Product Security Architect

at  Acuity Brands

We use technology to solve problems in spaces, light, and more things to come for our customers, our communities, and our planet.
Acuity Brands, Inc. (NYSE: AYI) is a market-leading industrial technology company. We use technology to solve problems in spaces, light, and more things to come. Through our two business segments, Acuity Brands Lighting and Lighting Controls (ABL) and the Intelligent Spaces Group (ISG), we design, manufacture, and bring to market products and services that make a valuable difference in people’s lives.
We are positioned at the intersection of sustainability and technology. Our businesses develop technology that helps save our customers energy and reduce their carbon emissions. We achieve growth through the development of innovative new products and services, including lighting, lighting controls, building management solutions, and location-aware applications.

JOB SUMMARY

Acuity Brands is seeking a seasoned and driven Security Architect to lead the design and implementation of secure systems for our connected products and smart solutions. You will be the subject matter expert responsible for ensuring the security of smart devices, applications, and the underlying infrastructure. This includes designing secure architectures, identifying risks, recommending mitigations, and maintaining a security-first approach to product development.
You will collaborate with cross-functional teams to ensure that security is integrated throughout the lifecycle of our products and services, from design to deployment. Your expertise will be key in ensuring our solutions meet security compliance standards and adapt to emerging threats.

REQUIRED SKILLS & QUALIFICATIONS

• Education: Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience)
• Experience:
• 5+ years of experience in cybersecurity architecture, with a deep understanding of security best practices and methodologies.
• 8+ years in the IT or networking field, with experience in designing, deploying, and securing connected systems.
• Cloud Security: Hands-on experience with cloud platforms like Azure (preferred), AWS, or GCP, with a strong understanding of cloud security principles, tools, and practices.
• Security Knowledge:
• Solid understanding of vulnerabilities, attack vectors, and mitigation techniques (e.g., privilege escalation, buffer overflows, SQL injection).
• Experience securing IoT devices, applications, and networks, including radio communications, edge gateways, and mobile apps.
• Certifications: Security certifications such as CISSP, CISM, or equivalent is highly desirable
• Technical Expertise:
• Knowledge of application security, web security, networking protocols, and cloud security.
• Experience in reviewing, designing, and defining secure system architectures and conducting architecture security reviews.
• Some familiarity with software development and application testing is a plus, particularly in the context of security testing
• Communication Skills:
• Ability to create clear and actionable security documentation.
• Strong presentation skills for conducting security awareness training and engaging with non-technical stakeholders
• Risk Management: Experience developing and maintaining risk registers, conducting security reviews, and making recommendations to address vulnerabilities

• Design & Architecture: Lead secure development of smart and connected devices, applications, and cloud services. Ensure the integration of security controls across the full product lifecycle, aligning with industry best practices and compliance requirements
• Cloud Security: Assess and ensure the security posture of cloud services (primarily Azure, but also GCP or AWS), focusing on secure communication and API interactions between backend services and connected devices
• Risk Assessment & Management: Conduct security assessments, identify vulnerabilities, document them in the risk register, and prioritize mitigation efforts
• Customer & Sales Enablement: Collaborate with sales and marketing teams to address customer security concerns and build customer-facing security documentation and collateral
• Continuous Improvement & DevOps Integration: Collaborate closely with DevOps teams to integrate security measures seamlessly into the CI/CD pipeline, ensuring proactive security controls and vulnerability remediation throughout the development lifecycle. Recommend and implement security enhancements to address new attack vectors, fostering a continuous feedback loop between development, operations, and security
• Threat Modeling: Perform architecture-level threat modeling using tools like Microsoft Threat Modeling Tool, OWASP Threat Dragon, Threat Modeler and apply methodologies like STRIDE and DREAD to identify and mitigate security risks early in the development lifecycle