Principal Engineer, Product Security Architecture & Risk EvaluationBusinesses United Technologies Corp. Headquarters Job ID 01293128 Date posted 02/11/2019 City East Hartford State Connecticut Country United States
Country:United States of America
Location:UT13: RC-CT - Corp 411 Silver Lane, East Hartford, CT, 06108 USA
United Technologies Corporation (UTC; NYSC: UTX) is headquartered in Farmington, CT, just outside of Hartford, CT. We employ over 204,000 talented individuals globally, achieve net sales in excess of $60 billion, and invest $4B each year back into research & development activities. Our aerospace businesses include Pratt & Whitney aircraft engines and Collins Aerospace – the combination of which make us the largest aerospace company in the world. Our commercial businesses include Otis elevators and escalators and UTC Climate, Controls & Security – a leading provider of heating, ventilation, air conditioning, fire and security systems and building automation controls.
United Technologies Corporation was founded by some of the world’s greatest inventors. We helped build the Second Industrial Revolution and brought about a century of urbanization and globalization. Now we need your help to build the next one.
Tech@UTC is the UTC technology organization, comprised of the global engineering function, several focused centers of expertise, our skunkworks organization – United Technologies Advanced Projects (UTAP), and our advanced Research & Development lab – United Technologies Research Center (UTRC). By combining a passion for science with precision engineering, we create smart, sustainable solutions that prove we can do the big things the right way. We put the “T” in UTC.
As great physical products like jet engines, elevators, avionics, HVAC, door locks, and smoke detectors get “smarter,” becoming increasingly connected, security becomes increasingly important. The mission of the newly created Product Security Center of Expertise (PSCOE) is to ensure the digital security of these products by (1) ensuring that security is built into the products before they ship, (2) operationally understanding risk to our products on a day-to-day basis, and (3) ensuring that we have a strong Product Security Incident Response Team (PSIRT) to respond effectively and quickly to any product security issues.
As product security architect and security engineer, you’ll be an integral member of a central Product Security Team, actively responsible for coaching and advising hundreds of product teams on how to build security into their products. This includes coaching engineering teams on the engineering discipline, technical architectures, business processes, and risk management frameworks needed to do security right in products through the entirety of the product lifecycle from inception through “end of life”.
Key Job Responsibilities
- Working side by side with other security leads, architects and engineers across the company, and coaching them on how to build security into products
- Act in capacity of a trusted subject matter expert and business risk professional who understands a broad range of software engineering methodologies including both agile and waterfall, and who can effectively evaluate & articulate risk in practice as product teams continually improve their software engineering & product security talent, processes, and tooling
- Help executives understand and scale the risks which their teams are running, and similarly understand the best opportunities for fastest & most efficient improvement
Qualifications & Competencies
- Ability to quickly build and leverage trust with multiple engineering teams
- Experience working with various technology stacks, and ability to quickly and efficiently pick up and analyze new product architectures and processes
- Ability to rapidly learn deeply technical subjects, such as product security, and keep abreast with fast moving industries, such as security
- Understanding of both agile and waterfall software development processes since many product teams are already agile and many product teams are earlier in that journey
- Strong experience with architecture reviews and threat modeling
- Strong experience with static and dynamic analysis tools, including findings analysis, defect triage, and related risk analysis
- Leveled attitude toward security and business considerations
- Strong presentation skills, ability to conduct security training to not only transfer knowledge, but also to inspire engineering teams, including senior engineers and architects, and other security leads
- Strong experience with 3rd party and open source software analysis and related tools
- Ability to serve stakeholders with large, geographically distributed teams
- Strong experience performing security development lifecycle gap analysis, building concrete prioritized plans for individual engineering teams based on their environment, and providing assistance with implementation of related solutions
- Experience with security architecture at scale, and fluent in a broad range of relevant product security architectures, principles, components, and protocols
- Experience leading change through collaboration, empathy, and patience
- Additional experience leading software engineering, or a track record of success, advising software engineering teams
- Familiarity with multiple Secure Development Lifecycle (SDL/SDLC) methodologies, either as practiced and published by leading software companies, or other organizations such as SAFECode, OWASP/SAMM, BSIMM, NIST 800-64, SSE-CMM, FAA/iCMM, and others
- Experience with penetration testing and security tools
- Experience with embedded systems companies and/or physical product companies
Education & Experience
- B.S. in Computer Science, Electrical Engineering, or related field
Citizenship requirements: Candidate must be United States Citizen or Permanent Resident
United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Click on this link to read the Policy and Terms
United Technologies Corporation is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.