Senior Product Cybersecurity Developer

2 days ago

Apply Now

Receive Emails with Similar Jobs

Johnson Controls

WebsiteLinkedInAll Job Openings

Engineering • Manufacturing Operations • Sales • Building Automation • Fire & Hazard Protection

10,000+

Description

• Drive design, development, testing, and continuous improvement of cybersecurity components and libraries. • Ensure proactive management of security and data privacy risk across products and services. • Collaborate with teams for product security excellence and customer success.

Requirements

• Minimum of 7 years of experience with at least 5 years in software or product cybersecurity. • Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree. • Technical and operational excellence, thought leadership, and integrative thinking. • Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations. • Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls. • Demonstrated ability to lead change initiatives that intelligently manage software cyber risks. • Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira). • Understanding of agile software development and continuous integration/deployment. • Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metasploit). • Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++). • Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance. • Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing. • Knowledge of current security threats and techniques for exploiting software vulnerabilities. • Understanding of web and mobile application secure design principles such as OWASP. • Understanding of data protection, secure cloud, and network infrastructure design principles. • Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable. • Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus. • Superior interpersonal, organizational, written/verbal communication, and presentation skills. • Ability to build trust with stakeholders and explain complex security topics to all audiences. • Active participation in hackathons, cybersecurity competitions, and exercises are a plus. • Travel is occasional at approximately 10%, including international.

Benefits

• Competitive salary and bonus plan • Paid vacation/holidays/sick time • Comprehensive benefits package including 401K, medical, dental, and vision care - Available day one • Extensive product and on the job/cross training opportunities with outstanding internal resources • Encouraging and collaborative team environment • Dedication to safety through our Zero Harm policy