What you will do:
Senior Product Security Engineer with experience in penetration testing. This engineer will be responsible for managing program compliance regarding product testing for multiple access control and video surveillance applications and devices.
The primary responsibility for this role is to conduct penetration testing at various stages of product development, build and maintain the capabilities of our internal security lab, and communicate findings to the various security champions and product development teams.
Additional responsibilities for this role include leading our team of penetration test engineers, assisting in the same day advisory initiative of the program, managing our external test partners, and helping guide the Cyber Protection Program's testing roadmap. How you will do it:
• Serve as an expert in application and product security testing.
• Maintain the capabilities of our internal test labs to ensure all products in the program can be tested fully tested.
• Research, design and advocate new technologies, architectures, and security products that will support security requirements.
• Provide guidance and support to other team members and help develop their knowledge of product security testing.
• Promote and market the Product Security Team to our customers and end user by acting of the team's representative at conferences, presentations, and other outreach activities.
• Respond to security vulnerabilities in both internal and third party products and prepare security advisories. What we look for:
- Five or more years of application and appliance penetration testing experience
- Knowledgeable of network and system security principles such as defense in depth, granularity of privilege, etc. and how they are applied in practice, not only in theory
- Experience with SAST, vulnerability management, open source security issues, and threat modeling.
• Strong knowledge and experience with cybersecurity technology, methods, terminology and trends
• Knowledge if Windows and Linux internals, multiple languages (PHP, Python, C++, C#, etc.), mobile and cloud-based technologies and architectures, and wireless testing methodologies.
• Must have strong leadership and communication skills and be able to discuss technical topics to individuals and groups with a wide range of technical backgrounds
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law . If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou .