SR SECURITY ENGINEER

Date Posted:

2022-03-11-08:00Country:

United States of AmericaLocation:

CALEN: LenelS2 Pittsford NY 1212 Pittsford – Victor Road , Pittsford, NY, 14534 USASenior Security Engineer

About us:

LenelS2 is a global leader in advanced security systems developing innovative solutions to protect buildings, people, and assets. Incorporating open architecture and third-party interfacing, LenelS2’s enterprise software manages multiple best-in-class systems to provide a single, seamless security solution for customers worldwide, including corporate and government segments.

LenelS2 is a part of Carrier, a leading provider of heating, ventilating, air conditioning and refrigeration systems, building controls and automation, and fire and security systems leading to safer, smarter, sustainable, and high-performance buildings.

Position Summary:

LenelS2 is seeking a motivated Senior Security Engineer to join our high performing engineering team to provide impactful guidance to drive delivery of secured products and services. In this role you will help strengthen the security posture and drive competitive advantage of our comprehensive product portfolio to protect buildings, people, and assets, providing innovative security products that include advanced software and hardware, IP solutions, wireless communications, electronic locking systems, and mobile applications.

The position will report into the Security Engineering group located in Pittsford, NY. As part of this team you will work to develop and maintain secure software and controls to support the Software Development LifeCycle (SDLC) for legacy and strategic products. This role is responsible for implementation of controls to ensure customer software is free from vulnerabilities that can be exploited by an attacker. The ideal candidate would have security expertise with ability to adapt to several different development environments and willingness to be part of a strong team to contribute in a variety of capacities.

Responsibilities:

As a Senior Security Engineer you will focus on the Security by Design of our LenelS2 products and be able to establish, maintain, monitor and communicate privacy and secure resiliency within LenelS2’s product offerings. Day to day responsibilities vary including but not limited to:

• Provide integration of product development per Secure Development Lifecycle (SDLC) with security policies and continuous improvement of information protection strategies and security maturity.
• Provides technical security direction on feature implementation & contributes to secure workflows for new product features.
• Responsibility for developing, maintaining, and publishing information security standards, procedures, and guidelines.
• Provide security guidance, technical assessments and education to all stakeholders including information “owners,” corporate security officers, and IT associates, designees and customers.
• Be able to work directly with members of various departments within LenelS2, their customers as well as across various Business Units within Carrier including but not limited to Technical Support, Quality Assurance, Engineering, Carrier Product Cyber Groups.
• Provide incident response assistance when there is possible sources of disruption of information and cyber malicious acts and vulnerabilities.
• Implements programs for security compliance and monitoring.

• Build internal scripts, automate tools and methodologies to enhance security DevSecOps capabilities.
• Work with Engineering and security principles to prioritize and implement remediation of vulnerabilities.
• Assemble tools to support hardening and testing of software and operating systems.
• Develop automated tooling in order to aid security engineers, QA & penetration testers in performing security assessments.
• Perform and participate in web application testing, source code reviews, threat analysis, and security vulnerability mitigation as needed.

• Drives secure development principles, practices and activities within engineering and production to help quantify cybersecurity risk, issues, and defects within LenelS2 offerings and partner eco-system, such that teams may appropriately characterize, manage, and remediate to standard
• Coordinates with production to help scope projects, define cybersecurity requirements, perform gap analysis, refine functional requirements, and road map residual cyber risk
• Provides audit, analysis, and review support for certification, standards, governance.

• Provide reporting to program teams regarding production risk, health metrics progress and set action items.

Skills, Experience, and Education Requirements

• BAS in computer science field preferably in either computer science, software engineering, Information Assurance and Cyber Defense or Computing Security. Equivalent experience in lieu of college degree will be considered with a minimum of one or more of certifications demonstrating deep practical knowledge such as CSSLP, CISSP, CISM, GPEN, CCSP, CCSK, AWS Solutions Architect Professional, et. Al
• Experience with C++, .NET, Node.JS, scripting languages and integrating 3rd party monitoring tools
• Proficient in Windows and Linux operating systems and server technology
• Data encryption / crypto communications and encryption key management
• Experience with SaaS technologies security and cloud computing (Microsoft Azure or Amazon AWS)
• Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, JWT, etc.)
• Experience developing highly scalable applications using service-oriented, microservice, and/or RESTful
• Experience in training engineering teams in security controls
• Exceptional cross-functional and multi-domain technical aptitude
• Diverse technical domain experience (ex., Embedded, Enterprise, Mobile, Cloud, etc.)
• Subject matter expertise of secure SW development lifecycle, practices, and activities
• Experience with secure by design principles and architecture level security concepts
• Experience in Cyber Security assessments like threat modeler, Microsoft threat modeling, mitigating cyber risks
• Knowledge of state of the art in security analysis tools and product security safeguards such as SAST, DAST, Fuzz testing, and OpenSource scanning.
• Knowledge and experience with ISO 27001, CSA, RMF, SOC2, NIST CSF, or related security standards, frameworks or certifications preferred.
• Ability to adapt quickly to supported technologies
• Understanding of Agile software development practices

Additional requirements:

• Able to meet travel requirements – Less than 10% of time
• US Citizen or Permanent Resident.
• COVID-19 vaccines will be required for all newly hired Carrier employees

Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Job Applicant’s Privacy Notice:

Click on this link to read the Job Applicant’s Privacy Notice

COVID-19 vaccines will be required for all newly hired Carrier U.S. Salaried employees.