Senior Cybersecurity Engineer
Company: Trane Technologies
Location: Saint Paul
Posted on: April 24, 2024
|
|
Job Description:
At Trane Technologies TM and through our businesses including
Trane - and Thermo King - , we create innovative climate solutions
for buildings, homes, and transportation that challenge what's
possible for a sustainable world. We're a team that dares to look
at the world's challenges and see impactful possibilities. We
believe in a better future when we uplift others and enable our
people to thrive at work and at home. We boldly go.
Be a part of our mission! As a world leader in creating
comfortable, sustainable and efficient environments, it's our
responsibility to put the planet first. For us at Trane
Technologies, sustainability is not just how we do business-it is
our business. Do you dare to look at the world's challenges and see
impactful possibilities? Do you want to contribute to making a
better future? If the answer is yes, we invite you to consider
joining us in boldly challenging what's possible for a sustainable
world.
If this sounds exciting to you, read on to learn more about who we
are and what we believe in:
We uplift others - we believe in providing an opportunity for all
and building a culture that is diverse, inclusive, and respectful.
We lift each other up and care about the success and well-being of
others.
We make an impac t - we believe that what we do has the potential
to change the world. We succeed together by striving daily to
create a lasting, positive impact on the planet.
We thrive at work and at home - we are supported by meaningful
benefits, compensation, learning and development solutions, and
opportunities for rewarding careers. We are firmly committed to the
well-being and safety of our people.
This position is eligible for a Hybrid work schedule (3 or more
days on site a week) and will be based out of our St. Paul, MN
location.
Job Summary ---
As a Senior Cybersecurity Engineer you will be responsible for
working with other Building Automation System (BAS) controls and
software engineering team members to identify business, technology
and product risks and vulnerabilities in the early stages and embed
security requirements to address and validate them. A lot of this
is done by conducting security assessments where the activities
will include threat modeling, attack modeling, security DFMEA,
vulnerability assessment, triaging, and reporting.
This Sr. Cyber Security Engineer will also collaborate with product
architects, system engineers, developers, and testers to implement
secure designs by employing secure communications, network/device
access control, authentication, authorization, cryptography, audit,
forensics, and anomaly and misuse detection to provide information
security (integrity, confidentiality, availability, and
non-repudiation).
Core Job Responsibilities (others may be added):
Define and develop processes and methodologies for designing secure
systems
Engage with teams to conduct security risk assessments and conform
to organizational remediation/mitigation timelines in different
phases of the secure product development lifecycle
Provide product security support to development teams, including
reviewing and explaining security tools and processes, providing
vulnerability explanations and remediation guidance
Optimize product/system security by creating and reviewing
architecture and detailed design solutions that reflect best
practices
Coordinate product security program metrics and reporting
Support ongoing vulnerability and patch management through
tracking, triaging and prioritizing across all products to minimize
the potential security risk
Help drive system and product requirements to meet the regulatory
and compliance requirements (like GDPR, ISO, ISA/IEC, SOC2,
FedRAMP)
Assist with training and mentoring of security champions
Partner with third-party vendors to deliver software security tools
and services
Provide expert consultation on application security requirements
and best practices with vulnerability scanning and secure
application design
Partner closely on security operations tasks with cross-functional
teammates in IT, DevOps, Engineering, Compliance, and Test
Manage 3rd party partners and vendors supplying
cybersecurity-related services
Identify the design implications within a platform and system and
work with teams to minimize vulnerabilities
Influence program decisions to reduce the risk exposure of the
company
Participate in Zero-day remediation, Hotfixes, and Incident
Response efforts
Identify and review test coverage for the security aspects of the
system
Assist in responses to external audits, customer questionnaires,
penetration tests and vulnerability assessments
Self-motivated to stay engaged with the market on new security
products, threats and vulnerabilities and to apply innovative
approaches in technology, marketing and service operations to meet
those needs.
Basic Qualifications
Bachelor's or Master's degree in Computer Science, Electrical
Engineering or similar engineering discipline with an emphasis on
cyber security
8+ years of cumulative experience in software development and
engineering expertise in Application, Network, Cloud, Mobile, IoT,
ICS, Embedded systems, APIs
5+ years of expertise in Product Security, Security Architecture
and Security Assessment: Threat Modeling, Secure Development, Risk
Assessment, Threat Analysis, DFMEA, Penetration testing, SDLA
tools
Strong understanding of operational technology principles,
concepts, and techniques
Strong knowledge of current security threats, techniques, and
landscape, as well as a self-motivated desire to research current
in the cybersecurity landscape
Strong knowledge of OpenSSL, TLS mutual authentication, PKI,
digital signatures, and certificate management
Ability to research, develop, and keep abreast of tools,
techniques, and process improvements in support of security
detection and analysis following current and emerging threats
Implementation experience or knowledge of security controls
Should have good knowledge of security containers, hands-on
experience with DevSecOps principles, and a good handle on
end-to-end DevSecOps processes
Technical understanding of cloud-native architecture and
engineering best practices (AWS, Azure, Google Cloud)
Working experience with OWASP Top 10 for web applications
Knowledge of penetration testing techniques, application security
vulnerabilities, OWASP Top 10, SANS 25, CWE, etc
Knowledge of Security Industry Standards and Frameworks: e.g.,
NIST, ISA/IEC, GDPR, SOC2
Excellent verbal and written communication skills, with the ability
to communicate to all levels of the organization.
Preferred Qualifications
Familiar with DISA STIG assessment and implementation for Linux
and/or Windows systems
Desirable security certification(s): GICSP, GCLD, GSOC, GDSA, or
any other relevant certifications.
What's in it for you:
Benefits kick in day one!
6% 401K match, additional 2% core contribution = 8% overall
match
3 weeks of vacation, plus site paid holidays
Base Compensation Range is $70,000 to $121,800
o Disclaimer: This base salary range is based on US national
averages. Actual base pay could be a result of seniority, merit,
geographic location where the work is performed.
We are committed to achieving workforce diversity reflective of our
communities. We are an equal opportunity employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identify,
national origin, pregnancy, age, marital status, disability, status
as a protected veteran, or any legally protected status.
Keywords: Trane Technologies, Woodbury , Senior Cybersecurity Engineer, Engineering , Saint Paul, Minnesota
Click
here to apply!
|