|

Get new similar jobs by email for

Product Security Test Lead

Monster
 
 
 
 

Job Summary

Company
Johnson Controls
Location
Westford, MA
Industries
Other/Not Classified
Job Type
Full Time
Employee
Career Level
Experienced (Non-Manager)
Job Reference Code
4307_WD30048958166

Product Security Test Lead

About the Job

What you will do:

 

The Principal Product
Security Engineer (Engineer IV) / Lead Product Security Test Engineer 
is
an experienced engineer with demonstrated experience in penetration and product
security testing.


 

The
primary responsibility of the Lead Product Security Test Engineer is
to lead all areas of product security testing including penetration testing,
vulnerability assessment, and security feature validation within a line of
business. This includes building, maintaining, and ever improving the internal
product security labs, communicating findings to multiple, diverse development
teams, managing external test partners and bug bounty programs, and assisting
in product incident response.


 

How you will do it:

 

The Product
Security Test Engineer 
shall perform security testing including
penetration testing, vulnerability assessment, and security feature validation
within a line of business.


 

It
is the responsibility of the Lead Product Security Test Engineer to
maintain the equipment, applications, and tools of the security lab to ensure
the lab is capable to support all products within the line of business. This
will include making recommendations to the purchase and/or development of
equipment, tools, and applications. He/She shall also ensure the lab
capabilities, standards, procedures, and documentation are kept in accordance
with quality expectations.


 

It
is expected that a Product Security Test Engineer
 assist
in the effort of building of cybersecurity knowledge within their line of
business. To achieve this expectation, the Product Security Test
Engineer
 shall
support efforts to comply with training requirements and recommendations. They
may also be required to facilitate group study sessions and lead other
training/thought leadership efforts within JCI.


 

When
directed by the LoB Security Architect, the Product Security Test
Engineer
 shall
assist in the identification of affected products, perform vulnerability
triage, assist in the assignment of severity, and assessment of mitigation
efforts and report these to the LoB Security Architect and Security Advocates.


It
is essential for the Product Security Test Engineer to be a
subject matter expert in product cybersecurity, security testing methodologies
and techniques, and the products in which they support. For this reason, it is
expected that the Product Security Test Engineer shall maintain
a regular cadence of study of technical security training as well as attending
all required training for Security Champions and available product training for
his/her supported products.












What we look for:


Required
Skills/Experience



  • Five or more years of hands-on penetration testing required

  • Excellent up-to-date technical and hands-on knowledge, experience
    in current attack methods, penetration testing methods, and hacking tools;
    especially for web applications, required.


Preferred
Skills/Experience


  • Certifications
    (GPEN, GWAPT, GXPN, OSCP, and/or OSCE) are a plus, but not required. JCI
    offers support for training and testing and certification is expected to
    be achieved while in the role.


  • Strong
    leadership and communication skills and be able to discuss technical
    topics to individuals and groups with a wide range of technical
    backgrounds

  • Good
    financial and general business acumen

  • Goal-oriented
    with a strong drive for success


 

Johnson Controls is an equal
employment opportunity and affirmative action employer and all qualified
applicants will receive consideration for employment without regard to race,
color, religion, sex, national origin, age, protected veteran status, status as
a qualified individual with a disability, or any other characteristic protected
by law. For more information, please view
EEO is the Law. If you are an individual with a disability and you require an
accommodation during the application process, please visit
www.johnsoncontrols.com/tomorrowneedsyou.










 

Job Tools