This job posting isn't available in all website languages
WD30109929053 Requisition #

The future is being built today, and Johnson Controls is making that future more productive, more secure, and more sustainable.  We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better. 

In this career defining opportunity within the Global Product Security organization, you will support security integration and automation initiatives aimed at making our products more resilient to cyber threats and our company more effective at managing risk.  You will build, deploy, maintain, and continuously improve a fully integrated security tool chain that embeds security, privacy, and policy controls within the product development lifecycle.  You will play a critical role in enhancing the developer and customer experience making cybersecurity and risk management a foundational component of the product development process.  Through a combined skill set in software development, systems integration, DevOps, and security, you will work to advance our product security maturity infusing best-in-class security tools across the full lifecycle of our products, platforms, and service offerings.

How you will do it

  • Utilize system integration and DevOps best practices in providing hands-on technical expertise for the development, deployment, and adoption of an integrated security tool chain
  • Understand overall security program policies and standards, and associated governance, risk, and compliance in providing security tool integration and automation within and across business units, including sales channels and field engineering.
  • Contribute to security tool integration and automation strategies and roadmaps
  • Provide technical expertise in implementing solutions that optimize cybersecurity product development processes and accelerate the build out, operationalization, orchestration, and adoption of the integrated security tool chain
  • Understand the security tool integration and automation needs of security governance, risk and compliance, security engineering and innovation, security operations and incident response to implement solutions that promote software risk reduction and business success
  • Participate in hands-on security tool and service proof-of-concepts and pilot efforts performing objective due diligence analysis in evaluating best-in-class tools and automation solutions
  • Understand tool data composition, storage, accessibility, and reporting needs across the cybersecurity program. Ensure data needs are a critical factor in performing security automation due diligence and evaluation
  • Understand data management principles and techniques utilized in the design and development of secure, reliable, responsive tool chain data stores.  Implement secure data connections and flow automation for each security tool introduced into the tool chain
  • Utilize the established workflow and automated processes within the integrated security tool chain to provide ETL data capabilities to supply data feeds for dashboard creation and reporting on security program health and maturity, cybersecurity risks, risk mitigations, and trends
  • Work with product security marketing and communications to develop communication plans regarding awareness, training, rollout and adoption of product security tools and automation
  • Educate and train security architects, security champions, developers, and engineers on security tools and automation capabilities integrated into the product development process
  • Support customer-driven cybersecurity audits and inquiries via automated and/or self-service security tool chain reporting.  Establish data feeds for advanced analytics and customization
  • Promote continuous improvement through ingenuity, creativity, and innovative thinking
  • Travel is occasional at approximately 5%, including international

What we look for


  • Bachelor’s degree in Computer Science, Engineering, Information Systems, Cybersecurity, or related technical degree
  • 6 years of software development and cybersecurity experience
  • 3 years of integrating diverse, complex software systems and tools, and implementing operational workflows, processes and procedures to deploy capabilities across large organizations including experience in scaling distributed systems
  • 2 years of experience with Continuous Integration, testing and Continuous Deployment technologies and the build out of CI/CD pipelines including build tools such as Jenkins, TeamCity, and Bamboo and CI/CD configuration tools such as Puppet, Chef, Ansible, and Salt
  • 3 years of experience with cloud, embedded, web and mobile platforms and associated architectures
  • 1 year of API development experience


  • Experience in the use of application security tools for security requirements, design, development, testing, deployment, and execution (SAST, DAST, SCA, DB security scanning, MAST, IAST, STaaS, penetration testing, code diversity, ASTO, etc.) strongly preferred
  • Technical and operational excellence, thought leadership, integrative and innovative thinking
  • Excellent problem-solving and troubleshooting skills to analyze system integration and automation operational and support issues
  • Ability to influence people and bring groups to consensus, especially from other organizations
  • CISSP, CSSLP, CCSP or related security and PMP project management certifications
  • Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable
  • Strong interpersonal, organizational, written/verbal communication, and presentation skills
  • Self-starter highly motivated to achieve superior results in integrating advanced and emerging technologies to develop a scalable, sustainable, distributed integrated security tool chain
  • Product development and software security experience, including secure SDLC practices, security, and privacy by design architectures, and secure by default configurations.
  • Ability to build trust with stakeholders and explain tool configuration/setup, interoperability, and automation security topics at a technical level
  • Ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA.)
  • Proven ability to convert functional concepts and requirements into technical designs


Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win everywhere, every day and creating greater value for all of our stakeholders through our strategic focus on buildings.

Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.


Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

United States of America

📁 Engineering

Requisition #: WD30109781049

United States of America, Wisconsin, Milwaukee

📁 Engineering

Requisition #: WD30106045352

View All Jobs