The Cyber Protection Program, part of Johnson Controls Security Products division, is a holistic product security program responsible for not only ensuring the security of our products, but achieving the approval of our end user IT and InfoSec teams and maintaining relevant cybersecurity regulatory approvals. Members of the Cyber Protection Program's engineering team require more than just technical acuity and excellent problem solving skills, but must be able to represent the team and the Program to senior management, product architects, and customers. Excellent communication skills is a must.
There is an immediate opening for a Senior Product Security Engineer with experience in penetration testing. This engineer will be responsible for managing program compliance regarding product testing for multiple access control and video surveillance applications and devices.
The primary responsibility for this role is to conduct penetration testing at various stages of product development, build and maintain the capabilities of our internal security lab, and communicate findings to the various security champions and product development teams.
Additional responsibilities for this role include leading our team of penetration test engineers, assisting in the same day advisory initiative of the program, managing our external test partners, and helping guide the Cyber Protection Program's testing roadmap.
This role reports to the Engineering Lead for the Cyber Protection Program. The position is located in Westford, MA.
• Serve as an expert in application and product security testing.
• Maintain the capabilities of our internal test labs to ensure all products in the program can be tested fully tested.
• Research, design and advocate new technologies, architectures, and security products that will support security requirements.
• Provide guidance and support to other team members and help develop their knowledge of product security testing.
• Promote and market the Product Security Team to our customers and end user by acting of the team's representative at conferences, presentations, and other outreach activities.
• Respond to security vulnerabilities in both internal and third party products and prepare security advisories.
Keep abreast of the current cybersecurity trends and competitive landscape
• Five or more years of application and appliance penetration testing experience.
• Experience with SAST, vulnerability management, open source security issues, and threat modeling.
Knowledgeable of network and system security principles such as defense in depth, granularity of privilege, etc. and how they are applied in practice, not only in theory
The successful product manager will demonstrate a combination of desirable attributes:
• Strong knowledge and experience with cybersecurity technology, methods, terminology and trends
• Knowledge if Windows and Linux internals, multiple languages (PHP, Python, C++, C#, etc.), mobile and cloud-based technologies and architectures, and wireless testing methodologies.
• Must have strong leadership and communication skills and be able to discuss technical topics to individuals and groups with a wide range of technical backgrounds
Goal-oriented with a strong drive for success
A little about us:
We’re shaping the future. Together, let’s make a world that’s safe, comfortable and sustainable. Tomorrow needs you.