Sr. Product Cybersecurity Developer (Remote)

Build your best future with the Johnson Controls team

As a global leader in smart, healthy and sustainable buildings, our mission is to reimagine the performance of buildings to serve people, places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience, focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard – your next great opportunity is just a few clicks away!

What we offer

Competitive salary and bonus plan
Paid vacation/holidays/sick time
Comprehensive benefits package including 401K, medical, dental, and vision care - Available day one
Extensive product and on the job/cross training opportunities with outstanding internal resources
Encouraging and collaborative team environment
Dedication to safety through our Zero Harm policy
Check us Out: Day in the Life of the Building of the Future https://youtu.be/pdZMNrDJviY

What you will do

In this career defining opportunity within the Global Product Security organization, you will drive, design, development, integration, testing, adoption, and continuous improvement of common, contemporary, and modular cybersecurity components and shared software libraries that enhance capability, improve efficiency, and differentiate our products and services. This includes driving continuous improvement initiatives aligned to our product security maturity framework, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. In this role, you will play a pivotal role in managing cybersecurity risk and enabling customer success.

How you will do it

• Coordinate with product leaders and functional teams across the company to drive adoption.

• Manage a standard set of cyber software and hardware components used across product lines.

• Provide technical leadership and guidance on translating cybersecurity requirements and architectural design into software and hardware capabilities.

• Lead development of innovative cybersecurity prototypes and proofs of concept.

• Architect security and privacy by design and secure-by-default into software applications for mobile, embedded systems, and cloud.

• Evaluate utility and resiliency of cybersecurity components using integration and security assurance testing processes and capabilities.

• Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk. 

• Support generation of intellectual property and submit patents to advance business objectives.

• Collaborate with business leaders and engineering directors on security risks and opportunities.

• Use Agile Project Management to manage resources and track milestones and deliverables.

• Support customer audits and inquiries pertaining to our product cybersecurity program.

• Identify cybersecurity opportunities that enhance the developer and customer experience.

• Speak at customer-facing events and present at conferences.

What we look for

• Minimum of 7 years of experience with at least 5 years in software or product cybersecurity.

• Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.

• Technical and operational excellence, thought leadership, and integrative thinking.

• Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations.

• Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.

• Demonstrated ability to lead change initiatives that intelligently manage software cyber risks.

• Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira).

• Understanding of agile software development and continuous integration/deployment.

• Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit).

• Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++).

• Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.

• Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing.

• Knowledge of current security threats and techniques for exploiting software vulnerabilities.

• Understanding of web and mobile application secure design principles such as OWASP.

• Understanding of data protection, secure cloud, and network infrastructure design principles.

• Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable.

• Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.

• Superior interpersonal, organizational, written/verbal communication, and presentation skills.

• Ability to build trust with stakeholders and explain complex security topics to all audiences.

• Active participation in hackathons, cybersecurity competitions, and exercises are a plus.

• Travel is occasional at approximately 10%, including international.

#LI-MJ1

#LI-Remote

Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.