Search Options
View Cache (Job ID 13789279)
Employer Johnson Controls
Job Title Global Product Security Engineer

At Johnson Controls, we're shaping the future to create a world that's safe, comfortable and sustainable. Our global team creates innovative, integrated solutions to make cities more connected, buildings more intelligent and vehicles more efficient. We are passionate about improving the way the world lives, works and plays. The future requires bold ideas, an entrepreneurial mind-set and collaboration across boundaries. You need a career focused on tomorrow. Tomorrow needs you.


The role of the product (cyber) security engineer demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction. Key to the function is ensuring all Johnson Control products are developed with 'security by design.'


This role reports to the Director of Global Product Security -Technical Services as an individual contributor with the aim of assisting in building out the cyber security technical services capabilities (such as automated vulnerability and penetration capabilities) and offerings within the global products organization of Johnson Controls.


Product (Cyber) Security Engineers specialize in the full cyber security technical stack in industrial and manufacturing domains ranging from Web & Mobile application, Cloud & Network infrastructure and Embedded Systems security architecture & security testing for Johnson Controls global product portfolio.

We are looking for smart, motivated cyber security experts who want to refine and build amazing things with us.


  • Delivering security engineering 'security by design' services for products across multiple business units.

  • Consulting in all areas of the Software Development Lifecycle applied to disparate software methodologies for example agile and waterfall models.

  • Delivering end-to-end security architecture and design consulting and auditing of connected network systems while ensuring product cyber-security best practices and requirements are maintained.

  • Delivering technological capabilities that automate security testing for example vulnerability management and penetration testing of Johnson Control products.

  • Perform regular code scanning, vulnerability & penetration tests to detect flaws and aid in the correction of the design prior to deployment to production.

  • Analyzing & evaluating product offerings for business cyber security risk impact and exposure, based on emerging security threats, vulnerabilities and risks; communicating security risks and solutions to business partners.

  • Prototyping and testing countermeasures to defend against attacks.

  • Aid in product security incident and response triage.

  • Working closely with Research & Development, IT, PMO, Privacy and other functional area specialists to ensure adequate security solutions are in place throughout all products to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

  • Advise product security champions and development team members on proper implementation of the Software Security Development Lifecycle policy and how it applies to their product and threat model.

  • Guide and mentor Security Champions in conducting product security assessments and creating threat models.

  • Attend industry training, conferences and roundtable forums, for example OWASP AppSec, RSA, Black Hat, to stay up to date on latest technologies, evolving threats and build relationships in the industry to help the organization become a recognized leader in cyber security knowledge.

  • Represent Global Product Security and the overall product security technical services program on architectural boards, committees, review organizations and so forth.

  • This is an expert technical role. This role delivers the product security engineering, architecture, and design for Johnson Controls products. Therefore, the incumbent works on multiple projects as a subject matter expert.

No people management responsibility


  • Incumbent is desired to have at least one of the following active certifications: CISSP, CEH, CSSLP or related.

  • Good understanding of security tools such as Kali Linux, Zap, openVAS, BurpSuite, Metaspolit and so forth.

  • Good understanding of software programming languages such as Python, Java, C, Perl.

  • Good understanding of firmware and embedded OS design principles such as OTP, TPM.

  • Good understanding of cloud & network infrastructure design principles.

  • Good understanding of application (Web and mobile) design principles such as OWASP.

  • Good understanding of Secure SDLC approaches such as Microsoft SDLC.

  • Good understanding of Windows/Linux threat analysis/defense, patching mechanisms, patch automation.

  • The position benefits from extensive knowledge of Building Technology & Solutions products expertise.¿

  • Ability to work well under minimal supervision.

  • Ability to work with incomplete and ambiguous information to influence system and product direction understanding security and functional requirements.

  • Requires strong interpersonal, organizational, written and verbal communication skills.

  • Ability to influence and guide senior leaders in the business channels, product management and product engineering when required.

  • High levels of integrity in the conduct of personal and professional affairs.

  • Calmness and clarity of thought under pressure and ability to maintain confidentiality.

  • Ability to maintain the goals and culture of the organization.


  • BSc (MSc or higher desired) or equivalent experience in Computer Security, Computer Science, Information Systems or other related field.

  • Minimum of 5 years product engineering experience in product architecture, development and systems engineering work.

This job originally appeared on
Location Cork
Date Added 190 days ago
Apply Link