United Technologies Corporation Associate Dir, Product Security Architecture & Risk Evaluation in East Hartford, Connecticut
Job ID: 01302106
City: East Hartford
Country: United States
Category: Information Technology
Job Type: Full Time
United States of America
UT13: RC-CT - Corp 411 Silver Lane, East Hartford, CT, 06108 USA
United Technologies Corporation (UTC; NYSC: UTX) is headquartered in Farmington, CT, just outside of Hartford, CT. We employ over 204,000 talented individuals globally, achieve net sales in excess of $60 billion, and invest $4B each year back into research & development activities. Our aerospace businesses include Pratt & Whitney aircraft engines and Collins Aerospace – the combination of which make us the largest aerospace company in the world. Our commercial businesses include Otis elevators and escalators and UTC Climate, Controls & Security – a leading provider of heating, ventilation, air conditioning, fire and security systems and building automation controls.
United Technologies Corporation was founded by some of the world’s greatest inventors. We helped build the Second Industrial Revolution and brought about a century of urbanization and globalization. Now we need your help to build the next one.
Tech@UTC is the UTC technology organization, comprised of the global engineering function, several focused centers of expertise, our skunkworks organization – United Technologies Advanced Projects (UTAP), and our advanced Research & Development lab – United Technologies Research Center (UTRC). By combining a passion for science with precision engineering, we create smart, sustainable solutions that prove we can do the big things the right way. We put the “T” in UTC.
As great physical products like jet engines, elevators, avionics, HVAC, door locks, and smoke detectors get “smarter,” becoming increasingly connected, security becomes increasingly important. The mission of the newly created Product Security Center of Expertise (PSCOE) is to ensure the digital security of these products by (1) ensuring that security is built into the products before they ship, (2) operationally understanding risk to our products on a day-to-day basis, and (3) ensuring that we have a strong Product Security Incident Response Team (PSIRT) to respond effectively and quickly to any product security issues.
As Product Security Architect , you’ll be a senior technical leader of Product Security Team, actively responsible for coaching and advising hundreds of product teams on how to build security into their products, and how to handle incidents when things go wrong. This includes coaching engineering teams on the engineering discipline, technical architectures, business processes, and risk management frameworks needed to do security right in products through the entirety of the product lifecycle from inception through “end of life”.
Key Job Responsibilities
Advise engineering teams by effectively evaluating technical risks on security architecture and code quality, and be able to build credibility and trust with other engineers, helping them while working side by side with them, and coaching them on how to build security into products
Act in capacity of a trusted subject matter expert and business risk professional who understands a broad range of software engineering methodologies including both agile and waterfall, and who can effectively evaluate & articulate risk in practice as product teams & incident response teams continually improve their software engineering & product security talent, processes, and tooling
Help executives understand and scale the risks which their teams are running, and similarly understand the best opportunities for fastest & most efficient improvement
Qualifications & Competencies
Experience with security risk evaluation in advisory or consulting capacities
Ability to quickly build and leverage trust with multiple engineering teams
Experience working with various technology stacks, and ability to quickly and efficiently pick up and analyze new product architectures and processes
Ability to rapidly learn deeply technical subjects, such as product security, and keep abreast with fast moving industries, such as security
Understanding of both agile and waterfall software development processes since many product teams are already agile and many product teams are earlier in that journey
Strong experience with architecture reviews and threat modeling
Strong experience with static and dynamic analysis tools, including findings analysis, defect triage, and related risk analysis
Leveled attitude toward security and business considerations
Strong presentation skills, ability to conduct security training to not only transfer knowledge, but also to inspire engineering teams, including senior engineers and architects, and other security leads
Strong experience coaching teams on all aspects of product security
Strong experience with 3rd party and open source software analysis and related tools
Ability to serve stakeholders with large, geographically distributed teams
Strong experience performing security development lifecycle gap analysis, building concrete prioritized plans for individual engineering teams based on their environment, and providing assistance with implementation of related solutions
Experience with security architecture at scale, and fluent in a broad range of relevant product security architectures, principles, components, and protocols
Experience leading change through collaboration, empathy, and patience
Additional experience leading software engineering, or a track record of success, advising software engineering teams
Experience with software and security engineering maturity and security risk evaluation models, including familiarity with the advantages and disadvantages of each.
Familiarity with multiple Secure Development Lifecycle (SDL/SDLC) methodologies, either as practiced and published by leading software companies, or other organizations such as SAFECode, OWASP/SAMM, BSIMM, NIST 800-64, SSE-CMM, FAA/iCMM, and others
Familiarity with multiple product security compliance and strategy frameworks, along with the advantages and disadvantages of each
Experience with penetration testing and security tools
Experience with embedded systems companies and/or physical product companies
A great combination of risk-tolerance, impatience, optimism, empathy, and vision, and a burning desire to make a difference
Education & Experience
- B.S. in Computer Science, Electrical Engineering, or related field
Citizenship requirements: Candidate must be United States Citizen or Permanent Resident
United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Click on this link to read the Policy and Terms
United Technologies Corporation is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.
Thank you for your interest in a career at United Technologies! We will soon upgrade to an improved job application system to simplify the apply experience. You will still be able to apply to any of our current job openings through December 18, 2018. On January 2, 2019, our new and improved job application system will launch; please check back on that date to see all of our job openings.