Cyber Sec Archt/Engr II

Operate the established end-to-end lifecycle of the Microsoft Defender Attack Simulation Training program. This role is responsible for designing realistic phishing simulations, analyzing user behavior at scale, and driving targeted remediation to measurably reduce organizational phishing risk. The position partners closely with IT, HCM, and Security Awareness teams to ensure simulations, reporting, and training are aligned to business and compliance objectives.

As a Phishing Simulation & Remediation Lead at Honeywell, you will play a vital role in strengthening our cybersecurity defenses by managing phishing simulation campaigns and remediation efforts that educate and protect our workforce from phishing threats. You will report directly to cybersecurity leadership and work on a hybrid schedule.

Core Technical Skills

• Microsoft Defender for Office 365 (Advanced/Expert): Hands-on experience with Attack Simulation Training, creation of custom payloads (login tease, malware attachment, link-based attacks), use of simulation automations and user targeting (e.g., new hires, repeat offenders), and understanding of email delivery mechanics to ensure realistic simulations.
• Splunk (Required): Ingesting and analyzing Defender/O365 data via Splunk Add-ons, writing SPL queries for simulation and real-world phishing analysis, building and maintaining operational and executive dashboards.

Professional Skills

• Strong communication and coordination skills across technical and non-technical teams.
• Ability to manage workstreams, influence stakeholders, and drive outcomes without direct authority.
• Analytical mindset with the ability to translate data into actionable risk insights.

PREFERRED / NICE-TO-HAVE SKILLS

• HTML & CSS (Required): Ability to modify phishing templates and landing pages.
• Power BI & Data Visualization: Building interactive dashboards and risk scorecards; integrating Defender data via OData or Microsoft Graph.
• Python Automation: Scripting automation for user tagging, reporting, or data extraction.
• Security Awareness or Instructional Design: Customizing or localizing training content beyond vendor-provided materials.

BEHAVIORAL & STRATEGIC COMPETENCIES

• Global Security Awareness: Ability to plan simulations across time zones and cultural contexts.
• Instructional Design Mindset: Focus on behavior change, not just simulation metrics.
• Executive Communication: Ability to contextualize results (e.g., simulation difficulty vs. click rate) for leadership decision-making.

QUALIFICATIONS

• Bachelor’s degree in Cybersecurity, Computer Science, or equivalent experience.
• 2+ years of experience in Information Security or Information Technology fields.
• 2+ years of experience in a cybersecurity role.
• English language proficiency.
• Good technical knowledge of Windows/Linux operating systems, various types of applications, and networking technologies.
• Analytical skills in threat, vulnerability, and intrusion detection analysis.
• Attention to detail.
• Ability to develop and follow complex work instructions and documentation.
• Willingness to learn.

WE VALUE

• Experience working in a global, process-driven environment.
• Experience in cybersecurity with a focus on phishing simulation, security awareness, or incident remediation.
• Certifications such as CISSP, CISM, or Security+ are a plus.
• Strong analytical skills and attention to detail.
• Ability to work collaboratively across teams and communicate technical information effectively.

Phishing Simulation Program Management

• Design, execute, and continuously improve phishing simulation campaigns using Microsoft Defender Attack Simulation Training.
• Develop and maintain phishing templates aligned to current threat trends and real-world attack techniques.
• Launch enterprise-wide simulation campaigns, targeting a minimum of four simulations per employee annually.
• Correlate simulation outcomes with real-world phishing reports to assess risk reduction and program effectiveness.

Data Analysis & Reporting

• Monitor and analyze phishing simulation data using Splunk; identify anomalies, ingestion issues, and trends.
• Build, maintain, and enhance Splunk dashboards for simulation performance, user behavior, and reporting metrics.
• Produce ad hoc analysis and reporting in response to business, leadership, or compliance requests.
• Own phishing susceptibility metrics and reporting in Power BI for executive and business unit visibility.

Automation & Tool Integration

• Partner with IT and development teams to support data ingestion, automation, and platform reliability.
• Leverage Python and Splunk knowledge (directly or via developers) to resolve data issues and improve automation.
• Validate simulation outcomes using Defender Advanced Hunting where needed.

Phishing Remediation & Training Enablement

• Coordinate with the HCM/Learning team on assignment, delivery, and tracking of phishing remediation training.
• Structure and maintain phishing-related training content; obtain and use administrative access where appropriate.
• Collaborate with content creators to develop targeted training based on user risk levels and repeat offender trends.
• Support creation of awareness campaigns, documentation, and communications tied to simulation outcomes.

Cross Functional & Compliance Support

• Partner with security awareness, content, and business teams to deliver ad hoc or recurring campaigns.
• Support regulatory and compliance driven initiatives (e.g., CMMC) by designing targeted simulations and reporting.
• Communicate program results and risk context clearly to technical and non-technical stakeholders.