Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.

• Design and implement SAST solutions aligned with enterprise security architecture.
• Develop scalable and efficient security frameworks for code analysis across multiple programming languages and environments.
• Embed SAST tools into CI/CD pipelines (e.g., Jenkins, GitLab, Azure DevOps).
• Automate security testing to support agile and DevOps workflows.
• Define and enforce secure coding standards and guidelines.
• Collaborate with development, QA, and DevOps teams to promote security best practices.
• Conduct security risk assessments, code reviews, and threat modeling.
• Analyze SAST findings, prioritize vulnerabilities, and guide remediation efforts.
• Manage SAST tools such as Checkmarx, Fortify, Veracode, SonarQube, etc.
• Continuously optimize configurations to reduce false positives and improve detection accuracy.
• Develop training programs to educate developers on secure coding and vulnerability remediation.
• Lead security awareness sessions tailored to different technical audiences.
• Ensure alignment with industry standards (e.g., OWASP, NIST, ISO 27001)
• Support regulatory compliance initiatives by providing security evidence and reports

• Bachelor’s or master’s degree in computer science, Information Security, or related field.
• 10–15 years of experience in Application Security, DevSecOps, and SAST.
•  Strong hands-on expertise with SAST tools: Checkmarx, Fortify, Veracode,SonarQube, etc.
•  Proficiency in integrating security tools into CI/CD pipelines (e.g., Jenkins, GitLab,Azure DevOps).
•  Solid understanding of secure coding practices in languages like Java, .NET, Python,JavaScript, C/C++.
•  Experience with Threat Modeling, Code Reviews, and Risk Assessment methodologies.
•  Strong knowledge of DevOps practices, container security (e.g., Docker, Kubernetes),and cloud security (AWS,Azure, GCP).
•  Familiarity with security standards: OWASP Top 10, SANS CWE, NIST, ISO 27001.
•  Excellent problem-solving, communication, and leadership skills.Preferred Certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Web Application Penetration Tester (GWAPT)
• AWS/Azure Security Certifications