Engineer - Cybersecurity

Trane Technologies is seeking a Team lead to assess, standardize and mitigate our control product offerings to achieve our connected strategy. You will be responsible for leading a team of penetration testers in conducting assessments of our product offerings to identify and mitigate security vulnerabilities. You will also be responsible for developing and implementing pentesting standards and procedures, as well as participating in architectural reviews and threat modeling exercises. Responsibilities and Duties: Conducting penetration testing, architectural reviews, threat modeling and secure coding practices. Contribute to the development of workflows to support the transition of strategic plans into practical implementation plans. Educate and implement security practices as a standard from the inception of the work. Research, learn, and continuously improve skills to emulate attacker tactics, techniques, and procedures. Develop standards, methodologies, procedures and manuals for Trane Technologies Software Development Lifecycle Provide security and vulnerability remediation expertise to technology stakeholders and partners. Version control, build/release tools and methodologies, and CI/CD pipelines. Qualifications and Skills: Bachelor's degree/MTech with an emphasis on cyber security. Minimum 1 - 3 years of overall experience in SDLC, security architecture and engineering expertise, Application Security, Network Security, Mobile Security, Software Security etc. Strong understanding of operational technology principles, concepts and techniques, system security vulnerability assessment and penetration testing for operational technology. Mastery understanding the industrial protocols. Expertise in leading security projects (including reviews, tool development, and security best practices) Experience with penetration testing standardization frameworks, such as ISA/IEC 62443, NIST and CIS. Experience with severity ratings systems, and ability to calculate CVSS ratings for identified vulnerabilities. Automate penetration and other security tests on networks, systems, and applications. Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc. Ability to test devices including network protocols: Ethernet, Wi-Fi, Zigbee, Z-Wave, Bluetooth, etc. Coding experience for tooling development and security code review (bonus points for C/C++). Perform research, evaluation and engineering of security technology, products and solutions.

At Trane Technologies we Challenge Possible. Our brands – including Trane® and Thermo King® - create access to cooling and comfort in buildings and homes, transport and protect food and perishables, connect customers to elevated performance with less environmental impact, dramatically reduce energy demands and carbon emissions, and innovate with a better world in mind. We boldly challenge what's possible for a sustainable world.