Cyber Sec Archt/Engr I

As a Cyber Sec Archt/Engr I here at Honeywell, you will be responsible for supporting the design and implementation of cybersecurity solutions. You will work on fortifying defenses against emerging threats and assist in addressing technical challenges. You will collaborate with cross-functional teams, stay informed about emerging technologies, and contribute to a culture of continuous improvement.

In this role, you will impact the security and resilience of businesses worldwide by protecting critical assets and information. Your work will directly contribute to the safety and integrity of systems that power the modern world. Join us at Honeywell, where cybersecurity meets innovation, and together, we'll build a safer and more secure future.

Responsibilities

• Individual Contributor with Product Security Assurance Team
• Deliver Security Testing across all HCE products.
• Report observations using our standardized reporting structure
• Work with cross functional teams to develop remediation suggestions
• Develop methodologies, determine scoping requirements
• Assist in the development of modular, repeatable, effective Security Testing processes
• Proactively anticipate escalations
• Oversee and ensure client deliverables are on time, requirements are met
• Partner with Tools and Technology Team to select, implement, develop, and automate testing with appropriate tools.
• Assist with onboarding internal team training
• Champion strategic Product Security initiatives

Basic Qualifications

• Bachelor’s degree in computer science or software engineering, electrical engineering or equivalent experience
2+ years of Cyber Security or Information Technology experience

Preferred Qualifications

• 2+ years of pentesting experience preferably in – Web, Mobile, Network, Thick Client, API, Web services, Cloud, Containers, AI ML, Embedded security ( Hardware and Firmware) , Protocol fuzzing
• Has a Bachelor’s Engineering degree or equivalent, preferably in Computer Science
• Perform penetration tests (Manual & Automated) for products spanning Web, Mobile (Android and iOS), Cloud, Dockers, Containers and Thick Clients
• Analyze pen test results to identify the security vulnerabilities and suggest countermeasures for threat mitigation
• Good understanding of Secure Development Lifecycle processes
• Good knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
• Knowledge of attack frameworks like MITRE, VASTO, CIS Benchmarks, Virtualization Assessment Toolkit to exploit virtualization systems
• Demonstrated manual product penetration testing experience; for example, simulate a SQL injection attack without using tools, simulate XSS attack, X-Path Injection, etc.
• Good knowledge and hands-on experience using various penetration testing tools and frameworks like Nessus, Web Inspect, Nmap, Burp Suite, AppScan, ZAP, Kali Linux tools, IDA Pro, GHidra, OWASP, Metasploit, Nessus, Nmap, MObSF, Genymotion, Frida, APK Tool
• Encryption tools and techniques for securing mobile and virtual machines
• Ability to work with geographically distributed, cross-functional teams
• Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques
• Understanding of application protocols, development, and common attack vectors.
• Good cybersecurity capabilities and strong software engineering skills
• Scripting experience in Python, Powershell and Bash preferred.
• Experience working with other languages such as C, C++, Java, .NET or javascript.
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Effective oral and written communication and negotiation skills
Good interpersonal skills

Good to Have Skills

• Certification such as CEH, OSCP, OSWE, CCSP, CCSK, GPEN, CRTP, CRTO will be highly desirable
• Strong Secure SDLC concepts
• Experience in integrating pentest tools to CI/CD pipeline