CASY-MSCCN Jobs

Innovate to solve the world's most important challenges

The future is what you make it.

When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future.

That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars.

Working at Honeywell isn’t just about developing cool things. That’s why all of our employees enjoy access to dynamic career opportunities across different fields and industries.

Are you ready to help us make the future?

Honeywell Connected Enterprise (HCE) is a global leader for products and technologies that are installed in more than 10 million buildings, aircraft, and facilities worldwide. We are a pioneer in the Internet of Things, developing the next generation of connected offerings.

Are you someone who wants to drive real improvements into real products in an environment which has a strong organizational support for product security?

In the role of the Senior Advanced Cyber Security Architect for the Forge Core Platform, you will report to the Product Security Leader and will provide expertise in security to development teams throughout all phases of the SDLC. Working under minimal supervision, you will own one or more product components and ensure they're built and deployed securely in the cloud.

Responsibilities:

· Partner with Cloud Security Architecture to drive the security strategy and provide input into cloud security patterns to build Zero Trust architecture

· Work closely with DevOps to ensure the Cloud is built securely using IaC and manage cloud security posture management via enforcing policies in Defender for Cloud

· For all SaaS offerings in HCE, support secure lifecycle process activities including threat modeling, risk assessment, analysis of findings from penetration tests, and tools (e.g., SAST, SCA, Container vulnerability scans)

· Identify, design, and track risk-remediating security requirements by actively managing open security risks

· Participate in PI planning, sprint planning, & daily standups with development teams to champion security in development backlog

· Conduct project status and process presentations for leadership and external customers. Interfaces with vendors and suppliers to ensure product and project compliance. Communicates any non-compliance and the results of any internal project audits to pertinent parties.

· Act as a subject matter expert for the product teams, understand and advise on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration

· Execute secure product strategy working cross-functionally with leaders across the business

· Balance the product requirements and product security to ensure a stable product

· Be a coach to Security Champions to grow their product security skills.

· Acts as a mentor to upcoming Product Security Engineers

You must have:

· Bachelor's degree in Cybersecurity, Computer Science, or related field

· 5+ years of combined experience in one or more of the following areas: secure software development, SaaS, cloud security, security architecture and/or security engineering

We value:

· Secure software development lifecycle (SSDLC) experience

· Programming abilities and understanding of secure coding practices

· Experience and knowledge with Identity and Access Management security controls

· Experience and knowledge with Container Orchestration security controls

· Experience with Cloud Provider (e.g., Azure, AWS, GCP) security controls

· Experience with security tools (e.g., SAST, SCA, vulnerability scanning, penetration testing)

· Understanding of Agile software development practices

· Experiences with DevOps (CI/CD)

· Understanding of security by design principles, architecture level security, and zero trust security concepts

· Up to date knowledge of current and emerging security threats and techniques for exploiting security weaknesses

· Certifications in security demonstrating deep practical knowledge such as CSSLP, CCSP, or CISSP

· Understanding of industry compliance and security standards (e.g., PCI DSS, ISO 27001, SOC1 and 2)

·

·

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.