Penetration Test Lead (Cloud & Red Team)

Who we are

Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.  

Cloud Penetration Testing Lead

What you will do

The Cloud Penetration Testing Lead is responsible for leading and executing penetration testing activities specifically focused on JCI’s cloud environments. This role requires a deep understanding of cloud technologies, security best practices, and penetration testing methodologies. The lead will work closely with security architects, development teams, and infrastructure teams to identify and exploit vulnerabilities wherever possible in cloud-based systems.

How you will do it

• Design and execute complex penetration tests against cloud-native applications, infrastructure, and data stores.
• Exploit vulnerabilities in cloud platforms, such as AWS, Azure, and GCP, using advanced techniques and tools.
• Assess the security posture of cloud-native applications, microservices, and serverless architectures.
• Develop and execute attack scenarios that simulate real-world threats, including supply chain attacks, privilege escalation, and lateral movement.
• Lead and mentor a team of experienced penetration testers, providing guidance and support on advanced techniques and tools.
• Assign tasks, review deliverables, and ensure project timelines are met.
• Develop and maintain standard operating procedures for complex penetration testing activities.

What we look for

Required

• Must have B.E / B.Tech / M.Tech / MCA in Computer Science or  Information Technology
• Must have a minimum of 10 to 12 years penetration testing, with a strong focus on cloud environments.
• In-depth understanding of cloud technologies (AWS, Azure, GCP) and their security implications.
• Proficiency in advanced penetration testing tools and techniques, such as Metasploit, Cobalt Strike, and PowerSploit.
• Experience with container technologies (Docker, Kubernetes) and serverless architectures.
• Strong scripting skills (Python, PowerShell) for automation and custom tool development.
• Experience with security orchestration, automation, and response (SOAR) platforms.
• Active security certifications such as OSCP, CSSLP or related is desired.
• Ability to work well under minimal supervision.
• Requires strong interpersonal, organizational, written and verbal communication skills.

Preferred

• Experience with threat hunting, red team assessments and intelligence gathering techniques.
• Knowledge of emerging security threats and vulnerabilities.
• Experience with cloud-native security controls and best practices.
• Strong understanding of cryptography and network protocols.
• Ability to think critically and creatively to identify and exploit vulnerabilities.