We Light the Way!
Acuity Brands, Inc. (NYSE: AYI) is a market-leading industrial technology company. We use technology to solve problems in spaces and light. Through our two business segments, Acuity Brands Lighting and Lighting Controls ("ABL") and the Intelligent Spaces Group ("ISG"), we design, manufacture, and bring to market products and services that make the world more brilliant, productive, and connected. We achieve growth through the development of innovative new products and services, including lighting, lighting controls, building management systems, and location-aware applications.
We're seeking a talented and enthusiastic Software Engineer Senior who will work with other development teams to embed security in the overall Software Development Life Cycle (SDLC) process and address technology risk at each phase. You will serve as the technical architecture expert for software development/infrastructure teams at the program level; you are expected to have experience developing secure designs and architecture documents that the engineering teams can follow. You will be assessing the application posture by using commercial and open-sourced tools; and will also be creating the tooling that enables the Security Team to be efficient. You will work with business teams to review and recommend remediations for security findings from Static Analysis Security Testing (SAST) tooling. You will research and evaluate vulnerabilities, attack vectors, and associated risks to determine the impact on our application systems. You will also assess and recommend technologies related to cyber-security detection and prevention and assist in defining standard work for systems software development with an emphasis on security.
Key Tasks & Responsibilities (Essential Functions)
Perform application and source-code reviews, threat modeling, and penetration tests to build application visibility.
Review findings from SAST, DAST, SCA, and other security tooling.
Develop and maintain the tooling that enables the security team to engage effectively and automate processes.
Proactively identify and mitigate application security risks or incidents.
Provide guidance and oversight into secure application coding practices conducted by other teams by acting as a mentor to software developers.
Provide security training to internal engineering, DevOps, and infrastructure teams.
Develop and implement the application security program in-line with industry best practices and compliance across Acuity Brands engineering teams.
Raise awareness of application security requirements by developing and reviewing security standards, policies, and secure SDLC processes.
Participate in the architecture of mobile and web applications, including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security, and appropriate technology use.
Monitor and manage the web and mobile application infrastructure to detect anomalies and security incidents.
Engage in continuous learning and researching security-related trends and best practices.
Education (minimum education required)
Bachelor of Science in Computer Science
Experience (minimum experience required)
5+ years of experience in the software development and security domain
Knowledge needed of application testing and vulnerability assessment
Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.
Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)
Application development and security experience with high-level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins, or similar
Experience with Cloud Service Providers (Azure, AWS, GCS)
Security certifications, such as CISSP, CEH, OSCP, and CISA, are desirable
Communication skills to create documentation and videos and conduct training classes
You are proactive, passionate, and optimistic.
You are Innovative. You challenge assumptions.
You encourage those around you to create their best work.
You work for the best interest of the group at all times.
You have unwavering personal integrity and work ethic.
You graciously give and receive feedback.
You buy into the scrum methodology and demand a project-oriented, collaborative, and positive environment.
We invite you to apply today to join us as We Light the Way to a Brilliant, Productive, and Connected World!
We value diversity and are an equal opportunity employer. All qualified applicants will be considered for employment without regards to race, color, age, gender, sexual orientation, gender identity and expression, ethnicity or national origin, disability, pregnancy, religion, covered veteran status, protected genetic information, or any other characteristic protected by law.
Please click here (~~~) and here (~~~) for more information.
Accommodation for Applicants with Disabilities: As an equal opportunity employer, Acuity Brands is committed to providing reasonable accommodations in its application process for qualified individuals with disabilities and disabled veterans. If you have difficulty using our online system due to a disability and need an accommodation, you may contact us at ~~~. Please clearly indicate what type of accommodation you are requesting and for what requisition.
Any unsolicited resumes sent to Acuity Brands from a third party, such as an Agency recruiter, including unsolicited resumes sent to an Acuity Brands mailing address, fax machine or email address, directly to Acuity Brands employees, or to Acuity Brands resume database will be considered Acuity Brands property. Acuity Brands will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.
Acuity Brands will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor, but does not have the appropriate approvals to be engaged on a search.
E-Verify Participation Poster (~~~)