Honeywell Jobs

Honeywell mobile Logo

Job Information

Honeywell Lead Penetration Tester – Product Assurance in Phoenix, Arizona

The future is what you make it. When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future. That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars. Working at Honeywell isn’t just about developing cool things. That’s why all of our employees enjoy access to dynamic career opportunities across different fields and industries. Are you ready to help us make the future?

Are you a cyber professional who desires to make a difference in the everyday security of people? Someone who wants to drive real improvements into real products in an environment with strong organizational support for product security?

Honeywell Connected Enterprise (HCE) is a global leader for products and technologies that are installed in more than 10 million buildings, aircraft, and facilities worldwide. Honeywell is a pioneer in the Internet of Things, developing the next generation of connected offerings. The Lead Cybersecurity Engineer – Product Assurance reports to the HCE Product Security Chief and will be responsible for application security to improve security posture for our cloud applications and platform; and to provide mentoring and guidance to other team members.

As a key member of our growing product security team, you'll leverage your proven experience and...

  • Perform penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediations in partnership with security architects and project teams

  • Deliver penetration test reports in standardized templates; including executive report-out where applicable

  • Actively collaborate and participate in information exchange with the Advanced Independent Security Testing (AIST) team to provide insights into new development, and to leverage AIST findings to speed up penetration tests during early development phase (shift-left)

  • Establish and maintain HCE penetration test tool stack, methodology, templates, and environment

  • Support overall end-to-end product security activities to enable the design, development, delivery, and operations of secure and compliant HCE portfolio (e.g. Security by Design and Security by Default)

  • Provide product security related coaching/mentoring and security expertise for all software development teams in HCE

YOU MUST HAVE

  • Bachelors degree

  • 6+ years of penetration test experience

  • 3+ years of software engineering or scripting experience

WE VALUE

  • Ability to understand, articulate, and explain security risks, vulnerabilities, severity scoring and mitigations to stakeholders

  • Experience in application penetration testing (Cloud/Web, Mobile, APIs, and Thick Client)

  • Ability to identify threat scenarios, understand and exercise common attack vectors to identify vulnerabilities

  • Have knowledge and experience of OWASP Top 10, Pentest frameworks and methodologies

  • Experience of tools such as but not limited to Kali Linux/ Backtrack, Burpsuite, Metasploit Framework, nmap, Nessus, Nikto, Wireshark, Drozer, Dex2Jar, OWASP ZAP, NotaSCA, Android Studio, etc.

  • Ability to script advanced attacks with Python, Bash, Perl, etc.

  • Familiarity with reverse engineering tools, debuggers, SAST and DAST tools and techniques.

  • Good understanding of application development frameworks, Communication protocols and media types

  • Experience with Application and protocol fuzzing.

  • Stay current on existing and emerging security threats and techniques for exploiting security vulnerabilities

  • Certifications we value OSCP, CEH, OSWE/P, GIAC (GPEN)

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.

DirectEmployers