Lead Application Security Architect

Are you interested in being part of an innovative team that supports Westinghouse’s mission to provide clean energy solutions? At Westinghouse, we recognize that our employees are our most valuable asset and we seek to identify, attract and recruit the most qualified talent while recognizing and encouraging the value of diversity in the global workplace.

We are seeking a Lead Application Security Architect to join our innovative Digital & Innovation (D&I) Digital Execution department within the larger corporate structure of Westinghouse Electric Co. In this newly established role, you will lead application-related security efforts, working alongside other security leaders in DevSecOps, Operations Security, Compliance & Risk Management, and Infrastructure Security to create and implement policies and tools that protect Westinghouse's cutting-edge initiatives. You will be responsible for establishing a cybersecurity culture within a development environment, building security processes from the ground up. This role will also contribute to shaping security innovations that fit within the broader corporate strategy and influencing the overall security and compliance culture.

Responsibilities:

- Establishing a Cybersecurity Culture: Lead efforts to embed security practices and awareness into the development culture, particularly in the early stages. Drive education, training, and integration of security into development and planning processes, helping teams to understand the importance of secure coding and application development.

- Selecting & Implementing Security Tools: Identify, implement, and manage application security tools and practices, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and secure coding frameworks. Ensure these tools align with both D&I requirements and corporate security standards.

- Setting & Reviewing Policies: Lead the development, review, and refinement of application security policies for D&I, ensuring seamless integration with the overall corporate security and compliance framework.

- Influencing on Broader Security Culture: Play a key role in influencing and shaping security innovations that benefit the larger organization's security posture. Collaborate with other security leaders to ensure the D&I Cybersecurity contributes to and aligns with the overall security and compliance culture.

- Managing Risk: Oversee threat modeling and risk analysis for D&I applications, ensuring adequate protection for intellectual property and sensitive data.

- Rolling out and Monitoring Controls: Design, implement, and monitor security controls, ensuring the effectiveness of application security across D&I. Establish processes for regular control review and updates.

- Innovation & Market Leveraging: Seek out and implement security innovations that enhance Digital & Innovation's security posture and lead initiatives that keep the department at the forefront of security trends.

- Cross-Department Collaboration: Collaborate closely with the DevSecOps, Operations Security, Compliance & Risk Management, and Infrastructure Security teams to ensure alignment and cohesion in security strategies and tools.

- Leadership & Mentoring: Lead and mentor a small team of security professionals, fostering a collaborative and innovative culture. Ensure the team is equipped with the skills and tools necessary to meet D&I security goals.

- Driving Continuous Improvement: Develop processes for assessing and improving security measures over time. Drive initiatives to address security gaps and emerging threats.

Qualifications:

- 3+ years of experience in application security or 10+ years of software development experience including work with vulnerability remediation and secure coding practices.

- Experience with security tools, including SAST, DAST, and other secure development lifecycle tools.

- Strong written communication skills, with particular experience writing structured documents such as policies, requirements, and presentations.

- Proven ability to collaborate across multiple security disciplines and teams.

- Hands-on experience with DevSecOps practices and integrating security into CI/CD pipelines.

- Excellent communication skills, with the ability to work effectively with both technical and non-technical stakeholders.

Preferred Qualifications:

- Security certifications such as CISSP, CSSLP, or CISM, or a working knowledge of NIST’s RMF, CSF, SP800-53, and SSDF frameworks as well as OWASP’s SAMM methodologies.

- Experience leading and mentoring personnel in dynamic environments.

- Experience in a highly innovative technical environment, especially in R&D or software development.

Why Westinghouse?

Westinghouse Electric Company is the global nuclear energy industry’s first choice for safe, clean, and efficient energy solutions. We enable our delivery of this vision by living our value system:

• Safety and Quality
• Integrity and Trust
• Customer Focus and Innovation
• Speed and Passion to Win
• Teamwork and Accountability

Westinghouse offers competitive benefits to all our employees around the globe to keep them healthy and enhance their well-being.  In the U.S. the following are representative of what we offer:

• Competitive Salary
• Comprehensive Health, Wellness and Income Protection Benefits
• 401(k) Savings Plan with Company Match
• Paid Vacations and Holidays
• Opportunities for Flexible Work Arrangements
• Educational Reimbursement Program
• Employee Referral Program

While our Global Headquarters are located in Cranberry Township, PA, we have over 9,000 employees working at locations in 19 different countries. You can learn more by visiting http://www.westinghousenuclear.com.

Equal Opportunity Employer of Minorities/Females/Vets/Disability

Get connected with Westinghouse on social media:
Twitter | Facebook | LinkedIn| YouTube