As Carrier emerges as an independent, standalone company, the Carrier Technology and Engineering organization is transforming. This new multi-disciplinary organization will ensure Carrier's lead position in the market through investments in advanced research, technologies and methods that will shape the future of our products. We are looking for top talent that can lead research activities in specific disciplines, and drive results into our business units, our products, and ultimately deliver value for our valued customers.
Willis Carrier invented the first modern air-conditioning system in 1902 and changed how people live, work, and play. Today, Carrier needs your talent to build upon this legacy and to deliver what's next for the modern world.
Carrier is seeking a highly motivated and results driven Product Cyber Security Pentester to join and enhance the Product Cyber Security team. The team is responsible for driving the product cyber security strategy to strengthen the cyber security posture of legacy and go-forward Carrier products and services. While the position is focused on dynamic testing, the engineer is required to have adequate understanding of different aspects of the product life cycle, including pre-development, development and post-release.
Roles & Responsibilities:
The candidate will:
- Support various global teams across Carrier in the architectural review and penetration testing of products and provide design solutions for fixing the vulnerabilities
- Serve as an elite pentesting resource that can mentor and train other engineers while advancing the capability within Carrier by building testbeds and automated testing platforms.
- Work with the global engineering teams to establish cyber security design policies and ensure that these policies are incorporated into product design, with requirements traceability and system validation and verification
- Showcase exploitations with clear kill chains and provide clarity on the risk associated with the attacks
Education / Experience / Qualifications:
- Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline (at a minimum)
- 6+ years of cyber security engineering and software systems development experience
- 4+ years solid experience with cyber security penetration test involving both manual as well as use of automated tools. Example tools include Kali Linux, AppScan, Burp Suite
- Experience with reverse engineering and fuzz testing
- Experience with mobile app testing, database testing, protocol testing and certificate management
- Strong product development background with various languages such as C,C++, C#, Java, Python
- Working knowledge of various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems
- Knowledge of different types of security vulnerabilities and safeguards at different layers of hierarchical systems, including the embedded layer and system layer
- Specific focus on embedded systems hacking and exposing n-day vulnerabilities a plus
- Cyber Security certifications such as OSCP, CEH, CISSP, GSEC is a plus