Advanced Cybersecurity Penetration Tester

The future is what you make it. 

Honeywell (www.honeywell.com) is a Fortune 100 software-industrial company that delivers industry specific solutions that include aerospace and automotive products and services; control technologies for buildings, homes, and industry; and performance materials globally.

Our technologies help everything from aircraft, cars, homes and buildings, manufacturing plants, supply chains, and workers become more connected to make our world smarter, safer, and more sustainable.

Working at Honeywell isnt just about developing cool things. But also, our employees enjoy access to dynamic career opportunities across different fields and industries.

Are you ready to help us make thefuture?

 The Honeywell Global Security (HGS) business believes in integrating security into all aspects of our business to protect the people, processes, and assets by which Honeywell achieves its greater mission. Advancements in technology, contractual and regulatory requirements, emerging threats, and Honeywells growth worldwide continue to challenge all of us to ensure everything we do in business is secure.

The Advanced Cyber Security Penetration Tester reports to the Enterprise Security Assurance Leader in HGS and will be responsible for detecting and preventing vulnerabilities in application before moving to production. This role will partner with the Architects, Business Stakeholders, Project Managers and Developers to ensure Code, Configuration and Infrastructure are implemented as per Honeywell Secure Policies and Standards to prevent any security exposures in production. Will also be accountable for the quality of deliverables, coverage, and completion of the prescribed security assessment/execution on time.

KEY RESPONSIBILITIES

• Review the application design, architecture, business flow, implementation and identify security/PEN testing scope and recommendations.
• Execute penetration test cases validating against Industry standard test check list and document every results.
• Demonstrate manual penetration testing; must be able to simulate SQL injection, CSRF etc without tools, simulate XSS attack, X-Path Injection etc.
• Identify the security issues, weakness and suggest counter measures for remediation and security improvements.
• Prepare security assessment report leveraging the customized template with POCs.
• Adept at selecting and utilizing appropriate technologies to solve complex problems effectively.
• Keep up to date with evolving cyber threats and identify any new and sophisticated methods of detecting vulnerabilities.

U.S. PERSON REQUIREMENTS

 Due tocompliance with U.S. export control laws and regulations, candidate must be aU.S. Person, which is defined as, a U.S. citizen, a U.S. permanent resident, orhave protected status in the U.S. under asylum or refugee status.

YOU MUST HAVE

• Bachelors Degree in related field such as Information Technology.
• 4+ years of hands-on experience in Security/PEN Testing practices.

WE VALUE

• Hands-on experience in application penetration testing (Web, API, Mobile, Thick Client, Infrastructure) without or with tools such as but not limited to...Kali Linux, Burp Suite, Nmap, ZAP, Metasploit, Nessus, Qualys etc.
• Good Knowledge and experience on OWASP Top 10
• Methodologies, SANS Top 25 and how to effectively remediate vulnerabilities associated with each.
• Scripting or development experience with Python, Bash, PowerShell, Java etc.
• Good to have professional certifications such as CEH or CPT or equivalent certification.
• Highly customer focused and motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.
• Effective oral and written communication.
• Exceptional behaviors and interpersonal skills.