The future is what you make it. When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future. That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars. Working at Honeywell isn’t just about developing cool things. That’s why all of our employees enjoy access to dynamic career opportunities across different fields and industries. Are you ready to help us make the future?
Are you a cyber professional who desires to make a difference in the everyday security of people? Someone who wants to drive real improvements into real products in an environment with strong organizational support for product security?
Honeywell Connected Enterprise (HCE) is a global leader for products and technologies that are installed in more than 10 million buildings, aircraft, and facilities worldwide. Honeywell is a pioneer in the Internet of Things, developing the next generation of connected offerings. The Lead Cybersecurity Engineer – Product Assurance reports to the HCE Product Security Chief and will be responsible for application security to improve security posture for our cloud applications and platform; and to provide mentoring and guidance to other team members.
As a key member of our growing product security team, you'll leverage your proven experience and...
Perform penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediations in partnership with security architects and project teams
Deliver penetration test reports in standardized templates; including executive report-out where applicable
Actively collaborate and participate in information exchange with the Advanced Independent Security Testing (AIST) team to provide insights into new development, and to leverage AIST findings to speed up penetration tests during early development phase (shift-left)
Establish and maintain HCE penetration test tool stack, methodology, templates, and environment
Support overall end-to-end product security activities to enable the design, development, delivery, and operations of secure and compliant HCE portfolio (e.g. Security by Design and Security by Default)
Provide product security related coaching/mentoring and security expertise for all software development teams in HCE
YOU MUST HAVE
6+ years of penetration test experience
3+ years of software engineering or scripting experience
Ability to understand, articulate, and explain security risks, vulnerabilities, severity scoring and mitigations to stakeholders
Experience in application penetration testing (Cloud/Web, Mobile, APIs, and Thick Client)
Ability to identify threat scenarios, understand and exercise common attack vectors to identify vulnerabilities
Have knowledge and experience of OWASP Top 10, Pentest frameworks and methodologies
Experience of tools such as but not limited to Kali Linux/ Backtrack, Burpsuite, Metasploit Framework, nmap, Nessus, Nikto, Wireshark, Drozer, Dex2Jar, OWASP ZAP, NotaSCA, Android Studio, etc.
Ability to script advanced attacks with Python, Bash, Perl, etc.
Familiarity with reverse engineering tools, debuggers, SAST and DAST tools and techniques.
Good understanding of application development frameworks, Communication protocols and media types
Experience with Application and protocol fuzzing.
Stay current on existing and emerging security threats and techniques for exploiting security vulnerabilities
Certifications we value OSCP, CEH, OSWE/P, GIAC (GPEN)
Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.