Embedded Reverse Engineer, UTC Project ZeroBusinesses United Technologies Corp. Headquarters Job ID 01289119 Date posted 01/19/2019 City East Hartford State Connecticut Country United States
Country:United States of America
Location:UT13: RC-CT - Corp 411 Silver Lane, East Hartford, CT, 06108 USA
United Technologies Corporation (UTC; NYSC: UTX) is headquartered in Farmington, CT, just outside of Hartford, CT. We employ over 204,000 talented individuals globally, achieve net sales in excess of $60 billion, and invest $4B each year back into research & development activities. Our aerospace businesses include Pratt & Whitney aircraft engines and Collins Aerospace– the combination of which make us the largest aerospace company in the world. Our commercial businesses include Otis elevators and escalators and UTC Climate, Controls & Security – a leading provider of heating, ventilation, air conditioning, fire and security systems and building automation controls.
United Technologies Corporation was founded by some of the world’s greatest inventors. We helped build the Second Industrial Revolution and brought about a century of urbanization and globalization. Now we need your help to build the next one.
Tech@UTC is the UTC technology organization, comprised of the global engineering function, several focused centers of expertise, our skunkworks organization – United Technologies Advanced Projects (UTAP), and our advanced Research & Development lab – United Technologies Research Center (UTRC). By combining a passion for science with precision engineering, we create smart, sustainable solutions that prove we can do the big things the right way. We put the “T” in UTC.
As great physical products like jet engines, elevators, avionics, HVAC, door locks, and smoke detectors get “smarter,” becoming increasingly connected, security becomes increasingly important. The mission of the newly created Product Security Center of Expertise (PSCOE) is to ensure the digital security of these products by (1) ensuring that security is built into the products before they ship, (2) operationally understanding risk to our products on a day-to-day basis, and (3) ensuring that we have a strong Product Security Incident Response Team (PSIRT) to respond effectively and quickly to any product security issues.
As an Embedded Reverse EngineerforUTC Project Zero, you’ll work to discover serious previously unknown vulnerabilities in cyber physical products, particularly for products on which lives and quality of life depend worldwide. Over the past five years, similar efforts have driven tremendous progress in general purpose computing servers, clients, operating systems, and browsers used for shopping, routine business, and social networking. We believe that life critical embedded systems and the protocols connecting them all deserve a similar concerted effort for improvement. Of course, for life-critical systems, certification and safety testing requirements in the interest of the general public cause timelines for dissemination of fixes to life-critical systems to differ from timelines of most other computing technologies. That certainly impacts timelines for responsible disclosure. However, over the long term, many crucial principles, such as transparency, are immutable, and the time has come for leaders to set new precedents in this crucial area for public good. These are among the reasons why we believe the time has come for a UTC Project Zero focused exclusively on smart, connected physical products on which people now depend more than most people realize. In working to discover previously unknown vulnerabilities, you’ll be investigating the potential for such vulnerabilities in products, including but not limited to digitally driven elevators, aerospace systems, HVAC, jet engines, door locks, security cameras, and smoke detectors. This includes discovering vulnerabilities in market leading products by UTC brands including Pratt & Whitney, Otis, Carrier, Lenel, Kidde, Chubbe, Edwards, and also discovering vulnerabilities in competing products. Our hope is to not only continue improving our own products, but to also constructively raise the bar for these many industries, and set solid precedents for the public good in the process of leading by example.
Key job responsibilities:
- Discover serious previously unknown vulnerabilities in life-critical products, and help publish them on responsible timelines
- Engage the security research & vulnerability discovery communities to set appropriate precedents for public good regarding responsible disclosure timelines for life-critical smart, physical products
- Deep experience in security with deep experience in vulnerability discovery.
- Proven ability to discover previously unpublished serious security vulnerabilities.
- Familiarity with challenges unique to security in physical products.
- High integrity and capability of building strong, trusting relationships.
- Years of publishing previously unknown vulnerabilities strictly through responsible disclosure
- Ability to keep abreast with latest threats, attack techniques and mitigation strategies.
- Experience publishing at long-established, selective conferences annually attended by thousands of hackers.
- Experience breaking cyber-physical “embedded” technologies.
- Minimum of 5 to 7 years of experience in the Cybersecurity area
Bachelor’s degree in Electrical Engineering, Computer Science, or related field
Candidate must be United States Citizen or Permanent Resident
Note: The location of this position is flexible,
United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Click on this link to read the Policy and Terms