Principal Cyber Integration Engineer (Remote)

Johnson Controls

Charlotte North Carolina

United States

Information Technology
(No Timezone Provided)

The future is being built today, and Johnson Controls is making that future more productive, more secure, and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise intelligent buildings and smart cities that connect communities in ways that make people's lives - and the world - better. What you will do In this career defining opportunity within the Global Product Security organization, you will support security integration and automation initiatives aimed at making our products more resilient to cyber threats and our company more effective at managing risk. You will build, deploy, maintain, and continuously improve a fully integrated security tool chain that embeds security, privacy, and policy controls within the product development lifecycle. You will play a critical role in enhancing the developer and customer experience making cybersecurity and risk management a foundational component of the product development process. Through a combined skill set in software development, systems integration, DevOps, and security, you will work to advance our product security maturity infusing best-in-class security tools across the full lifecycle of our products, platforms, and service offerings.How you will do it Utilize system integration and DevOps best practices in providing hands-on technical expertise for the development, deployment, and adoption of an integrated security tool chain Understand overall security program policies and standards, and associated governance, risk, and compliance in providing security tool integration and automation within and across business units, including sales channels and field engineering. Contribute to security tool integration and automation strategies and roadmaps Provide technical expertise in implementing solutions that optimize cybersecurity product development processes and accelerate the build out, operationalization, orchestration, and adoption of the integrated security tool chain Understand the security tool integration and automation needs of security governance, risk and compliance, security engineering and innovation, security operations and incident response to implement solutions that promote software risk reduction and business success Participate in hands-on security tool and service proof-of-concepts and pilot efforts performing objective due diligence analysis in evaluating best-in-class tools and automation solutions Understand tool data composition, storage, accessibility, and reporting needs across the cybersecurity program. Ensure data needs are a critical factor in performing security automation due diligence and evaluation Understand data management principles and techniques utilized in the design and development of secure, reliable, responsive tool chain data stores. Implement secure data connections and flow automation for each security tool introduced into the tool chain Utilize the established workflow and automated processes within the integrated security tool chain to provide ETL data capabilities to supply data feeds for dashboard creation and reporting on security program health and maturity, cybersecurity risks, risk mitigations, and trends Work with product security marketing and communications to develop communication plans regarding awareness, training, rollout and adoption of product security tools and automation Educate and train security architects, security champions, developers, and engineers on security tools and automation capabilities integrated into the product development process Support customer-driven cybersecurity audits and inquiries via automated and/or self-service security tool chain reporting. Establish data feeds for advanced analytics and customization Promote continuous improvement through ingenuity, creativity, and innovative thinking Travel is occasional at approximately 5%, including international What we look forRequired Bachelor's degree in Computer Science, Engineering, Information Systems, Cybersecurity, or related technical degree 2-3 years of software development and knowledge of SDLC is needed. Shown experience integrating diverse, sophisticated software systems and tools, and implementing operational workflows, processes and procedures to deploy capabilities across large organizations including experience in scaling distributed systems Experience with Continuous Integration, testing and Continuous Deployment technologies and the understanding of the build out of CI/CD pipelines including build tools such as Jenkins, TeamCity, and Bamboo and CI/CD configuration tools such as Puppet, Chef, Ansible, and Salt Understanding of cloud, embedded, web and mobile platforms and associated architecturesPreferred API Development Cybersecurity experience Experience in the use of application security tools for security requirements, design, development, testing, deployment, and execution (SAST, DAST, SCA, DB security scanning, MAST, IAST, STaaS, penetration testing, code diversity, ASTO, etc.) strongly preferred Technical and operational excellence, thought leadership, integrative and innovative thinking Excellent problem-solving and troubleshooting skills to analyze system integration and automation operational and support issues Ability to influence people and bring groups to consensus, especially from other organizations CISSP, CSSLP, CCSP or related security and PMP project management certifications Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable Strong interpersonal, organizational, written/verbal communication, and presentation skills Self-starter highly motivated to achieve superior results in integrating advanced and emerging technologies to develop a scalable, sustainable, distributed integrated security tool chain Product development and software security experience, including secure SDLC practices, security, and privacy by design architectures, and secure by default configurations. Ability to build trust with partners and explain tool configuration/setup, interoperability, and automation security topics at a technical level Ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA.) Proven track record to convert functional concepts and requirements into technical designsJohnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit

