Chief Web Application Security Architect
Lehigh Valley, PA
Lutron is seeking a seasoned and passionate Chief Cloud and Web Applications Security Architect. Your success in this role requires the ability to work effectively at multiple levels ranging from “in-the-trenches” with individual engineers and architects, “white boarding” with senior managers, and participating at higher levels with senior executives and customer stakeholders. You will rally multiple stakeholders around a holistic approach to privacy and security across the organization. Your mission will be to balance the need for web applications to access Lutron’s Enterprise data to provide a world-class customer experience, while providing a secure-by-design infrastructure that protects Lutron’s global business. You are expected to consider privacy-by-design, and balance business data needs with customer expectations about data collection and usage (globally).
As a leader, you will partner with the Cloud Architects and Web Marketing Teams to understand the direction for the new innovative cloud services, web services and tools to help our customers, and take Lutron’s business to the next level.
You will form strong partnerships with the heads of Information Security and Product Security to support an agile environment to provide end to end support of Lutron’s products, services, and tools to grow our business.
You will champion secure coding practices, static testing, and use of world-class security techniques to protect our data, ensure the privacy of customer data, and continue our customer’s trust in Lutron.
You will work with senior leadership to chart Lutron’s future strategy including cloud (SaaS, IaaS, and PaaS) platforms, API publication, portals services, and overall web presence. You will coordinate and drive the evaluation, conceptualization, design, and integration of major new capabilities, programs, and policies across the organization. The creation and implementation of security processes throughout the software development and review lifecycle will be imperative.
You will proactively search out, take on, and efficiently drive resolution of the toughest technical challenges the business faces. You will conduct research and case studies on leading edge security architectures and technologies, partner with leading industry and academic consultants on Lutron’s future security direction.
Additional responsibilities include:
- Set the cloud and web application security strategy, policies, measurement and programs across the entire Lutron portfolio.
- Own the cloud and web application security strategic planning and execution. These initiatives and programs will feed directly into Lutron's enterprise-wide strategic security plan.
- Forward look at trends in Security and Privacy that affect Lutron's business, portfolio and/or customers. Create and implement the proactive, appropriate response and changes.
- Partner with the Directors of IT Security and Product Security to effectively leverage Lutron's resources across all Engineering, Product, and IT functions.
- Spearhead strategic/Continuous Improvement projects:
- Create and implement secure coding and training practices across the global enterprise
- Drive a culture and process around automated unit and software testing
- Methodology, program and staffing for security alerts for all product software including OS, open source modules, etc.
- Develop a mature, rapid patch response for high CVSS security flaws
- Secure coding training being completed
- SYSPR – System Security and Privacy Reviews are properly held – action items completed
- Documentation of security reviews project by project
- Security improvement commitments made at "Can Ship" follow-through
- Security improvements follow through in subsequent software releases.
- Commitments made at "Can Ship" and proper balance of feature releases between features and improving security
- Audit database of software revisions used in products is current
Additional skills include:
- 10+ years of experience in software and security for Cloud and Web Applications and interfacing to Corporate Enterprise Systems.
- Conversant in OWASP Top 10 Vulnerabilities; SANS top 25, CVE, GDPR and CASB
- Experienced in how to train developers in secure programming, catching vulnerabilities, and how to fix them correctly
- Experience and demonstrated ability to lead cross-functional teams
- Mentor and coach software engineers to prepare detailed software/security plans, test plans, and proper reviews to create secure systems.
- The ability to manage and expand relationships and have the range to operate at strategic and tactical levels
- Ability to coach/develop engineers to write attack models, weigh risk to reputation vs. cost and time to implement and develop test tools to continuously test code builds for security vulnerabilities.
- Adapt, change, or modify software and application development activities to respond to new threats with demonstrated techniques for evaluating security threats and determining the impact to commercial and developed applications.
- Demonstrated ability to assess and weigh risk to set priorities.
- Drive continuous improvement in security, and champion changes to the organization.
Lutron Electronics’ position as the leading manufacturer of lighting controls worldwide, our unsurpassed quality, the breadth and depth of our product offerings, and our commitment to servicing our worldwide customers have resulted in double digit growth annually. This growth has in turn allowed the company to continue to invest in recruiting and retaining the best people we can find to service our customers. Continuous growth has also fueled our ability to constantly develop new technologies and new manufacturing processes that in turn drive the creation of new or better products and services.
Lutron offers a competitive compensation and benefits package and a dynamic and professional work environment. For more information, view our website at www.lutron.com. EOE/AA