10 days old

Principal Cyber Security Architect - Embedded Systems

Phoenix, AZ 85003

Innovate to solve the world's most important challenges
The future is what you make it.
When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future.
That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars.
Working at Honeywell isn€™t just about developing cool things. That€™s why all of our employees enjoy access to dynamic career opportunities across different fields and industries.
Are you ready to help us make the future?
Honeywell is seeking a Principal Cyber Security Architect - Embedded Systems to join it€™s growing team of cyber engineers responsible for the establishment and maintenance of hardware assurance (HwA) practices within Honeywell Aerospace that allow continuous delivery of cyber secure embedded systems and applications.
He or she will be responsible for using their advanced knowledge of cyber security engineering along with continuous delivery cyber processes and tools to take ownership and successfully enable delivery of secure aerospace products through repeatable and automated mechanisms.
In this key position, the Principal Cyber Security Architect will€¦
  • Provide design and best practices leadership in building secure Honeywell Aerospace products.
  • Support and manage product security process activities including threat and attack tree modelling, security requirements definition, cyber test planning and penetration testing, cyber risk assessments, etc.
  • Leverage your deep understanding of embedded systems to ensure that HwA requirements are sufficiently addressed in all aspects of the development lifecycle pipeline from requirements definition, design, development, test and production release.
  • Identify appropriate hardware and software design changes to deliver cyber secure systems and assist cyber and product teams to quantify residual product cyber risk.
  • Establish completion criteria for HwA activities and associated metrics for cyber secure hardware development activities as part of the hardware design and certification pipeline.
  • Implement automation for repeatable hardware assurance tasks, maintain and optimize security cyber security test suites, and proactively work to reduce manual HwA activities.
  • Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics.
  • Provide subject matter expertise, training as required, and demonstrate best practices through hands-on involvement in all cyber related activities.
    • Bachelors in Computer Science or Engineering with an emphasis in Information Security or a related field, or equivalent experience.
    • 5+ years developing, architecting, and implementing enterprise, industrial or embedded class cyber security solutions.
      WE VALUE
      • Masters in Computer Science or Engineering with an emphasis in Information Security or a related field is a plus.
      • Expert knowledge of the security controls used to enforce various levels of confidentiality, integrity, and availability.
      • 10 years total in security engineering and risk remediation preferred
      • Previous experience with designing and/or testing aircraft avionics systems as well as knowledge of civil aviation certification regulations and processes.
      • Considerable expertise or experience in at least one of following security domains (Threat Modeling, SAST, DAST, Offensive Red Teaming or Penetration Testing, Authentication & Public Key Infrastructure (PKI), Vulnerability Management, Data Security or Cryptography).
      • Expert knowledge of the concepts, principles, structures, and standards used to design, implement, monitor, and secure hardware designs such as Secure Boot, Trusted Boot, Measured Boot, Secure Enclave, Trusted Platform Module (TPM), Real Time Operating Systems, hardware-based encryption, trusted execution, Public Key Infrastructure (PKI), Vulnerability Management, etc.
      • Experience working with Linux, SELinux, Xilinx and NXP processors is preferred
      • Experience with C, C++, Python, Assembly, etc.
      • Understanding/Knowledge of global frameworks and standards like NIST, FIPS, RTCA DO-178C, DO-326A, DO-355, DO-356A, ISO 27001/27002, ITIL, GDPR, DFARS, etc.
      • Technical certifications are not required but considered an asset are:  CISSP, ISSAP, ISSEP, GCIH, GCIA, GCFA, GPEN, GCFE, CCNA, CCNP, CEH, Security+.
      • Active engagement and contributions to the cybersecurity community via security related forums, blogs, attending security conferences, white papers, etc.
      • Strong collaboration skills working cross functionally with internal and external customers
      • Experience presenting to broad audiences from technical to executive level

        Additional Information
        • JOB ID: req231246
        • Category: Engineering
        • Location: 21111 N. 19th Ave (Deer Valley),Phoenix,Arizona,85027,United States
        • Exempt
        • Due to US export control laws, must be a US citizen, permanent resident or have protected status.