Lead Cyber Security Penetration Testor

The future is what you make it. When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future. That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars. Working at Honeywell isn’t just about developing cool things. That’s why all of our employees enjoy access to dynamic career opportunities across different fields and industries. Are you ready to help us make the future? Honeywell is a Fortune 100 company with global sales surpassing $40B and has been one of Fortune’s Most Admired Companies for over a decade. Through innovation the company brings together the physical and digital world to tackle some of the toughest societal and business problems – making the world a more productive, safe and sustainable place. The business is organized into five primary groups: Aerospace; Building Technologies; Performance Materials and Technologies; Safety and Productivity Solutions; and the Connected Enterprise Are you a cyber security professional who desires to make a difference in the security of products? Someone who wants to drive real improvements into real products by using black hat techniques to understand risk? We are looking for a talented penetration tester, comfortable seeking out both hardware and software vulnerabilities across a diverse product portfolio. Honeywell Global Security (HGS) is focused on integrating security into all aspects of our business to protect the people, processes, and assets by which Honeywell achieves its greater mission. Join a team that is focused on identifying and protecting the information, processes, formulas, techniques, methods, and know-how critical to Honeywell’s competitive capability. As a key member of an elite penetration testing team, you’ll have the opportunity to…

• Go beyond traditional scanner-based penetration testing methods
• Use experience and creativity to drive your manual penetration testing efforts
• Find all the vulnerabilities, exploit the ones that are fun
• Partner with development teams to remediate cyber security issues
• Purple team exercise to quickly improve security posture
• Participate in select, high profile penetration testing projects with executive report outs

• Bachelors degree
• 7 years of cyber security experience
• 3 years of penetration testing experience

• Accomplished track record of pen testing hardware and software systems
• Familiarity with most of the following with subject matter expertise in at least three:
  • Cyber security analysis of hardware & software systems
  • Firmware analysis with binwalk or similar
  • Network security
  • Detailed understanding of TCP/IP networking and protocols
  • Cryptography
  • Windows and Linux systems
  • Python
  • Reverse Engineering: Ghidra, IDA Pro, or similar
  • Printed Circuit Board Layout for Security
  • JTAG
  • Protocol Analysis and Exploitation
  • Software Defined Radios
  • REST API
• Ability to write detailed security reports
• Ability to verbally communicate security issues to both technical and non-technical people
• Penetration testing experience, especially if focused in the device space
• Extensive knowledge of ARM-based microcontrollers and how to attack / defend devices based on them
• Experience exploiting hardware-level security features such as Secure Boot, Encrypted Storage, or communication protocols
• Professional software engineering experience in Java, Python, or C.
• Public speaking at security conferences like BlackHat, Defcon, BSides, Recon.
• Deep understanding of reverse engineering
• Familiarity with secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
• Understanding of security by design principles and architecture level security concepts
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Good communication and leadership skills
• Good interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
• OSCP Certification
• CISSP Certification