Honeywell Product Security Leader in Fort Mill, South Carolina
The future is what you make it.
When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future.
That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars.
Working at Honeywell isn’t just about developing cool things. That’s why all of our employees enjoy access to dynamic career opportunities across different fields and industries.
Are you ready to help us make the future?
The Productivity Solutions Global Business Enterprise (GBE) is seeking a Product Security Leader to join it's critical security team in Ft. Mill, SC. He or She will report to the Safety and Productivity Solutions (SPS) Director of Cybersecurity with matrix reporting to the Productivity Products CTO. This key role will be a primary focal point of all cybersecurity matters related to the GBE's products and service offerings.
This is a senior technical (non-supervisory) role.
Govern and enforce the effective implementation of product security practices in NPI (New Product Introduction) and/or Z21 projects
Review and approve mandatory product security activities for the GBE Product Approval Committee (PAC)
Institutionalize practices for identifying and quantifying product and portfolio product security risks
Participate in SPS Software Security Group (SSG) providing input on cyber policies, risk management, processes, technology development and strategy
Maintain and report product security metrics of GBE products through their development life cycle for continuous improvement
Provide training, coaching, and expert consultation in secure development practices to the business and development teams
Enable GBE leadership team to understand security risk, participate in technology and resource needs planning
Ensure adoption of Product Security initiatives and SPS standard components across the GBE product lines
Act as the focal point for GBE critical customer cybersecurity issues (PSIRT), product security compliance, and external security certifications
Monitor external security sources for vulnerabilities which impact GBE products
Interface with Legal and Marketing Communications group to manage communications of security vulnerabilities in GBE Products
Review and approve security notifications to inform customers of urgent security issues which may impact their Honeywell products
Coordinate and track remediation of product security incidents
YOU MUST HAVE
Bachelor's degree in Computer Science, Computer Engineer or Cybersecurity related field.
4+ years Technical leadership experience in the software security field.
4+ years familiarity securing Cloud, Mobile or Client/Server software (including embedded software systems).
4+ years with incorporating cyber security into software development processes and programs.
Master's degree in Computer Science or Cybersecurity
Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
Understanding of ‘security by design’ principles and architecture level security concepts
Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
Excellent communication (written and oral) and leadership skills
Working knowledge of Cyber security frameworks – i.e. ISA-62243, NIST-800-53, NIST RMF, etc.
Understanding of development methods and methodologies – i.e. Agile, SAFe, SCRUM, etc.
Understanding of DevSecOps
Experience conducting secure product reviews leveraging both automated (i.e. SAST, DAST, SCA, etc.) & manual activities (Penetration Testing)
Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP
Background in systems engineering
Experience with DoD C&A – i.e. NIST 800-53
Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.