Architect, Product Security Architecture & Risk Evaluation

United Technologies   •  

East Hartford, CT

Industry: Transportation


Not Specified years

Posted 94 days ago

This job is no longer available.

United Technologies Corporation (UTC; NYSC: UTX) is headquartered in Farmington, CT, just outside of Hartford, CT. We employ over 204,000 talented individuals globally, achieve net sales in excess of $60 billion, and invest $4B each year back into research & development activities. Our aerospace businesses include Pratt & Whitney aircraft engines and UTC Aerospace Systems – the combination of which make us the largest aerospace company in the world. Our commercial businesses include Otis elevators and escalators and UTC Climate, Controls & Security – a leading provider of heating, ventilation, air conditioning, fire and security systems and building automation controls.

United Technologies Corporation was founded by some of the world’s greatest inventors. We helped build the Second Industrial Revolution and brought about a century of urbanization and globalization. Now we need your help to build the next one.

Tech@UTC is the UTC technology organization, comprised of the global engineering function, several focused centers of expertise, our skunkworks organization – United Technologies Advanced Projects (UTAP), and our advanced Research & Development lab – United Technologies Research Center (UTRC). By combining a passion for science with precision engineering, we create smart, sustainable solutions that prove we can do the big things the right way. We put the “T” in UTC.

As great physical products like jet engines, elevators, avionics, HVAC, door locks, and smoke detectors get “smarter,” becoming increasingly connected, security becomes increasingly important. The mission of the newly created Product Security Center of Expertise (PSCOE) is to ensure the digital security of these products by (1) ensuring that security is built into the products before they ship, (2) operationally understanding risk to our products on a day-to-day basis, and (3) ensuring that we have a strong Product Security Incident Response Team (PSIRT) to respond effectively and quickly to any product security issues.

As Architect, Product Security Architecture & Risk Evaluation, you'll be part of the team responsible for coaching and advising hundreds of product teams on how to build security into their products, and how to handle incidents when things go wrong. This includes coaching engineering teams on the engineering discipline, technical architectures, business processes, and risk management frameworks needed to do security right in products through the entirety of the product lifecycle from inception through “end of life.

Key job responsibilities:

  • Effectively evaluate technical risks on securityarchitecture and code quality
  • Build credibility and trust with other engineers, helping them while working side by side with them, and coaching them on how to build security into products
  • Understand a broad range of software engineering methodologies including both agile and waterfall
  • Evaluate & articulate risk in practice as product teams & incident response teams continually improve their software engineering & product security talent, processes, and tooling
  • Help executives understand and scale the risks which their teams are running, and similarly understand the best opportunities for fastest & most efficient improvement

Qualification: Basic qualifications:

  • Experience with securityrisk evaluation in advisory or consulting capacities
  • Experience with embedded systems companies and/or physical product companies
  • Ability to rapidly learn deeply technical subjects, such as product security, and keep abreast with fast moving industries, such as security
  • Understanding of both agile and waterfall software development processes since many product teams are already agile and many product teams are earlier in that journey
  • Strong executive presence, whether in the boardroom, or 1:1 with business and engineering executives
  • Ability to serve stakeholders with large, geographically distributed teams

Preferred qualifications:

  • Experience with software and security engineering maturity and securityrisk evaluation models, including familiarity with the advantages and disadvantages of each.
  • Experience with securityarchitecture at scale, and fluent in a broad range of relevant product securityarchitectures, principles, components, and protocols
  • Familiarity with multiple Secure Development Lifecycle (SDL/SDLC) methodologies, either as practiced and published by leading software companies, or other organizations such as SAFECode, OWASP/SAMM, BSIMM, NIST 800-64, SSE-CMM, FAA/iCMM, and others
  • Familiarity with multiple product security compliance and strategy frameworks, along with the advantages and disadvantages of each
  • Experience with threat modeling, penetration testing and security tools
  • A great combination of risk-tolerance, impatience, optimism, empathy, and vision, and a burning desire to make a difference

Citizenship requirements: Candidate must be United States Citizen or Permanent Resident
Education: B.S. in Computer Science, Electrical Engineering, or related field.
Demonstrated history of success in multiple positions of increasing scope and responsibility, with a significant duration of experience and expertise spanning the full qualifications of this role

Citizenship requirements: Candidate must be United States Citizen or Permanent Resident