AppSec and Integrations Team Lead

Southern Company • Atlanta, GA • 7h ago

Cybersecurity

AppSec and Integrations Team Lead

Job Description

Position Summary:

The Cybersecurity organization is seeking an AppSec and Integrations Team Lead to drive the advancement and maturity of the AppSec program and to propel development/automation capabilities.

The successful candidate will have responsibility for maintaining and advising the direction of AppSec initiatives as well as the software development lifecycle of various tools used for security services, consulting and validation tasks. Primarily, this role will focus on secure application development, API security, coordination with business partner development teams, risk and vulnerability mitigation, as well as integration with various security tools and platforms.

Qualified candidates need to be able to interact with software and security vendors, align strategy and execution to increase application security maturity, anticipate future requirements for complex environments, keep up with current security trends, be focused on results, and be a self-starter.

This role will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s applications, services, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network.

Southern Company is headquartered in Atlanta and we bring energy to homes and businesses across the country. We’ve made our name as a leading producer of clean, safe, reliable and affordable energy, and we approach each day as a vital step in building the future of energy. We’re always looking ahead, and our innovations in the industry – from new nuclear to deployment of electric transportation and renewables – help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.

Defend. Protect. Enable.

Job Responsibilities:

Provide leadership and work direction to application security analysts.
Oversee maintenance, integration, lifecycle, and future planning for application security products such as static and dynamic code analysis tools.
Coordinate and partner with development teams to integrate security into the software development lifecycle.
Lead efforts in secure development practices, code vulnerability mitigation efforts, and resilient application development.
Manage and implement API security measures and protocols.
Conduct dynamic analysis and static code scanning to identify and mitigate vulnerabilities.
Continuously look for and act on process improvement or automation opportunities.
Develop and enforce security policies, standards, and guidelines for application security.
Stay ahead of current security trends and evolving threats to ensure robust application security.
Engage with service vendors and partners to enhance security capabilities.
Collaborate with other cybersecurity teams to ensure comprehensive security coverage.
Contribute to the company’s Architecture Review Board to aide in long-term improvement of secure code standards.

Requirements and qualifications:

Required:

Excellent abilities to lead a team of people, clearly communicate tasks, and expectations.
Strong capabilities in application development across multiple languages.
Extensive experience in application security and secure software development practices.
Strong knowledge of API security and related technologies.
Proficiency in dynamic and static code analysis tools.
Ability to effectively communicate and collaborate with development teams.
Experience in developing and implementing security policies and guidelines.
Up-to-date knowledge of the latest security threats and trends.
Self-starter with a focus on results and continuous improvement.

Desired:

Experience managing Windows Servers and applications either as a primary or secondary job function.
A solid understanding of IAM related protocols and standards such as:SAML, OAuth/OIDC, WS-Fed, SCIM, FIDO, RADIUS, LDAPS, Kerberos.
Strong verbal communication, and presentation skills.
Competency in APIs (Rest, Graph) and/or JavaScript/Python/JSON/SQL.
Experience prioritizing and executing with minimal direction or oversight.
Industry certifications such as: CISSP, CCSP, CISA, GIAC, OSCP, CRISC, CCNP, etc.
Experience with information security frameworks such as: COBIT, NIST, OWASP, etc.
Familiarity with nation state, sophisticated criminal, and supply chain threats.

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and beneﬁts will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 13002

Job Category: Cybersecurity

Job Schedule: Full time

Company: Southern Company Services