Lennox (NYSE: LII) is an industry leader in energy-efficient climate-control solutions founded over a century ago on the principles of integrity and innovation. Dedicated to sustainability and creating comfortable, healthier environments for our residential and commercial customers while reducing their carbon footprint, we lead the field in innovation with our cooling, heating, indoor air quality, and refrigeration systems.

Experience in Continuous Integration and Continuous Delivery (CI/CD) · SAST · SCA · DAST · Azure DevOps · Git · Jenkins · Kubernetes · Docker · DevSecOps · Threat Modelling

• Evaluate and analyze threat, vulnerability, impact, and risk of security issues discovered from various DevSecOps tools such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST) and Container Security platform.

• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle including threat modeling and developer IDE security features.

• Partner with architects to define security principles in architecture, infrastructure, and code. • Advise and collaborate with DevOps teams, developers, application, and project teams on the security issues, including explanation of the technical details and how they can remediate the vulnerabilities in their applications.

• Develop and design DevSecOps metrics, policies, processes, and procedures.

• Provide training to developers and other stakeholders on the usage of the tools.

• Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipelines.

• Ability to manage the small team & ensure project delivery from both technical and strategic perspective.

• Conduct POCs and work with vendors for DevSecOps tools to achieve security automation and efficiency.

• Effectively communicate and manage expectations of various stakeholders.

• Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.

• Investigates, analyzes and resolves day-to-day technical problems using standard procedures.

Technical
• Build, maintain, and utilize security tools for the Application Security program like SCA, DAST, SAST, API, Mobile and other DevSecOps
• Collaborate with development teams to ensure secure coding best practices are followed
• Perform security and risk assessments for consumer-facing web,mobile, native, or applications
• Identify and define mobile application security requirements and security baselines
• Actively and continuously share role-specific knowledge with team members and DEv teams

Bachelor’s degree in IT, Computer Science, or Information Security preferred.
• Minimum 5+ years' experience performing manual code review and analysis
• Experience working in an agile development environment.
• Experience with automation and orchestration tools such as Ansible, Terraform, and CI/CD pipelines.
• Added Advantage: Full-Stack Development · DevOps · Microservices · CI/CD · Amazon Web Services (AWS)
• Certification (Preferable): SANS, ISC2 CSSLP, GIAC (GMOB, GWEB, GCSA), or other Security Certifications