Sr. Cloud Product Cybersecurity Architect - Remote

Company: Johnson Controls, Inc.
Location: Detroit
Posted on: May 7, 2021

Job Description:

What you will do The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people's lives - and the world - better. In this career defining opportunity within the Global Product Security organization, you will drive continuous improvement initiatives aligned to our cybersecurity maturity framework and roadmap, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. You will apply your expertise in secure software development practices to ensure security and privacy by design requirements are fulfilled and that products are released to market with strong cybersecurity as a core feature. In this role, you will play a pivotal role in managing cybersecurity risk, differentiating Johnson Controls, and enabling business success. *This position is Remote role that focuses on cloud-based products and cloud experience /expertise is required How you will do it * Provide cybersecurity expertise and guidance to product development teams, security champions, and business leaders throughout all phases of the software development life cycle * Drive policy compliance and high quality for secure SDLC activities -- security requirements, security architectures, threat and attack models, supply chain security, code reviews, SAST, DAST, IAST, penetration testing, and security hardening * Architect security and privacy by design and secure-by-default into software applications, embedded systems, and cloud platforms * Periodically assess security policies, standards, and metrics to drive improvements that help Johnson Controls adapt to evolving regulatory, customer, and threat environments * Drive efforts to quantify residual product risk and identify appropriate security controls * Drive efforts to advance innovative security features, capabilities, and practices * Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk * Assist coordination of third-party penetration testing vendor engagements with product teams * Help engineers and product managers identify solutions to meet cybersecurity requirements * Help business unit leaders understand security risks and participate in project resource planning * Maintain current knowledge of security threats and vulnerabilities that could impact products * Support incident response operations, training, and exercises, including exploitation analysis and countermeasure testing. * Assist coordination and tracking of vulnerability remediation activities * Raise cybersecurity awareness and facilitate security training and certification * Support periodic reporting to senior executive leadership on health and status of the product security program, cybersecurity risks, risk mitigations, and trends * Collaborate with product, IT, and privacy teams on product security risks and opportunities * Use agile project management to manage resources and track milestones and deliverables * Support company response to customer audits and inquiries pertaining to product security * Support internal audits and assessments to identify risks and determine mitigation actions * Identify cybersecurity opportunities that enhance the developer and customer experience * Support product security committees, boards, councils and working groups * Support cybersecurity risk and technology assessments * Speak at customer-facing events and present at conferences * Travel is occasional at approximately 15%, including international What we look for Required * Bachelor's degree in engineering or related technical degree * Minimum 10 years of product cybersecurity experience with a focus on Cloud technologies; expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations * CSSLP, CISSP, CCSP, OSCP, CEH OR related cybersecurity certifications * 5 years of experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models * 5 years of experience delivering results using agile methodologies and tools (e.g. Scrum/Kanban, Jira) * 3 years of experience with Product Security Incident Response Team (PSIRT) processes and activities * 5 years of experience with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable Preferred: * Masters Degree * Bachelors degree in Cybersecurity, Computer Science, Engineering or Information Systems * Technical and operational excellence, thought leadership, and integrative thinking * Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls * Demonstrated ability to lead change initiatives that intelligently manage software cyber risks * Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit) * Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++) * Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance * Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C Bus Analyzers, JTAG probing * Knowledge of current security threats and techniques for exploiting software vulnerabilities * Active participation in hackathons, cybersecurity competitions, and exercises * Superior interpersonal, organizational, written/verbal communication, and presentation skills * Ability to build trust with stakeholders and explain complex security topics to all audiences * Experience with Operational Technologies (e.g. Controls Systems, Building Management) Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win everywhere, every day and creating greater value for all of our stakeholders through our strategic focus on buildings. Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.

Keywords: Johnson Controls, Inc., Detroit , Sr. Cloud Product Cybersecurity Architect - Remote, Professions , Detroit, Michigan