Cyber Security Automation Engineer

Country:

India

Location:

Building No: 12C, Floor 9,10,11, Building No: 12B -Stilt floor, Raheja Mindspace, Cyberabad, Madhapur, Hyderabad - 500081, Telangana, India

Role:Security Automation Engineer

Location: Hyderabad

Full/ Part-time: full time

Build a career with confidence

Carrier Global Corporation, global leader in intelligent climate and energy solutions is committed to creating solutions that matter for people and our planet for generations to come. From the beginning, we've led in inventing new technologies and entirely new industries. Today, we continue to lead because we have a world-class, diverse workforce that puts the customer at the center of everything we do.

About the role

• About this role

Seeking a motivated Security Automation Engineer to join our high-performing engineering team to provide impactful guidance to drive the delivery of secured products and services. In this role, you will help strengthen the security posture and drive the competitive advantage of our comprehensive product portfolio to protect buildings, people, and assets, providing innovative security products that include advanced software and hardware, IP solutions, wireless communications, and electronic locking systems, and mobile applications. 
 

As part of this team, you will work to develop and maintain secure software and controls to support the Software Development Lifecycle (SDLC) for legacy and strategic products. This role is responsible for the implementation of controls to ensure customer software is free from vulnerabilities that can be exploited by an attacker. The ideal candidate would have Security and DevSecOps expertise with the ability to adapt to several different development environments and willingness to be part of a strong team, willing to contribute in a variety of capacities.

Role Responsibilities:

As a Security Automation Engineer, you will focus on the Security by Design of our products and be able to establish, maintain, monitor, and communicate privacy and secure resiliency within our product offerings. Day-to-day responsibilities vary, including but not limited to:

• Provide security guidance and technical assessments to all stakeholders
• Provide incident response assistance when there are possible sources of disruption of information and cyber malicious acts and vulnerabilities.
• Develop and implement DevSecOps and Product Security strategies for SaaS, On-Premises, and Mobile solutions
• Assurance of secure operations, response, support, and channel engagement for all offerings.
• Build internal scripts, and automate tools and methodologies to enhance security DevSecOps capabilities.
• Monitor CI security findings and work with product teams to suggest appropriate corrective actions such as upgrading open-source libraries, tuning configurations, and developing correlation rules.
• Work with Engineering and security principles to ensure remediation of vulnerabilities.
• Assemble tools to support the hardening and testing of software and operating systems.
• Develop automated tooling to aid security engineers, QA & penetration testers in performing security assessments.
• Perform and participate in web application testing, source code reviews, threat analysis, and security vulnerability mitigation as needed.
• Product innovation and differentiation leveraging cybersecurity capabilities and expertise 
• Drive secure development principles, practices, and activities within engineering and production to help quantify cybersecurity risk, issues, and defects within our offerings and partner eco-system, such that teams may appropriately characterize, manage, and remediate to standards. 
• Coordinate with delivery teams to help scope projects, define cybersecurity requirements, perform gap analysis, refine functional requirements, and road map residual cyber risk. 
• Perform threat modeling in coordination with delivery teams, security assurance testing, cyber risk assessment, security reviews, and threat vulnerability assessment for all offerings.
• Provide audit, analysis, and review support for certification, standards, and governance.
• Provide reporting to program teams regarding production risk, health metrics progress, and set action items.

Minimum Requirements:

• 5-8 years of experience in the Cybersecurity field, with prior 3-5 yrs of SW development experience
• Development or scripting experience in either Node.JS, PowerShell, Python
• Proficient in Windows and Linux operating systems
• Data encryption / crypto communications and encryption key management
• Familiar with container security practices (Docker, Kubernetes)
• Experience with SaaS technologies security
• Knowledge of state of the art in security analysis tools and product security safeguards such as SAST, DAST, Fuzz testing, and OpenSource scanning.
• Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, JWT, etc.)
• Understanding of package managers (Maven, NPM, dpkg, NuGet, etc.)
• Excellent communication skills
• Ability to adapt quickly to supported technologies
• Cross-functional and multi-domain technical aptitude 
• Diverse technical domain experience (ex., Embedded, Enterprise, Mobile, Cloud, etc.)
• Excellent cybersecurity depth and breadth knowledge and SW engineering skills
• Strong experience with secure SW development lifecycle, practices, and activities
• Strong experience with secure by design principles and architecture level security concepts
• Demonstrated expertise for working w/ cross-functional engineering teams handling complex challenges, delivering results
• Experience in Cyber Security assessments like threat modeler, Microsoft threat modeling, and mitigating cyber risks.
• Exposure to basic malware analysis, digital forensics such as participation with incident response red and/or blue teaming, risk vulnerability analysis, and Open Source platforms
• Knowledge of ISO 27001, CSA, RMF, NIST CSF, or related security standards and frameworks.
• Integration experience with vulnerability or ticket management systems such as Jira
• Technical expertise with cloud computing such as Microsoft Azure or Amazon AWS, scripting languages, and integrating 3rd party monitoring tools
• Experience and understanding of Agile software development practices.
• Bachelor’s in computer science field preferably in either computer science, software engineering, Information Assurance, and Cyber Defense or Computing Security. Equivalent experience in lieu of a college degree will be considered with a minimum of one or more certifications demonstrating deep practical knowledge such as CSSLP, CISSP, CISM, GPEN, CCSP, CCSK, AWS Solutions Architect Professional, et. Al.

• Additional Job Description

Summary
Established Cybersecurity professional. Collects data from a variety of Computer Network Defense (CND) tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyze events that occur within their environment.
Job Description

• Supports, designs and develops new systems, applications, and solutions for cybersecurity platforms
• Supports the integration of new cyber architectural features into existing infrastructures.
• Provides architectural analysis of cybersecurity solutions and relates existing systems to future needs and trends.
• Recommends incident response procedures and researches potential network vulnerabilities.
• Supports identity access management initiatives internally. Participates in internal and external cyber audits.

Minimum Requirements
Requires theoretical to advanced knowledge obtained through a University degree, combined with experience
Practical knowledge of Carrier organization, programs or systems with the ability to make enhancements and leverage in daily work
University Degree or equivalent
A minimum of 3 years prior relevant experience

Benefits

We are committed to offering competitive benefits programs for all of our employees and enhancing our programs when necessary.

• Have peace of mind and body with our health insurance
• Drive forward your career through professional development opportunities
• Achieve your personal goals with our Employee Assistance Programme

Our commitment to you

Our greatest assets are the expertise, creativity and passion of our employees. We strive to provide a great place to work that attracts, develops and retains the best talent, promotes employee engagement, fosters teamwork and ultimately drives innovation for the benefit of our customers. We strive to create an environment where you feel that you belong, with diversity and inclusion as the engine to growth and innovation. We develop and deploy best-in-class programs and practices, providing enriching career opportunities, listening to employee feedback and always challenging ourselves to do better. This is The Carrier Way.

Join us and make a difference.

Apply Now!

Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Job Applicant's Privacy Notice:

Click on this link to read the Job Applicant's Privacy Notice