Principal Cyber Integration Engineer (Remote)

Johnson Controls

Charlotte North Carolina

United States

Information Technology

(No Timezone Provided)

The future is being built today, and Johnson Controls is making that future more productive, more secure, and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise intelligent buildings and smart cities that connect communities in ways that make people's lives - and the world - better. What you will do In this career defining opportunity within the Global Product Security organization, you will support security integration and automation initiatives aimed at making our products more resilient to cyber threats and our company more effective at managing risk. You will build, deploy, maintain, and continuously improve a fully integrated security tool chain that embeds security, privacy, and policy controls within the product development lifecycle. You will play a critical role in enhancing the developer and customer experience making cybersecurity and risk management a foundational component of the product development process. Through a combined skill set in software development, systems integration, DevOps, and security, you will work to advance our product security maturity infusing best-in-class security tools across the full lifecycle of our products, platforms, and service offerings.How you will do it Utilize system integration and DevOps best practices in providing hands-on technical expertise for the development, deployment, and adoption of an integrated security tool chain Understand overall security program policies and standards, and associated governance, risk, and compliance in providing security tool integration and automation within and across business units, including sales channels and field engineering. Contribute to security tool integration and automation strategies and roadmaps Provide technical expertise in implementing solutions that optimize cybersecurity product development processes and accelerate the build out, operationalization, orchestration, and adoption of the integrated security tool chain Understand the security tool integration and automation needs of security governance, risk and compliance, security engineering and innovation, security operations and incident response to implement solutions that promote software risk reduction and business success Participate in hands-on security tool and service proof-of-concepts and pilot efforts performing objective due diligence analysis in evaluating best-in-class tools and automation solutions Understand tool data composition, storage, accessibility, and reporting needs across the cybersecurity program. Ensure data needs are a critical factor in performing security automation due diligence and evaluation Understand data management principles and techniques utilized in the design and development of secure, reliable, responsive tool chain data stores. Implement secure data connections and flow automation for each security tool introduced into the tool chain Utilize the established workflow and automated processes within the integrated security tool chain to provide ETL data capabilities to supply data feeds for dashboard creation and reporting on security program health and maturity, cybersecurity risks, risk mitigations, and trends Work with product security marketing and communications to develop communication plans regarding awareness, training, rollout and adoption of product security tools and automation Educate and train security architects, security champions, developers, and engineers on security tools and automation capabilities integrated into the product development process Support customer-driven cybersecurity audits and inquiries via automated and/or self-service security tool chain reporting. Establish data feeds for advanced analytics and customization Promote continuous improvement through ingenuity, creativity, and innovative thinking Travel is occasional at approximately 5%, including international What we look forRequired Bachelor's degree in Computer Science, Engineering, Information Systems, Cybersecurity, or related technical degree 2-3 years of software development and knowledge of SDLC is needed. Shown experience integrating diverse, sophisticated software systems and tools, and implementing operational workflows, processes and procedures to deploy capabilities across large organizations including experience in scaling distributed systems Experience with Continuous Integration, testing and Continuous Deployment technologies and the understanding of the build out of CI/CD pipelines including build tools such as Jenkins, TeamCity, and Bamboo and CI/CD configuration tools such as Puppet, Chef, Ansible, and Salt Understanding of cloud, embedded, web and mobile platforms and associated architecturesPreferred API Development Cybersecurity experience Experience in the use of application security tools for security requirements, design, development, testing, deployment, and execution (SAST, DAST, SCA, DB security scanning, MAST, IAST, STaaS, penetration testing, code diversity, ASTO, etc.) strongly preferred Technical and operational excellence, thought leadership, integrative and innovative thinking Excellent problem-solving and troubleshooting skills to analyze system integration and automation operational and support issues Ability to influence people and bring groups to consensus, especially from other organizations CISSP, CSSLP, CCSP or related security and PMP project management certifications Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable Strong interpersonal, organizational, written/verbal communication, and presentation skills Self-starter highly motivated to achieve superior results in integrating advanced and emerging technologies to develop a scalable, sustainable, distributed integrated security tool chain Product development and software security experience, including secure SDLC practices, security, and privacy by design architectures, and secure by default configurations. Ability to build trust with partners and explain tool configuration/setup, interoperability, and automation security topics at a technical level Ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA.) Proven track record to convert functional concepts and requirements into technical designsJohnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit