Get new similar jobs by email for

Product Security Test Lead


Job Summary

Johnson Controls
Westford, MA
Other/Not Classified
Job Type
Full Time
Career Level
Experienced (Non-Manager)
Job Reference Code

Product Security Test Lead

About the Job

What you will do:


The Principal Product
Security Engineer (Engineer IV) / Lead Product Security Test Engineer 
an experienced engineer with demonstrated experience in penetration and product
security testing.


primary responsibility of the Lead Product Security Test Engineer is
to lead all areas of product security testing including penetration testing,
vulnerability assessment, and security feature validation within a line of
business. This includes building, maintaining, and ever improving the internal
product security labs, communicating findings to multiple, diverse development
teams, managing external test partners and bug bounty programs, and assisting
in product incident response.


How you will do it:


The Product
Security Test Engineer 
shall perform security testing including
penetration testing, vulnerability assessment, and security feature validation
within a line of business.


is the responsibility of the Lead Product Security Test Engineer to
maintain the equipment, applications, and tools of the security lab to ensure
the lab is capable to support all products within the line of business. This
will include making recommendations to the purchase and/or development of
equipment, tools, and applications. He/She shall also ensure the lab
capabilities, standards, procedures, and documentation are kept in accordance
with quality expectations.


is expected that a Product Security Test Engineer
in the effort of building of cybersecurity knowledge within their line of
business. To achieve this expectation, the Product Security Test
support efforts to comply with training requirements and recommendations. They
may also be required to facilitate group study sessions and lead other
training/thought leadership efforts within JCI.


directed by the LoB Security Architect, the Product Security Test
assist in the identification of affected products, perform vulnerability
triage, assist in the assignment of severity, and assessment of mitigation
efforts and report these to the LoB Security Architect and Security Advocates.

is essential for the Product Security Test Engineer to be a
subject matter expert in product cybersecurity, security testing methodologies
and techniques, and the products in which they support. For this reason, it is
expected that the Product Security Test Engineer shall maintain
a regular cadence of study of technical security training as well as attending
all required training for Security Champions and available product training for
his/her supported products.

What we look for:


  • Five or more years of hands-on penetration testing required

  • Excellent up-to-date technical and hands-on knowledge, experience
    in current attack methods, penetration testing methods, and hacking tools;
    especially for web applications, required.


  • Certifications
    (GPEN, GWAPT, GXPN, OSCP, and/or OSCE) are a plus, but not required. JCI
    offers support for training and testing and certification is expected to
    be achieved while in the role.

  • Strong
    leadership and communication skills and be able to discuss technical
    topics to individuals and groups with a wide range of technical

  • Good
    financial and general business acumen

  • Goal-oriented
    with a strong drive for success


Johnson Controls is an equal
employment opportunity and affirmative action employer and all qualified
applicants will receive consideration for employment without regard to race,
color, religion, sex, national origin, age, protected veteran status, status as
a qualified individual with a disability, or any other characteristic protected
by law. For more information, please view
EEO is the Law. If you are an individual with a disability and you require an
accommodation during the application process, please visit


Job Tools