaC: JSON, CloudFormation Terraform
  • Experience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform.
  • Understanding of various types of Exploits, Threat Modeling, and Attack surfaces
  • Experience with Content Security technologies like DRM/Conditional Access
  • Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP
  • One or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.


Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

NYC candidates: Verizon requires new hires to be fully vaccinated against COVID-19 for onsite and hybrid NYC roles. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons). Additional information will be provided during the hiring process.