Software Security Manager Granite Telecommunications
Quincy, MA

Job Description

Granite Background & History

Granite is one of the premier communications services provider to businesses across the United States and Canada. We provide exceptional customized service with an emphasis on reliability and outstanding customer support and our customers include over 85 of the Fortune 100. Granite has over $1.4 billion in revenue with more than 2,000 employees and is headquartered in Quincy, MA just off I-93 and directly next to the North Quincy T Station on the Red Line. Our mission is to be the leading telecommunications company wherever we offer services as well as provide an environment where the value of each individual is recognized and where each person has the opportunity to further their growth and achieve success.

Granite has been recognized by the Boston Business Journal as one of the "Healthiest Companies" in Massachusetts. Our Quincy office has an onsite dining facility and a fully equipped state of the art gym that offers daily Cross Fit, Mixed Martial Arts, and Yoga classes available to employees at zero cost.

Granite's philanthropy is unparalleled with over $200 million in donations to organizations such as Dana Farber Cancer Institute, The ALS Foundation and the Alzheimer's Association to name a few.

We have been rated a "Fastest Growing Companies" by Inc. Magazine past ten consecutive years in a row (2007-2016).

If you are a highly motivated individual who wants to grow your career with a fast paced and progressive company, Granite has countless opportunities for you.

EOE/M/F/Vets/Disabled

General Summary of Position:

This Role provides strong team leadership to talented team of software security engineers by establishing clear direction, a productive culture and measurable goals in pursuit of overall application security strategic plan. Responsibilities include Define and drive the evolution of software security architecture, Collaborate with internal stakeholders on addressing systematic security issues, Recruit and mentor a talented team of application security experts

Duties and Responsibilities:

* Provide vision and leadership to develop and execute enterprise information security architecture for the software development team.
* As the technical leader of the Software Security team, drive overall application security architecture.
* Mentor the existing team and grow the team to meet the needs of Granite Business process.
* Integrate security into Software Development Life Cycle. Provide direction and guidance to Dev, QA, BA and release teams on secure application development , testing, requirements and deployment strategies.
* Conduct security design reviews and code reviews of application features and functionality.
* Perform technical security assessments like vulnerability assessments of web applications, WCF services and databases. Provide remediation solutions when necessary.

Required Qualifications:

* Proven experience and broad knowledge of security best practices.
* Must have at least one of the following active certifications: CISA, CISM, and CISSP. Demonstrated knowledge and experience with web security and secure development practices.
* Experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing using OWASP Zap, Burp Suite or similar tools.
* Ability to build strong relationships, earning the confidence and trust of senior managers and team members.
* Ability to effectively prioritize and manage multiple projects and responsibilities.
* High level of self-motivation, though comfortable working self-sufficiently in a fast paced environment.
* Demonstrated knowledge of Identity and Access Management (1AM), Multi Factor Authentication (MFA), Encryption, Auditing and Log correlation using third party tools, frameworks and APis like Okta, OAuth, SAML, Log4Net and Log Rhythm.
* Demonstrated knowledge of PCI compliance and credit card security.

Preferred Qualifications:

* Bachelor's degree in computer science, engineering, business administration or a related field is preferred, but not required.
* Knowledge of other security methodologies/frameworks such as SOCl/2, 1$027001,
* CIS and NIST are preferred.