We Light the Way!
Acuity Brands (NYSE: AYI) is transforming the lighting industry. We take pride in our 13,000 employees, and they take pride in working with the best in the industry. Join a team committed to lighting the way to a more brilliant, connected, and productive world. Individually we are talented, but together we are unstoppable.About this Team
Acuity Technology Group is the North American market leader and one of the world's leading providers of innovative lighting systems. Our LED lights are computing, sensing, network connected platforms, and everywhere there are people. We are perfectly positioned to transform the world of IoT and have plenty of awesome projects to work on! We are driving the industry's transformation to smart lighting; redefining how people live, work, play and interact with others.
We're seeking a talented and enthusiastic Application Security Engineer who will work with the development teams to ensure security is embedded in the overall Software Development Life Cycle (SDLC) process and technology risk are addressed at each phase. You will serve as highest level technical architecture expert for software development / infrastructure teams at the program level and are expected to have extensive experience developing secure designs and architecture documents that the engineering teams can follow. You will research and evaluate vulnerabilities, attack vectors, and associated risks to determine the impact to our application systems. You will also assess and recommend technologies related to cyber-security detection and/or prevention and assist in the definition of standard work for systems software development with an emphasis on security.How you will contribute:
How you will contribute:
- Develop and implement the application security program in-line with industry best practices and compliance across all of Acuity Brands engineering teams.
- Perform application and source-code reviews, threat modeling and penetration tests to build application visibility
- Proactively identify and mitigate against application security risks or incidents
- Provide guidance and oversight into secure application coding practices conducted by other teams by acting as a mentor to software developers
- Provide security training to internal engineering, DevOps and infrastructure teams.
- Raise awareness of application security requirements through development and review of application security standards, policies and secure SDLC processes
- Participate in the architecture of mobile and web applications including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security and appropriate technology use.
- Monitor and manage the web and mobile application infrastructure to detect anomalies and security incidents
Qualified Applicants will have:
- Evaluate, recommend and deploy tools and products to enhance the cyber-security detection and/or prevention of evolving threats.
- Research and evaluate vulnerabilities, attack vectors, and associated risks to our systems, applications and technology.
- Continuous learning and researching in security related trends and best practices.
- Guide vendor security activities to ensure 3rd party software and development meets security standards
- Attend security technology conferences and events.
- Bachelor's Degree in Computer Science (CS) or equivalent
- 8+ years of experience in the security domain with working knowledge of Software Development and required knowledge of application testing
- Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.
- Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)
- Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
- Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
- Experience with Cloud Service Providers (Azure and/or AWS)
- Security certifications, such as CISSP, CEH, OSCP, CISA, are desirable
- Communication skills to create documentation, videos and conduct training classes
You are proactive, passionate and optimistic.
Travel Requirements What's in it for you?
- You are Innovative. You challenge assumptions.
- You encourage those around you to create their best work.
- You work for the best interest of the group at all times.
- You have unwavering personal integrity and work ethic.
- You graciously give and receive feedback
- You buy into the scrum methodology, and demand a project oriented, collaborative, and very positive environment .
- The chance to work on meaningful projects aspiring to improving people's lives
- Great equipment including 4k monitors MacBooks or Surface Books / Surface Pros
- Casual dress code
- Creative and collaborative environment
- Company sponsored sports leagues and wellness program
- Free coffee/tea and healthy snacks
- Health, Dental, Vision, Life, AD&D, 401K, HSA Accounts, Stock Purchase Plans and more!
#dicepostWe invite you to apply today to join us as We Light the Way to a Brilliant, Productive, and Connected World!
Equal Opportunity Employer/Minorities/Women/Veterans/Disabled/Sexual Orientation/Gender Identity
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact (770) 922-9000.
Any unsolicited resumes sent to Acuity Brands from a third party, such as an Agency recruiter, including unsolicited resumes sent to an Acuity Brands mailing address, fax machine or email address, directly to Acuity Brands employees, or to Acuity Brands resume database will be considered Acuity Brands property. Acuity Brands will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.
Acuity Brands will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor, but does not have the appropriate approvals to be engaged on a search.