Job Details

The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.

What you will get to do

During this fellowship, you will have the opportunity to see the full breath of Johnson Controls cybersecurity work to protect both our customers and our corporation. You will get to observe and participate in numerous improvement initiatives aligned to our cybersecurity maturity framework and roadmap, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. In this role, you will have the opportunity to witness the critical valve that cybersecurity brings to managing risk, differentiating Johnson Controls, and enabling business success.

• Assist security architects in providing cybersecurity guidance to product development teams, security champions, and business leaders throughout all phases of the software development life cycle.

• Learn and review policy compliance and high quality for secure SDLC activities -- security requirements, security architectures, threat and attack models, supply chain security, code reviews, SAST, DAST, IAST, penetration testing, and security hardening.

• Understand the role of security architects in the art and science of architecting security and privacy by design and security-by-default into software applications for mobile, embedded systems, and cloud.

• Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.

• Help plan and coordinate third party penetration testing vendor engagements with product teams.

• Help engineers and product managers identify solutions to meet cybersecurity requirements.

• Help business unit leaders understand security risks and participate in project resource planning.

• Assist with review of Maintain current knowledge of security threats and vulnerabilities that could impact products.

• Support incident response operations, training, and exercises, including exploitation analysis and countermeasure testing.

• Assist in coordination and tracking of vulnerability remediation activities.

What we look for

• Technical thought leadership, project management acumen, integrative thinking, and passion.

• Experience with cybersecurity and software security experience.

• Strong problem-solving skills to analyze cybersecurity issues and requirements

• Experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models.

• Experience with agile software development and continuous integration/deployment.

• Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit).

• Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.

• Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable.

• Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.

• Superior interpersonal, organizational, written/verbal communication, and presentation skills.

• Active participation in hackathons, cybersecurity competitions, and exercises are a plus.

• CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications.

#DICE

Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.