Security & Privacy Leader, Product Security

Country:

United States of America

Location:

CAVAO: Carrier-Home Virginia Remote Location, Remote City, VA, 23219 USA

Carrier is the leading global provider of healthy, safe and sustainable building and cold chain solutions with a world-class, diverse workforce with business segments covering HVAC, refrigeration, and fire and security. We make modern life possible by delivering safer, smarter and more sustainable services that make a difference to people and our planet while revolutionizing industry trends. This is why we come to work every day. Join us and we can make a difference together.

About this role

In this role as a BU Security & Privacy Leader, we are seeking a skilled and experienced product security Leader to manage a business unit level product security assurance program. As the leader, you will be analyzing threats and vulnerabilities to fortify Carrier products, services and solutions. You’ll stay current with the latest cybersecurity trends, threats, and technologies, with work in the following areas. Secure coding practices: Ensuring that the code written for products is robust against security vulnerabilities. Vulnerability scanning: Checking for known security weaknesses in software and hardware. Penetration testing: Actively testing the product’s defenses by simulating cyber attacks. Product incident response: Having a plan in place to respond to security incidents that may affect the product. Attestation and certifications: Obtaining certifications that verify the security measures of the product. Sales and aftersales support: Providing customer service related to security, including responding to queries, training, and software updates.

Key Responsibilities 

• Design and implement secure architectures for products.
• Conduct threat modeling, vulnerability assessments, and penetration testing.
• Provide security guidance and code reviews during product development.
  Manage incident response and support detection efforts.
• Collaborate with engineering teams to integrate security practices.
  Stay updated with the latest security trends and technologies.
• Communicating risk-based quality measurements at all levels of management, both internal and external.
• Responding to and managing customer-impacting security vulnerability events.
• Working collaboratively with specialists across Carrier to diagnose, introduce detections capabilities, and tackle sophisticated technical problems. 
• Build and maintain collaborative relationships with various internal business units and other key partners to effectively resolve issues without any barriers.

Basic Qualifications

• Bachelors’ Degree
• 10+ years of experience leading technical cyber security programs.

Preferred Qualifications

• Knowledge of firmware, software, application and manufacturing security vulnerabilities and countermeasures.
• Familiarity with secure development lifecycle, IEC/ANSI/ISA 62443, NIST 800-53/ SP 800-218 and others.
• Managing product deliverables throughout all phases of the Product Life Cycle.
• Influencing future product feature planning with strategic partners.
• Supporting secure development practices, threat modeling, and vulnerability assessments.
  Defining security standards for various products and tools.
• Relevant certifications such as CISSP, CSSLP, or CEH may be preferred.
• Have a strong understand of secure development lifecycle practices that improve quality and trustworthiness.

RSRCAR

#LI-Remote

Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Job Applicant's Privacy Notice:

Click on this link to read the Job Applicant's Privacy Notice