Associate Director, Product Cybersecurity Incident Response and Detection

Company: Carrier
Location: Atlanta
Posted on: January 27, 2023

Job Description:

Date Posted:2022-12-22-08:00Country:United States of AmericaLocation:CAG23: DLS VRF- Atlanta 3300 Riverwood Pkwy , Atlanta, GA, 30339 USACarrier is the leading global provider of healthy, safe and sustainable building and cold chain solutions with a world-class, diverse workforce with business segments covering HVAC, refrigeration, and fire and security. We make modern life possible by delivering safer, smarter and more sustainable services that make a difference to people and our planet while revolutionizing industry trends. This is why we come to work every day. Join us and we can make a difference together.About this roleAs the leader of product cybersecurity incident response and detection within Carrier and its businesses, you will be coordinating with stakeholders to drive communication and remediation of critical security vulnerabilities. Global Product Cybersecurity is looking for a lead analyst looking to own the data collection and processing to better understand threat actor's motives, targets, and attack behaviors currently effecting the buildings space. This intelligence gathering will help us prevent, mitigation, and remediate potential software, firmware, or hardware vulnerabilities. And in turn will allow the incident response function to identify, analyze, and respond to potential security incidents more efficiently and effectively.Key Responsibilities

• Assist in investigations, security incidents, vulnerability findings, and recommendations for product related incidents
• Provide project-level support to operations teams, including incident response perspectives and subject matter expertise
• Incident response lead for high severity product cybersecurity incidents
• Coordinate appropriate activities across product and security teams, including stakeholders to remediate potential threats
• Conduct research and analysis to provide timely and actionable intelligence to business stakeholders
• Understand advanced malicious cyber actors, activities, techniques, geography, and impact
• Champion security awareness for all emerging threats in the product cybersecurity landscape
• Analysis, isolation, and reverse engineering of potential vulnerabilities, exploits in both hardware and software applications
• Work closely with Computer Security Incident Response Team (CSIRT) and Product teams to ensure proper handling of incidents
• Form functional groups with stakeholders to scope, analysis, define actions and timelines for security incidents
• Develop playbooks to improve incident response activity and drive information sharing across teams
• Effectively adapting and organizing work according to business priorities and the product's vulnerability severity
• Intelligence reports, briefings, findings, and threat assessments
• Attention to detail, presentation skills, excellent communication both orally and written, and ability to work well with others
• Passion for finding, understanding, and mitigating cyber threats
• Develop proof-of-concepts of exploitations or modifications based on identified vulnerabilities
• Supports all phases of the secure engineering, support, and development lifecycles in collaboration with multifunctional leaders, stakeholders, contributors, and businesses
• Provides timely and expert support to resolve difficult problems and issues
• Provides cybersecurity thought leadership, advisement, mentorship, training, and engagement
• Supports ad hoc initiatives within the cybersecurity-engineering domain, as needed
• Provides critical support as required for all major Product Cybersecurity missions, including Secure Development, Operations, Commercialization, and Innovation
• Positions Carrier in a world class position within the Product Cybersecurity domain
• Produces meaningful metrics to detail current level of support
• Serving as incident commander in driving the overall response to a cyber incident and coordinating efforts of multiple corporate teams
• Developing and presenting clear business recommendations to continue overall improvement
• Providing quality control and oversight for reports, presentations, and brief-outs
• Ensuring the fusion of threat intelligence drives the prioritization of detection and response efforts
• Plan, document, and execute emulation of adversary operations, then feedback to preventative and detective security controls as well as response procedures.
• Partner with the Cyber Fusion Center team and conduct independent research into threat actor tactics, techniques, procedures in specific applicable domains
• Identify and implement necessary tooling and infrastructure to support and evolve the program.
• Development of Key Performance Indicators (KPIs) to drive program focus and growth.
• Knowledge of industry practices for responsible disclosure of security threats and product vulnerabilities.
• Engage directly with researchers, partners, and internal support teams to drive issues to long-term resolution.
• Extensive understanding of triaging and assessing risks associated with cybersecurity vulnerabilities (CVSS, CWE, OWASP Top 10)Required Qualifications
  • 5+ years of experience in 1 or more cybersecurity domain(s):
  • Incident Response
  • Threat Intelligence
  • Product Cybersecurity Development
  • Risk ManagementPreferred Qualifications
    • Bachelors degree in Computer Science, Software Engineering, or equivalent Engineering degree
    • Masters degree or PhD in computer science, software engineering, or equivalent
    • Experience and understanding of Agile software development practices
    • Experience in security certifications or accreditations such as SOC2, ISO 27001, FedRAMP, etc.
    • Experience in the building technologies domain, especially HVAC, Refrigeration, Fire, Physical Security, Video Surveillance and/or related services
    • Certifications demonstrating deep practical knowledge such as CSSLP, CISSP, CCSP, CCSK, AWS Solutions Architect Professional, et. Al
    • Exceptional cross-functional and multi-domain technical aptitude
    • Diverse technical domain experience (ex., Embedded, Enterprise, Mobile, Cloud, etc.)
    • Excellent communication, mentorship, change management and leadership skills
    • Exceptional interpersonal skills with the ability to effectively support diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
    • Project leadership, research and/or publication experience
    • Demonstrated experience and a solid track record for working w/ cross-functional, engineering, business, and executive leadership, handling complex challenges, delivering results
    • Leadership and adaptability when facing unique challenges encountered to effectively work with individuals in diverse cultures and business environments.
    • Demonstrated team leadership ability
    • Strong work ethic and a proactive mindset with ability to think outside of the box to solve problems.
    • Proven ability to work independently and in a multi-tasking environment with strong analytical and conflict resolution skills.
    • Strong written and oral communication skills.
    • Strong meeting organization and facilitation skills.
    • Proven experience in writing, designing, and delivering cyber related content
    • Track record of managing work to achieve milestones on time and within budget in a fast-paced environment.
    • Experience investigating and acting on high-impact threats and online threat actors
    • Experience thinking like the adversary, and to anticipate threat actors moves
    • Experience thinking critically and qualify assessments with solid communications skills
    • Extensive experience with common threat intelligence tools
    • Highly familiar with one or more of the following:
    • Classical threat intelligence (IOCs, hunting, reporting, visualization)
    • Interdisciplinary research of threat actors and groups
    • Malware research
    • Incident response and digital forensics#LI-RemoteRSRCARCarrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.Job Applicant's Privacy Notice:Click on this link (https://www.corporate.carrier.com/legal/privacy-notice-job-applicant/) to read the Job Applicant's Privacy NoticeCOVID-19 vaccines are required for all newly hired Carrier U.S. Salaried employees, except as prohibited by law. Candidates residing in or for positions located in any of the following jurisdictions are not subject to this requirement: Alabama, Arkansas, Florida, Kansas, Indiana, Iowa, Mississippi, Montana, Nebraska, North Dakota, Tennessee, Texas, Utah, and West Virginia.If you have questions about applicability of this requirement to you, please contact Global People Services at: +1-833-819-1257

Keywords: Carrier, Atlanta , Associate Director, Product Cybersecurity Incident Response and Detection, Executive , Atlanta, Georgia