Product Security Incident Response Analyst

Carrier is a world leader in HVAC, Refrigeration, Fire & Security solutions.  For over a century, we have been developing innovative products and services that have changed the way people live and work.  That drive for innovation continues today with a renewed focus on creating solutions that will change the world for the better.  At Carrier, we see possibilities in everything. Today, Carrier needs your talent to build upon this legacy and create solutions that matter for people and our planet.

Global Product Cybersecurity

The purpose of the Global Product Cybersecurity organization is the enhancement of Carrier products and services, and assurance of cyber competitive advantage by driving:

• Brand reputation and advancement within the product cyber domain
• Secure development, continuous improvement and security maturity of products and services
• Assurance of secure operations, response, support and channel engagement for all offerings
• Product innovation and differentiation leveraging cybersecurity capabilities and expertise 

Our mission is the support and fulfillment of all production, operational and commercial cyber-related demand, objectives and requirements, such that the success of all Product Security stakeholders is achieved, and strategic opportunities for Carrier are realized.

Key Responsibilities

• Perform intake, initial analysis, and execution of the Product Security Incident Response (PSIR) process
• Develop and mature PSIRT program elements
• Create CVEs and author product security advisories
• Assist PSIR Lead in creating, auditing, and improving PSIR Program documentation and communications deliverables
• Own and manage PSIR and Product Vulnerability tickets throughout ticket lifecycle ensuring accurate and detailed information
• Manage Product Security mailbox
• Support all aspects of Carrier Coordinated Vulnerability Disclosure
• Work with the business, engineering, and product management teams to support detailed product inventory and install base data
• Support the design and execution of tabletop exercises around product vulnerabilities and incidents
• Outstanding level of support for customer product security escalations
• Support other Carrier product security service delivery as needed

Basic Qualifications

• Bachelor’s degree
• 2+ years of software/application security experience
• 2+ years of secure software development lifecycle practices and activities

Preferred Qualifications

Other qualifications you may have that would be beneficial in this role include:

• Experience with product security and/or product security incident response
• Strong communication, diplomatic, and interpersonal skills
• Experience and understanding of Agile software development practices
• Research, publication, conference and/or presentation experience
• Trade organization and/or technical committee participation  
• Experience within the product cybersecurity domain
• Experience in the building technologies domain, especially HVAC, Refrigeration, Fire, Physical Security, Video Surveillance and/or related services 
• Application and/or software security related certifications (CSSLP, etc.)
• Incident response related certifications (GCIH, CEH, etc.)
• Customer-facing communication experience
• Experience working with a variety of business and technical stakeholders in a matrixed environment

RSRCAR

#LI-Remote