Share this Job

Application Security IT Technology Leader

Apply now »

Date: Jul 23, 2022

Location(s): West Palm Beach, FL, US, 33407

Company: NextEra Energy

Requisition ID:  63354 

 

Our reliability is one of the best in the nation, and we’re working to make it even better. We live here too. That’s why we’re committed to making Florida a better place. Join our team today Learn more

 

Position Specific Description

The Application Security Technology Lead role is responsible for developing and managing the AppSec program for NextEra Energy and it’s subsidiaries, which will begin as program development and quickly evolve into program management. The Application Security program is critical in ensuring products developed and/or are in production are resilient to threats against the confidentiality, integrity, and availability of NextEra Energy and its interests. Program development work will consist of codifying and producing governance and policy, foundational operations cycling, and sustained operations models. Program scope is holistic through SLDC , CI/CD Pipeline, dynamic/static code testing, vulnerability scanning and discovery, code confidentiality, and application risk management for both on-premise and cloud environments. The AppSec Tech Lead will have heavy interaction with multiple teams across the organization with varying levels of technical knowledge and capability. 
 
A successful candidate will be proficient in process analysis and improvement, relationship management and development, project management, policy creation, and 
 
Responsibilities

  • Establish enterprise governance, developmental, and operational frameworks adhering to industry best practices 
  • Consolidate and strengthen current efforts  to reduce application risk and increase CIA of business critical applications and environments
  • Support security and application stakeholders with AppSec effectiveness, reporting, and advisement
  • Consistently seek opportunities and strategies to improve adoption of your team’s tools and capabilities
  • Raise accountability of DevSecOps and security-by-design concepts
  • Grow your team. Excellent opportunity to consolidate a cross-functional team to prove value and build-upon that foundation

 
Required

  • Bachelors of Science degree in Computer Science, Engineering, Computer Security, Information Systems, Mathematics, OR comparable level of professional experience (below)
  • 5 years total in application security and/or security engineering, which should include:
    • Software Engineering
      • 2 years hands-on experience as a software engineer
      • Experience with at least one programming language (python preferred, but not required)
      • Familiarity with development tools and source control including GitHub Actions and GIT based repos
    • Impact
      • 3 years delivering major security initiatives with clearly communicated business impact
      • Delivering integrated application security practices in CI/DC pipelines and DevOps environments
  • 5 years total technical experience in Application Security covering areas such as :
    • Delivered AppSec maturity incrementally in an organization 
    • AppSec vulnerability management and reporting
    • Defining and implementing AppSec policies, guidelines and standards
    • Delivering AppSec services such as threat modeling, secure code reviews, and AppSec consulting
    • Knowledge of Application Security foundations including Cryptography, TLS, Threat Models, Secure coding principles etc
    • Experience with OWASP top 10, SANS top 25 , CVE, CVSS, CWE etc
    • Integrating Application Security tooling into the SDLC. This includes tools such as SAST, SCA, IaC scanning, DAST, iAST, WAF etc. 
  • Demonstrated application of various frameworks and models such as NIST SCF, BSIMM, OpenSAMM etc
  • Ability to manage key customer relationships, ranging from developers to senior leaders
  • Ability to influence cross functional teams to accomplish Security goals
  • Excellent analytical skills and ability to learn quickly
  • You are data driven
  • Excellent written and verbal communication skills

 

Preferred

  • DevSecOps experience in shifting security left 
  • Working in Agile/Kanban  teams to deliver security software 
  • Accredited certifications: CISSP, CISM. Or ability to be certified within 6 months of hire.

Job Overview

This position establishes strategy, develops business plans, and oversees and leads in the design, development and implementation of technology solutions to meet business needs. Leaders in this role provide leadership and oversight to manage performance and results in one or more Information Technology (IT) disciplines. Individuals will be accountable for the reliability, performance, security, and continuity of IT systems and supported business processes.

Job Duties & Responsibilities

  • Provides leadership, influence, vision, and direction to the organization to contribute to achieving the company's goals
  • Works with IT leaders to develop overall IT strategy in alignment with business strategy
  • Oversees value stream by focusing on cost and risks of technology portfolio to meet business needs
  • Supports and fosters innovative technologies to deliver new ideas that enable business transformation
  • Ensures high levels of ongoing system and application performance in production environments
  • Oversees development of processes and tools to automate code releases from development to operations (DevOps)
  • Attracts, develops and retains a high-performing and diverse team
  • Establishes and drives technology roadmaps that align with current and future business needs
  • Manages third party technical and outsourcing relationships to deliver project and operational support objectives
  • Ensures technology processes are conducted in line with applicable standards and company policies
  • Performs other job-related duties as assigned

Required Qualifications

  • High School Grad / GED
  • Bachelor's or Equivalent Experience
  • Experience: 7+ years

Preferred Qualifications

  • Bachelor's Degree
  • Supervisor/Management Experience: 2+ years

 

Employee Group:  Exempt
Employee Type:  Full Time
Job Category:  Information Technology
Organization:  Florida Power & Light Company 
Relocation Provided:  Yes, if applicable

 

Where permitted by applicable law, NextEra Energy requires all employees and new hires to be fully vaccinated for COVID-19 or be willing to receive the COVID-19 vaccination on or before the first day of employment.

 

NextEra Energy is an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by law. We are committed to a diverse and inclusive workplace.

 

NextEra Energy provides reasonable accommodation in its application and selection process for qualified individuals, including accommodations related to compliance with conditional job offer requirements, consistent with federal, state, and local laws. Supporting medical or religious documentation will be required where applicable and permitted by applicable law. To request a reasonable accommodation, please send an e-mail to recruiting-coordinator.sharedmailbox@nexteraenergy.com, providing your name, telephone number and the best time for us to reach you. Alternatively, you may call 1-844-694-4748. Please do not use this line to inquire about your application status.

 

NextEra Energy will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

 

NextEra Energy does not accept any unsolicited resumes or referrals from any third-party recruiting firms or agencies. Please see our policy for more information.

#LI-WS1 


Nearest Major Market: Palm Beach
Nearest Secondary Market: Miami