Johnson Controls

Principal Product Cybersecurity Integration Engineer - Wisconsin, Milwaukee

Security Engineer in Milwaukee, WI

Posted 2019-08-20
Description

How you will do it
Utilize system integration and DevOps best practices in providing hands-on technical expertise for the development, deployment and adoption of an integrated security tool chain.
Understand overall security program policies and standards, and associated governance, risk and compliance in providing security tool integration and automation within and across business units, including sales channels and field engineering.
Contribute to security tool integration and automation strategies and roadmaps.
Provide technical expertise in implementing solutions that optimize cybersecurity product development processes and accelerate the build out, operationalization, orchestration and adoption of the integrated security tool chain.
Understand the security tool integration and automation needs of security governance, risk and compliance, security engineering and innovation, security operations and incident response to implement solutions that promote software risk reduction and business success.
Participate in hands-on security tool and service proof-of-concepts and pilot efforts performing objective due diligence analysis in evaluating best-in-class tools and automation solutions.
Understand tool data composition, storage, accessibility and reporting needs across the cybersecurity program. Ensure data needs are a critical factor in performing security automation due diligence and evaluation.
Understand data management principles and techniques utilized in the design and development of secure, reliable, responsive tool chain data stores. Implement secure data connections and flow automation for each security tool introduced into the tool chain.
Utilize the established workflow and automated processes within the integrated security tool chain to provide ETL data capabilities to supply data feeds for dashboard creation and reporting on security program health and maturity, cybersecurity risks, risk mitigations, and trends.
Work with product security marketing and communications to develop communication plans in regard to awareness, training, rollout and adoption of product security tools and automation.
Educate and train security architects, security champions, developers, and engineers on security tools and automation capabilities integrated into the product development process.
Support customer-driven cybersecurity audits and inquiries via automated and/or self-service security tool chain reporting. Establish data feeds for advanced analytics and customization.
Promote continuous improvement through ingenuity, creativity and innovative thinking.

What we look for
Technical and operational excellence, thought leadership, integrative and innovative thinking.
Self-starter highly motivated to achieve superior results in integrating advanced and emerging technologies to develop a scalable, sustainable, distributed integrated security tool chain.
Experiential knowledge of integrating diverse, complex software systems and tools, and implementing operational workflows, processes and procedures to deploy capabilities across large organizations including experience in scaling distributed systems.
Proven ability to convert functional concepts and requirements into technical designs.
Ability to influence people and bring groups to consensus, especially from other organizations.
Product development and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations.
Solid understanding of software security governance, risk and compliance activities i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models.
Experience with Continuous Integration, testing and Continuous Deployment technologies and the build out of CI/CD pipelines including build tools such as Jenkins, TeamCity, and Bamboo and CI/CD configuration tools such as Puppet, Chef, Ansible, and Salt.
Understanding of cloud, embedded, web and mobile platforms and associated architectures.
Experience in the use of application security tools for security requirements, design, development, testing, deployment and execution (SAST, DAST, SCA, DB security scanning, MAST, IAST, STaaS, penetration testing, code diversity, ASTO, etc.)
Experience in API development.
Excellent problem-solving and troubleshooting skills to analyze system integration and automation operational and support issues.
Familiarity with data management principles and techniques at the enterprise level.
Ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA.)
Strong interpersonal, organizational, written/verbal communication, and presentation skills.
Ability to provide consulting, mentorship and training at the technical level.
Ability to build trust with stakeholders and explain tool configuration/setup, interoperability and automation security topics both at a technical level and abstracted for Senior Management.
Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable a plus.
Bachelor’s degree in Computer Science, Engineering, Information Systems, Cybersecurity or related technical degree.
CISSP, CSSLP, CCSP or related security and PMP project management certifications are a plus.
Minimum of 10 years of experience; at least 6 years in software development and cybersecurity.
Travel is occasional at approximately 5%; including international.

Ready to be Seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be Seen in a new Security Engineer job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and Be Seen.