Johnson Controls

Johnson Controls

Produces HVAC, fire, security and building automation systems to optimize and protect buildings globally.

94,000BuildingsCommercialResidentialIndustrialEnergyInfrastructureSecuritySafetyFire DetectionHVACControlsSmart BuildingsSustainabilityOperationsMaintenanceRepairsSystem ModernisationCarbon ReductionData AnalyticsFacility ManagementWebsite

Principal Product Security Engineer

Lead product security engineering, ensuring secure design, development, and compliance.

India
Full Time
Expert & Leadership (13+ years)

Job Highlights

Environment
Office Full-Time

About the Role

• Apply expert product and software security knowledge, including secure SDLC and privacy‑by‑design. • Solve cybersecurity problems and map legal, policy and industry requirements to controls. • Lead change initiatives that manage software cyber‑risk. • Deliver results using agile methods and tools such as Scrum, Kanban and Jira. • Perform penetration testing, reverse engineering, fault injection and tamper‑resistance analysis. • Handle TPM, Secure Boot, OTP, PKI and hardware debugging interfaces (JTAG, SPI/I2C). • Stay current on security threats and vulnerability exploitation techniques. • Apply OWASP‑based secure design for web and mobile applications. • Design data‑protection, secure cloud and network infrastructure solutions. • Use risk‑management frameworks such as RMF, NIST 800‑53, IEC 62443, ISO 27001, GDPR, SOC 2, etc. • Build trust with stakeholders and explain security concepts effectively. • Participate in hackathons or cybersecurity competitions (optional).

Key Responsibilities

  • penetration testing
  • reverse engineering
  • secure boot
  • risk management
  • agile delivery
  • secure design

What You Bring

• Exhibit technical and operational excellence with thought leadership. • Understand agile development and CI/CD pipelines. • Work with Linux, Java, Python, Perl and security tools like Kali, Nessus, Netsparker, OpenVAS, BurpSuite, Metasploit. • Know embedded system architectures (ARM, Cortex), RTOS/Linux, network protocols and C/C++ programming. • Experience with operational technologies (control systems, building management) is a plus. • Communicate clearly and present complex security topics to diverse stakeholders. • Hold certifications like CSSLP, CISSP, CCSP, OSCP or CEH. • Possess a bachelor’s degree in Cybersecurity, Computer Science, Engineering or related field. • Have at least 7 years of experience, including 5 years in software/product cybersecurity. • Travel up to 10 % of the time, including occasional international trips.

Requirements

  • linux
  • python
  • c/c++
  • kali
  • cissp
  • bachelor

Work Environment

Office Full-Time

Apply Now