United Technologies Corporation Jobs

UTC logo

Job Information

United Technologies Corporation Associate Dir, Product Security Architecture & Risk Evaluation in East Hartford, Connecticut

Job ID: 01302106

City: East Hartford

State: Connecticut

Country: United States

Category: Information Technology

Job Type: Full Time

Description:

Date Posted:

2019-03-22-07:00

Country:

United States of America

Location:

UT13: RC-CT - Corp 411 Silver Lane, East Hartford, CT, 06108 USA

United Technologies Corporation (UTC; NYSC: UTX) is headquartered in Farmington, CT, just outside of Hartford, CT. We employ over 204,000 talented individuals globally, achieve net sales in excess of $60 billion, and invest $4B each year back into research & development activities. Our aerospace businesses include Pratt & Whitney aircraft engines and Collins Aerospace – the combination of which make us the largest aerospace company in the world. Our commercial businesses include Otis elevators and escalators and UTC Climate, Controls & Security – a leading provider of heating, ventilation, air conditioning, fire and security systems and building automation controls.

United Technologies Corporation was founded by some of the world’s greatest inventors. We helped build the Second Industrial Revolution and brought about a century of urbanization and globalization. Now we need your help to build the next one.

Tech@UTC is the UTC technology organization, comprised of the global engineering function, several focused centers of expertise, our skunkworks organization – United Technologies Advanced Projects (UTAP), and our advanced Research & Development lab – United Technologies Research Center (UTRC). By combining a passion for science with precision engineering, we create smart, sustainable solutions that prove we can do the big things the right way. We put the “T” in UTC.

As great physical products like jet engines, elevators, avionics, HVAC, door locks, and smoke detectors get “smarter,” becoming increasingly connected, security becomes increasingly important. The mission of the newly created Product Security Center of Expertise (PSCOE) is to ensure the digital security of these products by (1) ensuring that security is built into the products before they ship, (2) operationally understanding risk to our products on a day-to-day basis, and (3) ensuring that we have a strong Product Security Incident Response Team (PSIRT) to respond effectively and quickly to any product security issues.

As Product Security Architect , you’ll be a senior technical leader of Product Security Team, actively responsible for coaching and advising hundreds of product teams on how to build security into their products, and how to handle incidents when things go wrong. This includes coaching engineering teams on the engineering discipline, technical architectures, business processes, and risk management frameworks needed to do security right in products through the entirety of the product lifecycle from inception through “end of life”.

Key Job Responsibilities

  • Advise engineering teams by effectively evaluating technical risks on security architecture and code quality, and be able to build credibility and trust with other engineers, helping them while working side by side with them, and coaching them on how to build security into products

  • Act in capacity of a trusted subject matter expert and business risk professional who understands a broad range of software engineering methodologies including both agile and waterfall, and who can effectively evaluate & articulate risk in practice as product teams & incident response teams continually improve their software engineering & product security talent, processes, and tooling

  • Help executives understand and scale the risks which their teams are running, and similarly understand the best opportunities for fastest & most efficient improvement

Qualifications & Competencies

Basic qualifications:

  • Experience with security risk evaluation in advisory or consulting capacities

  • Ability to quickly build and leverage trust with multiple engineering teams

  • Experience working with various technology stacks, and ability to quickly and efficiently pick up and analyze new product architectures and processes

  • Ability to rapidly learn deeply technical subjects, such as product security, and keep abreast with fast moving industries, such as security

  • Understanding of both agile and waterfall software development processes since many product teams are already agile and many product teams are earlier in that journey

  • Strong experience with architecture reviews and threat modeling

  • Strong experience with static and dynamic analysis tools, including findings analysis, defect triage, and related risk analysis

  • Leveled attitude toward security and business considerations

  • Strong presentation skills, ability to conduct security training to not only transfer knowledge, but also to inspire engineering teams, including senior engineers and architects, and other security leads

  • Strong experience coaching teams on all aspects of product security

  • Strong experience with 3rd party and open source software analysis and related tools

  • Ability to serve stakeholders with large, geographically distributed teams

  • Strong experience performing security development lifecycle gap analysis, building concrete prioritized plans for individual engineering teams based on their environment, and providing assistance with implementation of related solutions

  • Experience with security architecture at scale, and fluent in a broad range of relevant product security architectures, principles, components, and protocols

Preferred qualifications:

  • Experience leading change through collaboration, empathy, and patience

  • Additional experience leading software engineering, or a track record of success, advising software engineering teams

  • Experience with software and security engineering maturity and security risk evaluation models, including familiarity with the advantages and disadvantages of each.

  • Familiarity with multiple Secure Development Lifecycle (SDL/SDLC) methodologies, either as practiced and published by leading software companies, or other organizations such as SAFECode, OWASP/SAMM, BSIMM, NIST 800-64, SSE-CMM, FAA/iCMM, and others

  • Familiarity with multiple product security compliance and strategy frameworks, along with the advantages and disadvantages of each

  • Experience with penetration testing and security tools

  • Experience with embedded systems companies and/or physical product companies

  • A great combination of risk-tolerance, impatience, optimism, empathy, and vision, and a burning desire to make a difference

Education & Experience

  • B.S. in Computer Science, Electrical Engineering, or related field

Citizenship requirements: Candidate must be United States Citizen or Permanent Resident

United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms

Qualification:

United Technologies Corporation is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.

Thank you for your interest in a career at United Technologies! We will soon upgrade to an improved job application system to simplify the apply experience. You will still be able to apply to any of our current job openings through December 18, 2018. On January 2, 2019, our new and improved job application system will launch; please check back on that date to see all of our job openings.

DirectEmployers