The future is what we make it.

When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers, and doers who make the things that make the future. That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars.

Working at Honeywell isn’t just about developing cool things. That’s why all our employees enjoy access to dynamic career opportunities across different fields and industries.

Are you ready to help us make the future?

This position will be a part of the Industrial Cyber-Security team and will participate in delivering and developing cyber security services for a wide range of industrial global customers. The position will have a direct reporting relationship to the Global Security Operation Center Manager and Incident Response Lead and work as part of a global managed services team. The position requires very good cyber security knowledge, excellent analytical skills and proficient handling of specific tools such as SIEMs and Security Orchestration, Automation and Response platforms. A successful candidate would be able to evaluate security incidents and determine true positives situations within an environment and provide context enrichment service before escalation to Level 3 Cyber Security Incident Response team as needed.

RESPONSIBILITIES:

• Monitors SIEM, trouble tickets / email notifications and in-person escalations, logs from ICS infrastructure components (SCADA, HMI, PLC, RTU, Control Servers), applications or network devices such as switches, firewalls, IDS/IPS;

• Design, implement, test Security Orchestration, Automation and Response processes and procedures;

• SOAR playbook development and troubleshoot automation capabilities;

• Examine the escalated tickets to determine if they are true positive or false positives.

• Performs malware analysis, threat hunting and threat modeling activities;

• Assist forensic investigation by providing reports and other information;

• Reviews and suggests improvements to control deployment process and installation procedures

• Develops and documents remediation recommendations for business owners to improve the control environment in which a security incident occurs. Recommendations must be easily understood by non-technical staff;

• Provide recommendations and direction on the tuning of signatures, rules, alerts, parsers, and custom scripts within the monitoring solutions;

• Participates in root cause analysis and helps with the orchestration of remediation;

• Understand defense in depth strategies and apply those to Client’s environment;

• Creates and disseminates security related notifications for internal staff (for example: trends, developments, changes in capabilities);

• Acts as L2 Escalation layer in the SOC.

• Mentors Level 1 SOC Analysts;

• Creates manuals, guides and knowledge base entries;

• Keep abreast of latest security and privacy legislation, emerging threats, regulations, advisories, alerts, and vulnerabilities pertaining to HCE OT IR SOC and its customers;

• Remains knowledgeable of our current solution portfolio and the technical specificities of our offerings.

MUST HAVE:

• Bachelor’s degree in a computer related field such as Computer Science, Computer information systems or electronics;

• Minimum of 2 years’ experience in cyber security industry;

• Minimum of 5 years’ experience in Information Technology;

• Strong diagnostic and analytical skills including problem solving, trouble shooting, management of priorities and self-direction to resolve complex issues;

• Effective written and verbal skill to enable strong communication capabilities;

• Information Technology certifications: ITIL Foundations;

• Security Certifications: CCNA, CompTIA Security+, GCIH, or other similar certifications;

• Experience to automate tasks and integrate systems with Python;

• Experience with SIEM platforms and logging solutions.

WE VALUE:

• GCFA or CEH or other similar certifications;

• Understand Advanced SOAR methodology;

• Understand ICS communication protocols such as Modbus, Profibus, DNP3, S7comm and others.

• Ability to write documentation and summaries;

• Experience working in a client facing Cyber SOC environment;

• Experience securing industrial or corporate networks and assets against cyber threats;

• Knowledge of ICS environments;

• Knowledge of cybersecurity frameworks such as MITRE ATT&CK, NIST.

BENEFITS:

Benefits provided may differ by role and location. Learn more at benefits.honeywell.com.

Medical/Rx Health Savings Account (HSA)

Dental/Vision Short/Long-Term Disability

Flexible Vacation Time Employee Assistance Program (EAP)

401(k) Plan Education Assistance

THE FUTURE IS WHAT WE MAKE IT

From sustainable aviation fuel and life-saving healthcare sensors to collaborating on every NASA space mission since the 1950s, over 100 years of innovation has always been driven by an investment in our people.

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion or veteran status.

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.