Manager Security Architect II Location: Hyderabad, IN, 500 081 Requisition ID: 18043 Brightstar is an innovative, forward-thinking global leader in lottery that builds on our renowned expertise in delivering secure technology and producing reliable, comprehensive solutions for our customers. As a premier pure play global lottery company, our best-in-class lottery operations, retail and digital solutions, and award-winning lottery games enable our customers to achieve their goals, fulfill player needs and distribute meaningful benefits to communities. Brightstar has a well-established local presence and is a trusted partner to governments and regulators around the world, creating value by adhering to the highest standards of service, integrity, and responsibility. Brightstar has approximately 6,000 employees. For more information, please visit www.brightstarlottery.com . **Responsibilities** **Team Leadership & Development** + Build and lead a team of application security engineers and analysts. + Foster a culture of innovation, accountability, and continuous learning. + Define team goals, KPIs, and career development plans. **Application Security Strategy** + Develop and execute a comprehensive application security strategy aligned with enterprise risk management goals. + Collaborate with software engineering, DevOps, and product teams to integrate security into the SDLC. **Secure Development Practices** + Lead the development and implementation of secure coding standards and training to development teams. + Drive the adoption of DevSecOps practices and tools. **Vulnerability Management** + Oversee application security testing including SAST, DAST, IAST, and manual code reviews. + Manage the intake, triage, and remediation of application vulnerabilities. **Offensive Security Management** + Develop offensive security / red teaming capabilities, team, and processes and oversee execution of penetration testing activities **Governance & Compliance** + Ensure compliance with internal policies and external regulations (e.g., PCI-DSS, GDPR, MUSL, NIS2). + Maintain documentation and reporting for audits and executive reviews. **Tooling & Automation** + Select and manage application security tools and platforms. + Drive automation of security testing and vulnerability tracking. **Threat Modeling & Risk Assessment** + Lead threat modeling exercises for critical applications. + Provide risk-based guidance to development teams and business stakeholders. **Scope** + Complexity: Functions Responsible for or Influenced + High – Influence on Information Security across the organization + Diversity: Locations Responsible for or Influenced + High - Influence on enterprise + Typical Job Problems and Difficulties + Ensuring alignment of multiple stakeholders and development teams + Interfacing with customers as needed to discuss mitigating control options f + Driving standardization across the enterprise + Financial Accountability **General** + Extent decisions governed by procedures or referred up + Low - some actions are dictated by policy / procedure or complex issues must be escalated to management for resolution + Standard requirements for research and analysis + Provides security architecture research and analysis in a liaison capacity to all areas of technology development & infrastructure within any Systems Solutions & Delivery organization. + Opportunity and consequence of typical errors (supervision) + Frequent with high impact – systems are used globally + Frequency and complexity of internal business contacts + Frequent with high complexity – deal with business issues daily + Frequency and complexity of external business contacts + Vendor negotiations and contract review + Networking with external agencies to stay abreast of threats and countermeasures. + Physical (% time: travel, operating machinery, environmental etc.) + Low – Minimal travel expected **Qualifications** + Minimum education + Bachelor’s degree in Computer Science, Cybersecurity, or related field. + Years experience + 8+ years of experience in Cybersecurity, including 3+ years in a leadership role and 3+ years in application security. + Essential special training requirements + CISSP, CISM, CSSLP, or OSWE certification a plus. + Proven and demonstrated accomplishments in the Information Security field. Member of various Information Security Organizations (i.e., ISSA, SANS, ISC2, ESF, etc.) preferred. + Strong understanding of secure coding practices, OWASP Top 10, and SDLC methodologies required. + Experience with application security tools. + Familiarity with cloud-native architectures and securing APIs and microservices. + Other skills + Excellent communication and stakeholder management skills. + Working knowledge of graphic applications used for flow-charting and infrastructure depiction such as Visio and demonstrated ability to produce high quality documentation. **Keys to Success** • Building collaborative relationships and a high performance team • Decision making • Drive results • Foster innovation • Personal energy \#LI-JB1 Brightstar is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. Brightstar is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted. All Brightstar employees have a role in information security. Annual training will be assigned and required as appropriate. For more information, please visit www.brightstarlottery.com . IGT is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. IGT is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted.