Innovate to solve the world's most important challenges

The Lead Penetration Tester reports to the Enterprise Security Assurance Leader in HGS and will be responsible for detecting and preventing vulnerabilities in application before moving to production. This role will partner with the Architects, Business Stakeholders, Project Managers and Developers to ensure Code, Configuration and Infrastructure are implemented as per Honeywell Secure Policies and Standards to prevent any security exposures in production. He/She will also be accountable for the quality of deliverables, coverage, and completion of the prescribed security assessment/execution on time.

\n

KEY RESPONSIBILITIES

\n\nReview the design, architecture, implementation and create penetration test scope, strategy and plan.\nPerform security reviews of application designs, source code and deployments as required, covering all types of applications (Web application, Web services, Mobile applications, Thick client applications, SaaS, Infrastructure, Cloud and GEN AI)\nRun & analyze the penetration test (Manual & Automated) and pinpoint the security issues and suggest counter measures for security improvements.\nAdept at selecting and utilizing appropriate technologies and security controls to remediate findings effectively.\nKeep up to date with evolving cyber threats and identify any new and sophisticated methods of detecting vulnerabilities and countermeasures.\nHighly customer focused and motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.\nGood understanding of secure software development lifecycle process.\nKnowledge of requirement gathering, planning, and creating test plans.\nExperience in stakeholder management, delivery pipeline and quality management.\nContribute to the creation of security awareness materials for the organization.\n\n

 

\n

YOU MUST HAVE

\n\nMust be eligible for USG Security Clearance\nBachelor’s degree from an accredited institution in a technical discipline such as the sciences, technology, engineering, or mathematics\n10+ years of hands-on experience in Security/PEN Testing practices.\nExpert level knowledge in any one of the following programming languages: Python, PowerShell, Java.\nExceptional behaviors and interpersonal skills, with the ability to convey complex technical concepts to non-technical stakeholders\n\n

 

\n

WE VALUE

\n\nHands-on experience in application penetration testing (Web, API, Mobile, Thick Client, Network, Cloud, GEN AI) without or with tools such as but not limited to...Kali Linux, Burp Suite, Nmap, ZAP, Metasploit, Nessus, Qualys etc.\nGood Knowledge and experience on OWASP Top 10 Methodologies, SANS Top 25, Mitre/NIST framework and how to effectively remediate vulnerabilities associated with each.\nRelevant certifications such as CISSP, CCSP or OSCP are desirable.\nShould be able to think \"out of the box\". Possess ability to implement new attack approaches/vectors, and provide technical guidance and mentorship to team members.\nHighly customer focused and motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.\nExcellent oral and written communication skills and ability to convey complex technical concepts to stakeholders.\nAdditional InformationJOB ID: HRD257568Category: EngineeringLocation: 21111 N. 19th Ave (Deer Valley),Phoenix,Arizona,85027,United StatesExemptGlobal (ALL)

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.