United Technologies Corporation Director, Project Zero in East Hartford, Connecticut

Job ID: 74654BR

City: East Hartford

State: Connecticut

Country: United States

Category: Information Technology

Job Type: Full Time

Description:

United Technologies Corporation (UTC; NYSC: UTX) is headquartered in Farmington, CT, just outside of Hartford, CT. We employ over 204,000 talented individuals globally, achieve net sales in excess of $60 billion, and invest $4B each year back into research & development activities. Our aerospace businesses include Pratt & Whitney aircraft engines and UTC Aerospace Systems – the combination of which make us the largest aerospace company in the world. Our commercial businesses include Otis elevators and escalators and UTC Climate, Controls & Security – a leading provider of heating, ventilation, air conditioning, fire and security systems and building automation controls.

United Technologies Corporation was founded by some of the world’s greatest inventors. We helped build the Second Industrial Revolution and brought about a century of urbanization and globalization. Now we need your help to build the next one.

Tech@UTC is the UTC technology organization, comprised of the global engineering function, several focused centers of expertise, our skunkworks organization – United Technologies Advanced Projects (UTAP), and our advanced Research & Development lab – United Technologies Research Center (UTRC). By combining a passion for science with precision engineering, we create smart, sustainable solutions that prove we can do the big things the right way. We put the “T” in UTC.

As great physical products like jet engines, elevators, avionics, HVAC, door locks, and smoke detectors get “smarter,” becoming increasingly connected, security becomes increasingly important. The mission of the newly created Product Security Center of Expertise (PSCOE) is to ensure the digital security of these products by (1) ensuring that security is built into the products before they ship, (2) operationally understanding risk to our products on a day-to-day basis, and (3) ensuring that we have a strong Product Security Incident Response Team (PSIRT) to respond effectively and quickly to any product security issues.

As Director, UTC Project Zero , your mission will be to hire and lead a well-staffed team of the best practically minded security experts. You’ll work to discover serious previously unknown vulnerabilities in cyber physical products, particularly for products on which lives and quality of life depend worldwide. Over the past five years, similar efforts have driven tremendous progress in general purpose computing servers, clients, operating systems, and browsers used for shopping, routine business, and social networking. We believe that life critical embedded systems and the protocols connecting them all deserve a similar concerted effort for improvement. Of course, for life-critical systems, certification and safety testing requirements in the interest of the general public cause timelines for dissemination of fixes to life-critical systems to differ from timelines of most other computing technologies. That certainly impacts timelines for responsible disclosure. However, over the long term, many crucial principles, such as transparency, are immutable, and the time has come for leaders to set new precedents in this crucial area for public good. These are among the reasons why we believe the time has come for a UTC Project Zero focused exclusively on smart, connected physical products on which people now depend more than most people realize. In working to discover previously unknown vulnerabilities, you’ll be investigating the potential for such vulnerabilities in products, including but not limited to digitally driven elevators, aerospace systems, HVAC, jet engines, door locks, security cameras, and smoke detectors. This includes discovering vulnerabilities in market leading products by UTC brands including Pratt & Whitney, Otis, Carrier, Lenel, Kidde, Chubbe, Edwards, and also discovering vulnerabilities in competing products from our competitors. Our hope is to not only continue improving our own products, but to also constructively raise the bar for these many industries, and set solid precedents for the public good in the process of leading by example.

Although United Technologies Corporation is headquartered in Connecticut, this role is flexible on location. This role involves leading a geographically distributed team. This role does involve travel to corporate meetings but only an average of once every six weeks.

  • Hire and shepherd a well-staffed team of some of the best practically minded security experts

  • Discover serious previously unknown vulnerabilities in life-critical products, and help publish them on responsible timelines

  • Engage the security research & vulnerability discovery communities to set appropriate precedents for public good regarding responsible disclosure timelines for life-critical smart, physical products

Qualification:

Basic qualifications:

  • Deep experience in security with deep experience in vulnerability discovery

  • Ability to build and shepherd a team of people proven in their ability to discover previously unpublished security vulnerabilities.

  • Familiarity with challenges unique to security in physical products

  • High integrity and capability of building strong, trusting relationships

  • Ability to keep abreast with latest threats, attack techniques and mitigation strategies

  • Track record of strong people leadership through an authentic leadership style regardless of whether that style is conventional or unique

  • Either a track record of leading teams who publish or first-hand publishing previously unknown vulnerabilities

Preferred qualifications:

  • Years of publishing previously unknown vulnerabilities strictly through responsible disclosure

  • Experience publishing at long-established, selective conferences annually attended by thousands of hackers

  • Experience building & leading small teams.

  • Experience breaking cyber-physical “embedded” technologies.

  • A great combination of risk-awareness, impatience, optimism, empathy, and vision, and a burning desire to make a difference

  • Candidate must be legally authorized to work in the United States

Education:

  • B.S. degree in computer science, MIS or security-related field

  • Demonstrated history of success in multiple positions of increasing scope and responsibility, with a significant duration of experience and expertise spanning the full qualifications of this role

United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Qualification:

Basic qualifications:

  • Deep experience in security with deep experience in vulnerability discovery

  • Ability to build and shepherd a team of people proven in their ability to discover previously unpublished security vulnerabilities.

  • Familiarity with challenges unique to security in physical products

  • High integrity and capability of building strong, trusting relationships

  • Ability to keep abreast with latest threats, attack techniques and mitigation strategies

  • Track record of strong people leadership through an authentic leadership style regardless of whether that style is conventional or unique

  • Either a track record of leading teams who publish or first-hand publishing previously unknown vulnerabilities

Preferred qualifications:

  • Years of publishing previously unknown vulnerabilities strictly through responsible disclosure

  • Experience publishing at long-established, selective conferences annually attended by thousands of hackers

  • Experience building & leading small teams.

  • Experience breaking cyber-physical “embedded” technologies.

  • A great combination of risk-awareness, impatience, optimism, empathy, and vision, and a burning desire to make a difference

  • Candidate must be legally authorized to work in the United States

United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.