Key Responsibilities:
Regulatory Compliance & Certification:
Good understanding of design objectives such as DO-178B/C, DO-326A, DO-355, and DO-356A to support continuous airworthiness of aircraft from safety and security perspectives.
Experience in certifying and meeting compliance for embedded products used in aircraft cockpits with certifying authorities like FAA and EASA.
Security Architecture & Risk Management:
Lead efforts with development teams to manage product risk and apply the appropriate security controls.
Drive secure architecture by design, perform security risk assessments, and apply defense-in-depth approach with multilayered security controls.
Identify security gaps and define remediation approaches using security controls during risk assessments.
Threat Modeling & Communication:
Expertise in threat modeling of both embedded products and web applications, effectively communicating security risks to the program teams in advance.
Guidance & Best Practices:
Provide security architecture guidance and support to a large development organization to promote security by design principles.
Drive best-in-class security requirements into product and service offerings.
Provide architecture and best practices guidance in building secure Honeywell products.
Security Process Activities:
Support product security processes such as threat modeling, security requirements, security reviews, threat vulnerability assessments, and risk management for aerospace applications.
Secure Development & Cloud Security:
Have a background in product architecture and development with Secure Software Development Lifecycle (SDLC) experience.
Understand security by design principles and remain up-to-date on emerging security threats and techniques.
Experience in developing, securing, and driving security requirements for Embedded & IIoT-based Avionics Products on RTOS platforms such as VxWorks and Deos.
Experience with securing Commercial Cloud, Hybrid, and Private cloud-deployed applications, including Containers and VMs, through secure configurations and periodic security reviews.
Mentoring & Training:
Lead efforts in mentoring and training the engineering development community and facilitate the adoption of shift-left security practices.
Lead new initiatives to add value to Secure Software Development Lifecycle (SDL) processes and procedures.
You Must Have:
Educational Background:
Bachelor's degree or equivalent work experience in Cyber Security or Information Technology.
Experience:
6+ years of experience in Cyber Security or Information Technology.
Interpersonal Skills:
Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders.
We Value:
Methodologies & Practices:
Understanding of Agile software development practices.
Familiarity with DevSecOps and CI/CD pipelines with specific tooling for security.
Certifications:
Information Security accreditation (e.g., CISSP, CSSLP, or other security-related certifications).
Cloud Security or Solutions Architecture certifications for Azure, AWS, or GCP.
Security Tool Knowledge:
Experience with widely used security tools such as:
SD Elements, BlackDuck Hub, Microsoft Threat Modeling Tool
SAST (e.g., Coverity, SonarQube), DAST (e.g., Burp, ZAP, AppSpider)
Fuzzing, Vulnerability management, and continuous monitoring tools.
Cryptography & Encryption:
Sound understanding of Cryptography, encryption algorithms, Public Key Infrastructure (PKI), Secure Boot, and Open-source risk management.
Leadership & Team Building:
Strong leadership and team-building skills. Ability to manage stakeholders across business verticals and regions.
Effective communicator with excellent relationship management skills, and strong analytical, decision-making, and problem-solving skills.
Continuous Learning & Development:
Must be a firm believer in continuous learning, upskilling the team on new-age skills, and developing the capabilities for new technologies.

Advanced Cyber Sec Archt/Engr

Job Description

Required Skills