Senior Product Security Developer

Job Description

Senior Product Cybersecurity Developer The future is being built today, and Johnson Controls is making that future more productive, more secure, and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people s lives and the world better. What you will do In this career defining opportunity within the Global Product Security organization, you will drive, design, development, integration, testing, adoption, and continuous improvement of common, contemporary, and modular cybersecurity components and shared software libraries that enhance capability, improve efficiency, and differentiate our products and services. This includes driving continuous improvement initiatives aligned to our product security maturity framework, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. In this role, you will play a pivotal role in managing cybersecurity risk and enabling customer success. How you will do it
• Coordinate with product leaders and functional teams across the company to drive adoption.
• Manage a standard set of cyber software and hardware components used across product lines.
• Provide technical leadership and guidance on translating cybersecurity requirements and architectural design into software and hardware capabilities.
• Lead development of innovative cybersecurity prototypes and proofs of concept.
• Architect security and privacy by design and secure-by-default into software applications for mobile, embedded systems, and cloud.
• Evaluate utility and resiliency of cybersecurity components using integration and security assurance testing processes and capabilities.
• Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
• Support generation of intellectual property and submit patents to advance business objectives.
• Collaborate with business leaders and engineering directors on security risks and opportunities.
• Use Agile Project Management to manage resources and track milestones and deliverables.
• Support customer audits and inquiries pertaining to our product cybersecurity program.
• Identify cybersecurity opportunities that enhance the developer and customer experience.
• Speak at customer-facing events and present at conferences.
What we look for
• Technical and operational excellence, thought leadership, and integrative thinking.
• Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations.
• Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.
• Demonstrated ability to lead change initiatives that intelligently manage software cyber risks.
• Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira).
• Understanding of agile software development and continuous integration/deployment.
• Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit).
• Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++).
• Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.
• Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing.
• Knowledge of current security threats and techniques for exploiting software vulnerabilities.
• Understanding of web and mobile application secure design principles such as OWASP.
• Understanding of data protection, secure cloud, and network infrastructure design principles.
• Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable.
• Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.
• Superior interpersonal, organizational, written/verbal communication, and presentation skills.
• Ability to build trust with stakeholders and explain complex security topics to all audiences.
• Active participation in hackathons, cybersecurity competitions, and exercises are a plus.
• CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications.
• Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.
• Minimum of 7 years of experience with at least 5 years in software or product cybersecurity.
• Travel is occasional at approximately 10%, including international.
• Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.
• Minimum of 10 + years of experience with at least 5 years in software or product cybersecurity.
,

Keyskills :
secure sdlcsecurity toolsdata analyticsiso 27001data privacysmart citiesagile project managementinternet of thingslead change