At Trane TechnologiesTM and through our businesses including Trane® and Thermo King®, we create innovative climate solutions for buildings, homes, and transportation that challenge what’s possible for a sustainable world. We're a team that dares to look at the world's challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go.
Senior Cybersecurity Engineer will be responsible for working with other Building Automation System (BAS) controls and software engineering team members to identify business, technology and product risks and vulnerabilities in the early stages and embed security requirements to address and validate them. This is done by conducting security assessments where the activities will include threat modeling, attack modeling, security DFMEA, vulnerability assessment, triaging, and reporting.
Core Job Responsibilities:
- Dene and develop processes and methodologies for designing secure systems.
- Engage with teams to conduct security risk assessments and conform to organizational remediation/mitigation timelines in different phases of the secure product development lifecycle.
- Provide product security support to development teams, including reviewing and explaining security tools and processes, providing vulnerability explanations and remediation guidance
- Help drive system and product requirements to meet the regulatory and compliance requirements (like GDPR, ISO, ISA/IEC, SOC2, FedRAMP)
Basic Qualications
- Bachelor's or Master's degree in Computer Science, Electrical Engineering or similar engineering discipline with an emphasis on cyber security
- 8+ years of cumulative experience in software development and engineering expertise in Application, Network, Cloud, Mobile, IoT, ICS, Embedded systems, APIs
- (Including) 5+ years of expertise in Product Security, Security Architecture and Security Assessment: Threat Modeling, Secure Development, Risk Assessment, Threat Analysis, DFMEA, Penetration testing, SDLA tools
- Should have good knowledge of security containers, hands-on experience with DevSecOps principles, and a good handle on end-to-end DevSecOps processes
- Technical understanding of cloud-native architecture and engineering best practices (AWS, Azure, Google Cloud)
- Knowledge of Security Industry Standards and Frameworks: e.g., NIST, ISA/IEC, GDPR, SOC2
Other qualifications
- Familiar with DISA STIG assessment and implementation for Linux and/or Windows systems
- Desirable security certification(s): GICSP, GCLD, GSOC, GDSA, or any other relevant certications.
We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.