Systems and Controls Technologies group, operating at the headquarters level of CCS and Otis, the two commercial divisions of United Technologies, is seeking a highly motivated and results driven Cyber Security Engineer to join and enhance Product Cyber Security team. The team is responsible for driving product cyber security strategy, to strengthen the cyber security posture of legacy and go-forward CCS and Otis products and services. This position covers different aspects of product life cycle, including pre-development, development and post-release.
UTC products continue providing differentiated features and services by increasing connectivity and harnessing the power of the Cloud, data analytics, IoT and novel integration mechanisms. As UTC continues defining and shaping new markets, the Cyber Security Team will play a crucial role and have direct measurable business impact. This position will be based in Gdansk, Poland as part of the Gdansk Research and Development Center (GRDC). Successful candidate will be required to travel internationally approximately 20% of the time.
- Serve as a mentor and lead newly created, Gdansk-based cyber security team.
- Work with global teams across CCS and Otis to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber-attacks, by ensuring adherence to the integrated secure development lifecycle process.
- Work with global engineering teams to establish cyber security design policies and ensure that these policies are incorporated into product design, with requirements traceability and system validation and verification.
- Continually enhance the capabilities of Gdansk cyber security team :
- Preparing actionable training and hiring plans
- Identification of technology and methodology gaps
- Participation and leading technical and industry committees
- Creation of discipline health score cards
- Develop and maintain plans for legacy product assessment and remediation, creating risk categories and prioritizations and closely working with business units to develop a clear plan of action
- Interface with global teams and share best practices and lessons learned
- Refine and support standard work associated with product cyber security incident response management
- Stay updated on latest cyber security hacking news, technologies and methodologies including:
- The latest attack methodologies including penetration testing and red-team methodologies.
- Latest forensic and incident response methodologies.
- Attend security or hacker conferences and build up a network of associates
- Work in an environment of continuous improvement, lean process and product development.
- Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline (at a minimum)
- 8+ years of cyber security engineering and software systems development experience
- In-depth experience and knowledge of requirements capture, cyber security threat modeling and systematic discovery of threats, as a part of Secure Development Lifecycle
- Knowledge of different types of security vulnerabilities and safeguards at different layers of hierarchical systems, including the embedded layer and system layer
- Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems
- Experience enforcing cyber security standards for software architectures, including ensuring that security standards are properly addressed and developing risk mitigation plans
- Intimate knowledge and experience with incident response management of cyber security reported as well as self-discovered vulnerabilities
- At least 2 years hands-on experience with penetration testing methodologies and tools
- Experience in program management or engineering project leadership of complex systems from the conceptual stage through to production for a global market. Intimate knowledge of software development methodologies and the software development lifecycle in agile as well as staged-gate process
- Knowledge of state of the art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools
- Excellent written and verbal communication and presentation skills, including presentation planning and delivery skills. Adept at communicating with globally disperse cross functional teams of design, marketing, service, manufacturing, aftermarket and R&D, including non-native English speaking team members.
- Prior product development background with various languages such as C,C++, C#, Java, Python
- Cyber Security certifications such as OSCP, CEH, CISSP, GSEC is a plus
- Working with a highly talented development team
- Friendly working atmosphere
- Flexible working hours
- Competitive salary
- Relocation package
- Opportunities to enhance English proficiency
- UTC's Employee Scholar Program
- The ability to advance within UTC
- Private medical care
- Pension plan with life insurance
- In house English lessons
- Participation in sport activities
- Lunch allowance
- Clear career path providing development opportunity