Honeywell is charging into the Industrial IoT revolution with the establishment of Honeywell Connected Enterprise (HCE), building on our heritage of invention and deep, on-the-ground industry expertise. HCE is the leading industrial disruptor, building and connecting software solutions to streamline and centralize the assets, people and processes that help our customers make smarter, more accurate business decisions. Moving at the speed of software, we are creating, innovating and delivering solutions fast, challenging the way things have always been done, piloting new ways for all of us to work, and expecting our successes to set new standards for our customers and for Honeywell.
As a Lead Security Engineer for Production Risk Management, it’s your responsibility to set up a framework to proactively and efficiently manage risk exposure with software components (OS, Middleware, open source components, etc). You will leverage and guide vulnerability detection capabilities, and drive the remediation process for on-premise and cloud environment. You will be responsible for a holistic program implemented by multiple stakeholder teams (e.g. DevOps, Engineering, tools) to effectively identifies, quantifies, and remediates production security risks across Honeywell Connected Enterprise (HCE) portfolio.
· Establish consistent vulnerability management practice for cloud technologies, containers and open source software; identify and drive process and tooling improvement
· Partner with software development teammates, technology owners and application teams to implement processes and technologies that identify and reduce production security risk exposures
· Define meaningful and actionalble metrics and develop automated reporting mechanisms to different levels of leadership
· Investigate fixes for reported vulnerabilities and ensure coordination for fix availablity, patching in non-prod and production environments.
· Identify and resolve false positive findings in vulnerability assessment results and facilitate processes to systematically address trends in detection inaccuracies and anomalies
· Demonstrate deep technical expertise in order to effectively assess vulnerability risk and identify compensating controls and validation techniques to minimize security risk
· Collaborate with 3rd party cloud applications contacts to ensure compliance with our standards, controls, policies and principles.
Interface with Corporate point of contact; Lead and coordinate with matrix team in HCE incident response and investigation activities
YOU MUST HAVE:
· Bachelor’s Degree or equivalent
· 8+ years of combined experiences in various security and technology domains; especially in incident response, approved component list (ACL), product vulnerability management
• CISSP certification preferred, however consideration will be given to those that have other cybersecurity certifications (CISM, CRISC, etc.) as well.
• Communication skills important - Working with all security teams and tons of other infrastructure and applications group
· Exposure to static code analysis and risk assessment of open source components
· Familiar with open source software scanning tools
· Experience with Patch management tools
Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.