Advanced Cyber Sec Archt/Engr

Job Description The Cyber Security Engineer III reports to the Product Security Assurance Leader and will be responsible for assessing and evaluating the security posture of a variety of Honeywell HCE Products and partner technologies. This role will be responsible for security services delivery, which may include use of web/application/network/Mobile/Cloud/AI ML/protocol/hardware/firmware security toolsets, detection of security defects, and remediation consultation of those weaknesses. Our services support the identification of potential attack techniques and serve as the foundation for continuously improving the product development lifecycle.

Responsibilities

• Individual Contributor with Product Security Assurance Team, with minor team leadership accountabilities
• Provide mentorship, expertise and direction to junior team members
• Assist with onboarding internal team training
• Champion strategic Product Security initiatives
• Oversee and ensure client deliverables are on time, requirements are met
• Proactively anticipate escalations
• Lead initiatives to engineer better solutions
• Develop methodologies, determine scoping requirements
• Deliver Security Testing across all HCE products.
• Assist in the development of modular, repeatable, effective Security Testing processes
• Partner with Tools and Technology Team to select, implement, develop, and automate testing with appropriate tools.
• Work with cross functional teams to develop remediation suggestions
• Report observations using our standardized reporting structure

Qualifications

• Bachelor’s degree in computer science or software engineering, or equivalent experience
• Total Experience – Minimum 5 years
• 4+ years demonstrated experience in penetration testing
• 1+ years project management skills

Preferred Qualifications

• 4+ years of pentesting experience preferably in – Web, Mobile, Network, Thick Client, API, Web services, Cloud, Containers, AI ML, Protocol fuzzing
• Has a Bachelor’s Engineering degree or equivalent, preferably in Computer Science
• Perform penetration tests (Manual & Automated) for products spanning Web, Mobile (Android and iOS), Cloud, Dockers, Containers and Thick Clients
• Reverse engineering of applications and detailed analysis of pen test results to identify the security vulnerabilities and suggest countermeasures for threat mitigation
• Good understanding of Secure Development Lifecycle processes
• Good knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
• Knowledge of attack frameworks like MITRE, VASTO, CIS Benchmarks, Virtualization Assessment Toolkit to exploit virtualization systems
• Demonstrated manual product penetration testing experience; for example, simulate a SQL injection attack without using tools, simulate XSS attack, X-Path Injection, etc.
• Good knowledge and hands-on experience using various penetration testing tools and frameworks like Nessus, Web Inspect, Nmap, Burp Suite, AppScan, ZAP, Kali Linux tools, IDA Pro, GHidra, OWASP, Metasploit, Nessus, Nmap, MObSF, Genymotion, Frida, APK Tool
• Encryption tools and techniques for securing mobile and virtual machines
• Understanding of application protocols, development, and common attack vectors.
• Good cybersecurity capabilities and strong software engineering skills
• Scripting experience in Python, Powershell and Bash preferred.
• Experience working with other languages such as C, C++, Java, .NET or javascript.
• Excellent understanding of security by design principles and architecture level security concepts
• Experience and knowledge of penetration testing methodologies and tools
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques
• Experience in integrating pentest tools to CI/CD pipeline
• Effective oral and written communication and negotiation skills
• Good interpersonal skills
• Experience in security testing within the appropriate domain
• Demonstrated project management skills.
• Ability to work with geographically distributed, cross-functional teams

Good to Have Skills

• Certification such as CEH, OSCP, OSWE, CCSP, CCSK, GPEN, CRTO will be highly desirable
• Strong Secure SDLC concepts
• Public speaking at Technical Conferences

About Us Honeywell helps organizations solve the world's most complex challenges in automation, the future of aviation and energy transition. As a trusted partner, we provide actionable solutions and innovation through our Aerospace Technologies, Building Automation, Energy and Sustainability Solutions, and Industrial Automation business segments – powered by our Honeywell Forge software – that help make the world smarter, safer and more sustainable.