Lead Penetration Tester

The Lead Penetration Tester reports to the Enterprise Security Assurance Leader in HGS and will be responsible for detecting and preventing vulnerabilities in applications before moving to production. This role will partner with the Architects, Business Stakeholders, Project Managers, and Developers to ensure Code, Configuration, and Infrastructure are implemented as per Honeywell Secure Policies and Standards to prevent any security exposures in production. He/She will also be accountable for the quality of deliverables, coverage, and completion of the prescribed security assessment/execution on time.

This position can sit remotely out of Charlotte, NC, Atlanta, GA, Phoenix, AZ, or Minneapolis, MN.

1. Review the design, architecture, implementation and create penetration test scope, strategy and plan.
2. Perform security reviews of application designs, source code and deployments as required, covering all types of applications (Web application, Web services, Mobile applications, Thick client applications, SaaS, Infrastructure, Cloud and GEN AI).
3. Run & analyze the penetration test (Manual & Automated) and pinpoint the security issues and suggest countermeasures for security improvements.
4. Adept at selecting and utilizing appropriate technologies and security controls to remediate findings effectively.
5. Keep up to date with evolving cyber threats and identify any new and sophisticated methods of detecting vulnerabilities and countermeasures.
6. Highly customer focused and motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team-oriented environment.
7. Good understanding of secure software development lifecycle process.
8. Knowledge of requirement gathering, planning, and creating test plans.
9. Experience in stakeholder management, delivery pipeline and quality management.
10. Contribute to the creation of security awareness materials for the organization.

1. Must be eligible for USG Security Clearance.
2. Bachelor’s degree from an accredited institution in a technical discipline such as the sciences, technology, engineering, or mathematics.
3. 10+ years of hands-on experience in Security/PEN Testing practices.
4. Expert level knowledge in any one of the following programming languages: Python, PowerShell, Java.
5. Exceptional behaviors and interpersonal skills, with the ability to convey complex technical concepts to non-technical stakeholders.

1. Hands-on experience in application penetration testing (Web, API, Mobile, Thick Client, Network, Cloud, GEN AI) without or with tools such as but not limited to Kali Linux, Burp Suite, Nmap, ZAP, Metasploit, Nessus, Qualys etc.
2. Good Knowledge and experience on OWASP Top 10 Methodologies, SANS Top 25, Mitre/NIST framework and how to effectively remediate vulnerabilities associated with each.
3. Relevant certifications such as CISSP, CCSP or OSCP are desirable.
4. Should be able to think 'out of the box'. Possess ability to implement new attack approaches/vectors, and provide technical guidance and mentorship to team members.
5. Excellent oral and written communication skills and ability to convey complex technical concepts to stakeholders.

The annual base salary range for this position in Minnesota is $157k - $196k. This position is incentive eligible. Please note that this salary information serves as a general guideline. Honeywell considers various factors when extending an offer, including but not limited to the scope and responsibilities of the position, the candidate's work experience, education and training, key skills, as well as market and business considerations.

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.