Cyber Sec ArchtEngr II

The Cyber Security Engineer IIreports to the Product Security Assurance Leader and will be responsible for assessing and evaluating the security posture of a variety of Honeywell HCE Products and partner technologies. This role will be responsible for security services delivery which may include use of web/application/network/Mobile/Cloud/AI ML/protocol/hardware/firmware security toolsets detection of security defects and remediation consultation of those weaknesses. Our services support the identification of potential attack techniques and serve as the foundation for continuously improving the product development lifecycle.

• Individual Contributor with Product Security Assurance Team
• Deliver Security Testing across all HCE products.
• Report observations using our standardized reporting structure
• Work with cross functional teams to develop remediation suggestions
• Develop methodologies determine scoping requirements
• Assist in the development of modular repeatable effective Security Testing processes
• Proactively anticipate escalations
• Oversee and ensure client deliverables are on time requirements are met
• Partner with Tools and Technology Team to select implement develop and automate testing with appropriate tools.
• Assist with onboarding internal team training
• Champion strategic Product Security initiatives

Basic Qualifications

• Bachelors degree in computer science or software engineering electrical engineering or equivalent experience
• 2 years of Cyber Security or Information Technology experience

Preferred Qualifications

• 2 years of pentesting experience preferably in Web Mobile Network Thick Client API Web services Cloud Containers AI ML Embedded security ( Hardware and Firmware) Protocol fuzzing
• Has a Bachelors Engineering degree or equivalent preferably in Computer Science
• Perform penetration tests (Manual & Automated) for products spanning Web Mobile (Android and iOS) Cloud Dockers Containers and Thick Clients
• Analyze pen test results to identify the security vulnerabilities and suggest countermeasures for threat mitigation
• Good understanding of Secure Development Lifecycle processes
• Good knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
• Knowledge of attack frameworks like MITRE VASTO CIS Benchmarks Virtualization Assessment Toolkit to exploit virtualization systems
• Demonstrated manual product penetration testing experience; for example simulate a SQL injection attack without using tools simulate XSS attack X-Path Injection etc.
• Good knowledge and hands-on experience using various penetration testing tools and frameworks like Nessus Web Inspect Nmap Burp Suite AppScan ZAP Kali Linux toolsIDA Pro GHidra OWASP Metasploit Nessus Nmap MObSF Genymotion Frida APK Tool
• Encryption tools and techniques for securing mobile and virtual machines
• Ability to work with geographically distributed cross-functional teams
• Familiarity with reverse engineering tools debuggers and dynamic analysis techniques
• Understanding of application protocols development and common attack vectors.
• Good cybersecurity capabilities and strong software engineering skills
• Scripting experience in Python Powershell and Bash preferred.
• Experience working with other languages such as C C or javascript.
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Effective oral and written communication and negotiation skills
• Good interpersonal skills

Good to Have Skills

• Certification such as CEH OSCP OSWE CCSP CCSK GPEN CRTP CRTO will be highly desirable
• Strong Secure SDLC concepts
• Experience in integrating pentest tools to CI/CD pipeline