Log In
Sign Up
At Honeywell Advanced Connected Sustainability Technologies (ACST), our outstanding team of scientists, engineers, and professionals develop groundbreaking technology by applying their expertise in complex hardware and software control systems, atomic physics, ultra-high vacuum environments, cryogenics, cyber security and others.
The Penetration Test Security Engineer role is focused on vulnerability research, reverse engineering, and exploit development against internal products & services. Honeywell ACST conducts full-scope vulnerability assessment, exploit development, and penetration testing against Space Systems, Aeronautics, Industrial systems, manufacturing and enterprise IT. The ideal applicant would have an intense desire to exploit real world systems and be knowledgeable in a wide range of security issues including various computing architectures, network comms protocols, programming languages and defenses.
In this position, the Penetration Test Security Engineer will…
Engage in all phases of Red Team operations including: reconnaissance, exploitation, lateral movement
Have strong focus on IoT and Embedded Device Testing (cloud, mobile, API, hardware, network, firmware, and RF)
Perform security assessments in Cloud environments (AWS, Azure, Google)
Use and customize commercial and open-source security assessment tools
Modify and use payloads to avoid common detection methods
Deploy, configure, and manage infrastructure to support Offensive operations
Use computer network, application, database, Cloud, and web exploitation techniques
Conduct Active Directory and enterprise network exploitation
Leverage OPSEC techniques including network traffic monitoring, post-exploitation activities, and payloads to blend in with target environments
Run Web Application and API debugging and analysis
Have familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques.
Have an understanding of application protocols, development, and common attack vectors.
Continually work to improve the knowledge and capabilities of yourself & the team
YOU MUST HAVE:
Bachelor’s degree in computer science or software engineering, electrical engineering or technical discipline
10+ years demonstrated experience in security engineering
U.S. Citizenship required in order to obtain and maintain government security clearance
WE VALUE:
Experience in application penetration testing (Web, Mobile, thick client, IoT) with tools such as but not limited to…Kali Linux, Burpsuite, Ghidra, IDA Pro, Metasploit, Netsparker, Acunetix, Nessus, etc.
Have knowledge and experience in OWASP Top 10
Application development or software engineering experience
Scripting or development experience with Python, bash, Powershell, Perl, C, C++, Java, C#, etc.
Excellent understanding of security by design principles and architecture level security concepts
Good cyber security capabilities including application protocols, development, and common attack vectors.
Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques
Ability to script advanced attacks
Ability to fuzz applications and protocols for new vulnerabilities and able to fully exploit newly discovered vulnerabilities
Ability to discover advanced logic flaws and multiple step architectural errors
Experience and knowledge of penetration testing methodologies and tools
Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
