▷ High Salary Advanced Cyber Sec Archt/Engr

Job Description - Key Responsibilities: - Regulatory Compliance & Certification: - Good understanding of design objectives such as DO-178B/C, DO-326A, DO-355, and DO-356A to support continuous airworthiness of aircraft from safety and security perspectives. - Experience in certifying and meeting compliance for embedded products used in aircraft cockpits with certifying authorities like FAA and EASA. - Security Architecture & Risk Management: - Lead efforts with development teams to manage product risk and apply the appropriate security controls. - Drive secure architecture by design, perform security risk assessments, and apply defense-in-depth approach with multilayered security controls. - Identify security gaps and define remediation approaches using security controls during risk assessments. - Threat Modeling & Communication: - Expertise in threat modeling of both embedded products and web applications, effectively communicating security risks to the program teams in advance. - Guidance & Best Practices: - Provide security architecture guidance and support to a large development organization to promote security by design principles. - Drive best-in-class security requirements into product and service offerings. - Provide architecture and best practices guidance in building secure Honeywell products. - Security Process Activities: - Support product security processes such as threat modeling, security requirements, security reviews, threat vulnerability assessments, and risk management for aerospace applications. - Secure Development & Cloud Security: - Have a background in product architecture and development with Secure Software Development Lifecycle (SDLC) experience. - Understand security by design principles and remain up-to-date on emerging security threats and techniques. - Experience in developing, securing, and driving security requirements for Embedded & IIoT-based Avionics Products on RTOS platforms such as VxWorks and Deos. - Experience with securing Commercial Cloud, Hybrid, and Private cloud-deployed applications, including Containers and VMs, through secure configurations and periodic security reviews. - Mentoring & Training: - Lead efforts in mentoring and training the engineering development community and facilitate the adoption of shift-left security practices. - Lead new initiatives to add value to Secure Software Development Lifecycle (SDL) processes and procedures. - You Must Have: - Educational Background: - Bachelor's degree or equivalent work experience in Cyber Security or Information Technology. - Experience: - 6+ years of experience in Cyber Security or Information Technology. - Interpersonal Skills: - Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders. - We Value: - Methodologies & Practices: - Understanding of Agile software development practices. - Familiarity with DevSecOps and CI/CD pipelines with specific tooling for security. - Certifications: - Information Security accreditation (e.g., CISSP, CSSLP, or other security-related certifications). - Cloud Security or Solutions Architecture certifications for Azure, AWS, or GCP. - Security Tool Knowledge: - Experience with widely used security tools such as: - SD Elements, BlackDuck Hub, Microsoft Threat Modeling Tool - SAST (e.g., Coverity, SonarQube), DAST (e.g., Burp, ZAP, AppSpider) - Fuzzing, Vulnerability management, and continuous monitoring tools. - Cryptography & Encryption: - Sound understanding of Cryptography, encryption algorithms, Public Key Infrastructure (PKI), Secure Boot, and Open-source risk management. - Leadership & Team Building: - Strong leadership and team-building skills. Ability to manage stakeholders across business verticals and regions. - Effective communicator with excellent relationship management skills, and strong analytical, decision-making, and problem-solving skills. - Continuous Learning & Development: - Must be a firm believer in continuous learning, upskilling the team on new-age skills, and developing the capabilities for new technologies.