Hubbell - Saint Louis, MO

posted about 2 months ago

Full-time - Senior
Saint Louis, MO
Electrical Equipment, Appliance, and Component Manufacturing

About the position

The Senior Application Security Engineer will exhibit an unwavering commitment to the integration of cybersecurity into products and applications. Success in this role will be attained through skillful collaboration with product engineering and software delivery teams across various projects and languages, adhering to and augmenting Hubbell's established Secure Development Lifecycle (SDL) standards. If you have a strong foundation in Software as a Service (SaaS) and embedded security, an interest in partnering with engineering teams to identify and address application security vulnerabilities across solutions that help electric, water, and gas utilities provide safe, reliable, and efficient operations of their distribution networks, and enjoy working with a world-class security team, then this might be the job for you. In this role, you will continuously refine and promote a comprehensive Secure Development Lifecycle (SDL) process throughout the entire product lifecycle. You will advocate for the widespread adoption of this unified SDL approach, ensuring a holistic and standardized security framework. Establishing robust enterprise-wide alliances with product engineering and software delivery teams will be crucial, as will cultivating a design-for-security ethos to guarantee secure solutions for Hubbell's products, services, and tools, thereby contributing to business growth. You will assess and facilitate secure coding training initiatives and the effective use of application security tools, particularly Static Application Security Testing (SAST) and Software Composition Analysis (SCA), for engineering teams. As a security advisor for multiple products, you will lead critical activities such as security strategy reviews, security touchpoints, and final security reviews. Additionally, you will assist in the investigation, evaluation, prioritization, and remediation of security vulnerabilities, while staying abreast of new and emerging technologies and trends in product cybersecurity. Proactively identifying developmental areas and seeking expert knowledge to fortify Hubbell's risk mitigation strategies and enhance the delivery of secure solutions will be key responsibilities. Finally, you will serve as a mentor to other members of the product security team, embodying Hubbell's leadership traits.

Responsibilities

  • Continuously refine and promote a comprehensive Secure Development Lifecycle (SDL) process throughout the entire product lifecycle.
  • Advocate for the widespread adoption of a unified SDL approach, ensuring a holistic and standardized security framework.
  • Establish robust enterprise-wide alliances with product engineering and software delivery teams.
  • Cultivate a design-for-security ethos to guarantee secure solutions for Hubbell's products, services, and tools.
  • Assess and facilitate secure coding training initiatives and the effective use of application security tools, particularly SAST and SCA, for engineering teams.
  • Assume the position of a security advisor for multiple products, leading critical activities such as security strategy reviews, security touchpoints, and final security reviews.
  • Assist in the investigation, evaluation, prioritization, and remediation of security vulnerabilities.
  • Stay abreast of new and emerging technologies and trends in product cybersecurity.
  • Proactively identify developmental areas and seek expert knowledge to fortify Hubbell's risk mitigation strategies and enhance the delivery of secure solutions.
  • Serve as a mentor to other members of the product security team.

Requirements

  • Bachelor's degree in computer science or related engineering discipline, or equivalent experience.
  • 8+ years of experience in product development and security design focused on secure product delivery and testing tools.
  • 5+ years of application security and security testing experience.
  • Hands-on experience with two or more of the following: C/C++, C#.NET, ASP.Net, Java, Python, or Rust.
  • In-depth knowledge of secure coding and DevSecOps practices.
  • Experience using, configuring, and tuning application security tools, especially SAST and SCA.
  • Possess excellent written, verbal, and interpersonal communication skills, demonstrating effective communication across all levels of the organization.
  • Highly organized and able to work under tight timelines, while balancing competing demands.

Nice-to-haves

  • Advanced understanding of security approaches and architectures applicable to utility communications and distribution automation solutions for operational technology (OT).
  • Previous experience developing embedded products, web services and Service Oriented Architecture (SOA).
  • Knowledge of NIST and international security standards for secure development practices.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service