Sr Security EngineerBusiness Unit Carrier Job ID 30074287 City Pittsford State New York Country United States
Country:United States of America
Location:CALEN: LenelS2 Pittsford NY 1212 Pittsford - Victor Road , Pittsford, NY, 14534 USA
Job Description : Senior Security Engineer
LenelS2 is a global leader in advanced security systems developing innovative solutions to protect buildings, people, and assets. Incorporating open architecture and third-party interfacing, LenelS2’s enterprise software manages multiple best-in-class systems to provide a single, seamless security solution for customers worldwide, including corporate and government segments.
LenelS2 is a part of Carrier, a leading provider of heating, ventilating, air conditioning and refrigeration systems, building controls and automation, and fire and security systems, leading to safer, smarter, sustainable, and high-performance buildings.
LenelS2 is seeking a motivated Senior Security Engineer to join our high-performing engineering team to provide impactful guidance to drive the delivery of secured products and services. In this role, you will help strengthen the security posture and drive the competitive advantage of our comprehensive product portfolio to protect buildings, people, and assets, providing innovative security products that include advanced software and hardware, IP solutions, wireless communications, electronic locking systems, and mobile applications.
The position will report to the Security Engineering group located in Pittsford, NY. As part of this team, you will work to develop and maintain secure software and controls to support the Software Development Lifecycle (SDLC) for legacy and strategic products. This role is responsible for the implementation of controls to ensure customer software is free from vulnerabilities that can be exploited by an attacker. The ideal candidate would have security expertise with the ability to adapt to several different development environments and a willingness to be part of a strong team to contribute in a variety of capacities.
As a Senior Security Engineer, you will focus on the Security by Design of our LenelS2 products and be able to establish, maintain, monitor, and communicate privacy and secure resiliency within LenelS2’s product offerings. Day to day responsibilities vary, including but are not limited to:
Provide integration of product development per Secure Development Lifecycle (SDLC) with security policies and continuous improvement of information protection strategies and security maturity.
Provides technical security direction on feature implementation & contributes to secure workflows for new product features.
Responsibility for developing, maintaining, and publishing information security standards, procedures, and guidelines.
Provide security guidance, technical assessments, and education to all stakeholders, including information “owners,” corporate security officers, IT associates, designers and customers.
Be able to work directly with members of various departments within LenelS2, their customers, as well as across various Business Units within Carrier, including but not limited to Technical Support, Quality Assurance, Engineering, Carrier Product Cyber Groups.
Provide incident response assistance when there are possible sources of disruption of information and cyber malicious acts and vulnerabilities.
Implement programs for security compliance and monitoring.
Build internal scripts to automate tools and methodologies to enhance security DevSecOps capabilities.
Work with Engineering and security principles to prioritize and implement remediation of vulnerabilities.
Assemble tools to support the hardening and testing of software and operating systems.
Develop automated tooling to aid security engineers, QA & penetration testers in performing security assessments.
Perform and participate in web application testing, source code reviews, threat analysis, and security vulnerability mitigation as needed.
Drives secure development principles, practices, and activities within engineering and production to help quantify cybersecurity risk, issues, and defects within LenelS2 offerings and partner eco-system, such that teams may appropriately characterize, manage, and remediate to standard.
Coordinates with production to help scope projects, define cybersecurity requirements, perform gap analysis, refine functional requirements, and road map residual cyber risk
Provides audit, analysis, and review support for certification, standards, governance.
Provide reporting to program teams regarding production risk, health metrics progress, and set action items.
Skills, Experience, and Education Requirements
BAS in computer science field preferably in either computer science, software engineering, Information Assurance, and Cyber Defense or Computing Security. Equivalent experience in lieu of a college degree will be considered with a minimum of one or more certifications demonstrating deep practical knowledge such as CSSLP, CISSP, CISM, GPEN, CCSP, CCSK, AWS Solutions Architect Professional, et. Al
Experience with C++, .NET, Node.JS, scripting languages, and integrating 3rd party monitoring tools
Proficient in Windows and Linux operating systems and server technology
Data encryption / crypto communications and encryption key management
Experience with SaaS technologies security and cloud computing (Microsoft Azure or Amazon AWS)
Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, JWT, etc.)
Experience developing highly scalable applications using service-oriented, microservice, and/or RESTful
Experience in training engineering teams in security controls
Exceptional cross-functional and multi-domain technical aptitude
Diverse technical domain experience (ex., Embedded, Enterprise, Mobile, Cloud, etc.)
Subject matter expertise of secure SW development lifecycle, practices, and activities
Experience with secure by design principles and architecture level security concepts
Experience in Cyber Security assessments like threat modeler, Microsoft threat modeling, mitigating cyber risks
Knowledge of state of art in security analysis tools and product security safeguards such as SAST, DAST, Fuzz testing, and OpenSource scanning.
Knowledge and experience with ISO 27001, CSA, RMF, SOC2, NIST CSF, or related security standards, frameworks, or certifications preferred.
Ability to adapt quickly to supported technologies
Understanding of Agile software development practices
Able to meet travel requirements – Less than 10% of the time
US Citizen or Permanent Resident.
COVID-19 vaccines will be required for all newly hired Carrier employees
Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Job Applicant's Privacy Notice:
Click on this link to read the Job Applicant's Privacy Notice