In this career defining opportunity you will drive smart building cybersecurity solution design and deployment planning to promote effective risk management for secure digital and connected solutions across their operational lifecycle. As a consultant, you will guide installation and service organizations with implementation of the Johnson Controls’ security policies. You will support sales, field, and customer success teams in delivering a positive cybersecurity experience for our customers.

How you will do it

• Provide cybersecurity guidance and assistance to solutions teams, security champions, support teams, and business leaders throughout all phases of customer projects.
• Drive compliance with Johnson Controls’ policies and standards.
• Ensure customer’s security and privacy requirements are identified, implemented and maintained.
• Collaborate with the overall solutions architects to incorporate security to projects by design at all levels of the architecture from device to cloud to minimize risk.
• Work with project teams as they deploy the design and implement hardening guidance.
• Support requirements for customer cybersecurity acceptance.
• Support incident response operations, training, and exercises.

What we look for

Required

• Technical and operational excellence, thought leadership, and integrative thinking.
• Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, threat modeling, and secure by default configurations, supply chain security and security hardening.
• Expert knowledge of network segmentation, firewalls and cloud computing architecture designs.
• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.  

Preferred

• Experience with Operational Technologies (e.g. Controls Systems, Building Management).
• Knowledge of modern secure networking technologies such as zero-trust solutions.
• Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable.
• Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.
• CSSLP, CISSP, CCSP, OSCP, CEH, or related cybersecurity certifications.
• Minimum of 14 years of experience with at least 7 years in software or product cybersecurity.