Lead Cyber Security Architect/Engineer
The future is what you make it!
When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers, and doers who make the things that make the future.
That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings safe and even making it possible to breathe on Mars.
Working at Honeywell isn’t just about developing cool things. That’s why our employees enjoy access to dynamic career opportunities across different fields and industries.
Are you ready to help us make the future?
Honeywell’s Global Security (HGS) business believes in integrating security into all aspects of our business to protect the people, processes, and assets by which Honeywell achieves its greater mission. Advancements in technology, contractual and regulatory requirements, emerging threats, and Honeywell's growth worldwide continue to challenge all of us to ensure everything we do in business is secure.
As a Lead Cyber Security Architect/Engineer (Active Directory (AD) / Azure Active Directory (AAD)) at Honeywell, this is your opportunity to join our Cybersecurity team and provide valuable, secure user experiences for Honeywell employees, partners, and customers.
You will work with the latest technologies that perform user authentication, authorization, security policy enforcement and multi-factor authentication. You will provide world class solutions with Directory Services, ensuring that they align with direction set by best practices and defined standards within Honeywell. Your job responsibilities will include the following:
• Serve as a subject matter expert for Directory Services (AD / AAD) under the IAM services portfolio
· Perform in the capacity of AD / AAD architect working closely with the AD / AAD engineering and support teams
· Understand how the service works from a business/end-user/technical perspective
· Have command of the service including its capabilities and proper use
· Execute proof-of-concepts guided by Service Manager and Director
· Complete assigned project/tasks in a timely manner
· Interact with key stakeholders and project/program teams to understand their requirements and architect solutions based on best practices
· Ensure proper oversight for quality assurance of IAM artifacts
· Architect, own, and maintain processes, metrics, and procedures
· Enforce adherence to architectural standards/principles
· Proactively provide feedback regarding infrastructure IAM engineering methodologies, standards, and leading projects
· Minimize technical exposure and risk on projects
· Delivers and manages a highly available, stable, and secure Directory Services environment
· Drive value realization for the services and technology within the cybersecurity controls organization
· Participates in the testing (e.g., planning and execution) related to performance, disaster recovery, and business continuity for AD and AAD
· Work with Solution Architect and onboard new technologies which can enhance the security of Active Directory and Azure Active Directory.
· Design & implement new solutions like Windows Hello for Business, MFA, Conditional Access, TAP, Entra Lifecycle management, Secure Services Edge, Authentication strengths and Application management.
· Understanding of Design & Implementation of Microsoft Defender for Identity (MDI) on all the Domain Controllers. Integrating it with Syslog server and generating the security events
· Understanding of design and implementation of Conditional Access policy which enhances the security of Identity, device & Cloud applications as part of the Zero trust methodology.
· Understanding of design and implement Quest-On Demand Recovery, RMAD, and Forest recovery for end-to-end disaster recovery of Active Directory and Azure AD.
· Design and Implement Azure AD B2B.
· Design and Implemented Multifactor solutions
· Understanding of ADFS
· Managing day to day Changes, Escalations and Incidents related to the internal AD & AAD infrastructure.
· Configuring and Managing of Active Directory infrastructure on Windows Server.
· Good knowledge on PowerShell for Active directory/Azure AD.
· Administration of the complete ADUC structure and make changes to the design
· Active Directory Objects via Active Directory Users and Computers. Components Restriction, Folder Redirections, Software Deployment. Administrative Templates, Windows Settings, Group Policies.
· Working on Azure AD and Azure AD Connect.
· Working knowledge of mergers/acquisitions, and divestitures.
· Collaborate with global team members based in the US, India, and EMEA.
• Analytical/Decision Making Responsibilities
· Understands the art of the possible, compares various architectural options based on feasibility/impact and proposes actionable plans
· Demonstrated strong analytical skills and technical problem-solving skills
· Analyzes and resolves complex issues (e.g., performance problems and outages) to the Directory Services environments, escalating to and working with vendors and clients as required
· Ability to analyze and operate at different levels of abstraction
· Ability to balance what is strategically right with what is practically realistic
· Evangelize optimal options based on documented best practices and standards
· Constantly optimize work procedures and automate recurring tasks. Develop and update technical documentation and formulate work instructions to address repeating issues
· Maintain accurate and timely tracking of activities
• Incident/Problem management
· Provide guidance to AD / AAD support team on incidents/problem lifecycle including ticketing and stakeholder interaction on an as needed basis
· Assist team in performing proactive problem management to identify and resolve potential issues related to the Directory environments
· Document troubleshooting procedures for standard support situations
• Works under supervision of the Director, Cyber Security Manager, and interacts with Portfolio Architects and other key stake holders
YOU MUST HAVE:
• Bachelor’s or graduate degree in a computer-related field such as Computer Science, Computer Information Systems or equivalent.
• 5+ years of experience in Information / Cyber Security or Information Technology fields
• 2+ years developing, architecting, and implementing enterprise class IAM/security solutions.
• Good understanding of Identity and Access Management services (SSO, LDAP, IGA, PKI, etc.)
• Good understanding of enterprise environment and how IAM services connect in a highly matrixed organization
• Attention to detail and willingness to learn
WE VALUE:
• Securing the Directory from both a physical and logical aspect
• Defining the logical organizational structure (OU/Tree organization)
• Understanding of LDAP structures such as schemas, object classes, and attributes
• Understanding of Administrative model (how we manage objects)
• Authentication & Authorization types (Federation/SSO, LDAP/Kerberos, MFA)
• Knowledge of on premises & cloud directory functions
• Directory synchronization
• Directory consolidation
• Working knowledge of MS Windows
• Understanding of DNS & Networking
• Active Directory specific experience
• Scripting knowledge including bash, PowerShell, python etc.
• Troubleshooting experience with Directory replication
• Group Policy Management
• Detailed knowledge of Azure AD & Azure AD Connect
• Working knowledge of Conditional Access Policies
• Knowledge/Experience with Directory as a Service (DaaS)
• Experience with federation services
• Experience with testing concepts and techniques
• Working knowledge of Unix/Linux
• Identity security best practices
• Results-focused visionaries that consistently deliver high-quality solutions.
• Understanding of ITIL process, such as Incidents, Change & Problem management
• Experience in working in a global, process-driven organization
• Experience managing a geographically split organization and working in a multi-cultural environment
• Interpersonal communication and organizational skills
• Understanding of encryption, certificates, and digital signatures
Additional InformationJOB ID: HRD264963Category: EngineeringLocation: Devarabisanahalli Village, KR Varturhobli,,East Taluk - Phase I,Bangalore,KARNATAKA,560103,IndiaExemptEngineering (GLOBAL)