Job Description

Innovate to solve the world\'s most important challenges Innovate to solve the world\'s most important challenges The future is what you make it. When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future. That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars. Working at Honeywell isn\'t just about developing cool things. That\'s why all of our employees enjoy access to dynamic career opportunities across different fields and industries. Are you ready to help us make the future Honeywell Connected Enterprise (HCE) is a global leader for products and technologies that are installed in more than 10 million buildings, aircraft, and facilities worldwide. We are a pioneer in the Internet of Things, developing the next generation of connected offerings. Are you someone who wants to drive real improvements into real products in an environment which has a strong organizational support for product security In the role of Senior Manager for Forge Core Services & Performance+ cloud native revenue generating products, you will join a growing Product Security team overseeing the posture of Forge Core Services offerings and driving security by design of the cloud offerings.The Senior Manager will report to the Product Security Leader and will successfully deliver secure cloud software products through standardized and defined Secure SDLC processes. Responsibilities: Lead and manage a team of Security Architects supporting Secure SDLC phases, compliance, and governance for SaaS platform deliveries Perform security reviews of critical business projects Interface with engineering management and leadership to drive secure initiatives, planning, and resolve issues and conflicts early and within development lifecycle Facilitate secure engagement activities including security requirements, threat modeling, vulnerability analysis, and risk assessment Coordinate security incident and response activities, performing analysis, collaboration with engineering, and drive resolution of incidents Identify and drive process efficiency and optimization within the team, allocation of resources, ensuring milestones and targets are achieved .Mentor engineering and security architects in secure SDLC practices and security reviews promote and engage security advocacy within engineering teams .Monitor and manage product risks, ensure key stakeholders are informed, plan and communicate intended outcomes .Coordinate and collaborate with internal and external stakeholders including engineering, quality assurance, security architecture, governance, and certification entities to achieve department goals, risk reduction, and milestones .Ensure security requirements are understood and applied in accordance with HGS policies, applicable country laws, and regulations .Promote and apply Zero Trust architecture and principles throughout service offerings .Oversee cloud security posture, drive infrastructure-as-code (IaC) adoption through DevOps and further development of enforcing policies in Defender for Cloud .Hire and develop additional personnel, coaching, mentorship, and career growth opportunities You must have: Bachelor\'s Degree 15+ years in Software Development 8+ years in leading a team of highly technical people 3+ years of experience with a public cloud such as AWS, Azure, GCP Ability to perform threat modeling of cloud-based systems We value: Secure software development lifecycle (SSDLC) experience Experience in Agile Methodologies Ability to identity and define project scope and level of effort Ability to identify and remediate issues early, analyze, and propose alternative solutions .Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders .Passion for achieving results and continual self-improvement .Experience and knowledge of Public Cloud Provider (e.g., Azure, AWS, GCP) security controls and capabilities (e.g., DDoS, Firewalls, WAF, Network Segregation) Deep understanding and experience of multi-layer security controls ensuring confidentiality, integrity, and availability .Understanding of Internet of Things (IOT) security concerns, architecture, and controls .Experience with Identity and Access Management security solutions and protocols (e.g., SAML, OpenID, and OAuth) .Experience and understanding of Container/Kubernetes security and controls .Considerable experience with security tools (e.g., SAST/DAST, SCA, vulnerability scanning, penetration testing) .Understanding of security by design principles, architecture level security, API security, and Zero Trust security concepts .Up to date knowledge of current and emerging security threats and techniques for exploiting security weaknesses .In-depth knowledge and understanding of OWASP Top 10 and CWE Top 25, including assessment and remediation strategy .Understanding of National and International regulatory and compliance standards .Certifications in security demonstrating deep practical knowledge such as CSSLP, CCSP, or CISSP Master\'s Degree

foundit