Job Details The future is being built today, and Johnson Controls is making that future more productive, more secure, and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people's lives - and the world - better! What you will do As Sr. Principal Product Security Architect, you will drive continuous improvement initiatives aligned to our cybersecurity framework and roadmap, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. Your expertise will influence secure software development practices to ensure security and privacy-by-design requirements are fulfilled and that products are released to market with strong cybersecurity as a core feature. You will play a pivotal role in mitigating cybersecurity risk, differentiating Johnson Controls, and enabling business success! How you will do it Provide cybersecurity expertise and mentorship to product development teams, security champions, and business leaders throughout all phases of the software creation process. Share your knowledge of policy compliance and quality for security requirements, security architectures, threat and attack models, supply chain security, code reviews, SAST, DAST, IAST, penetration testing, and security hardening. Build architecture for security, and privacy-by-design and secure-by-default into software applications for mobile, embedded systems, and cloud. Periodically assess security policies, standards, and metrics to build improvements that help Johnson Controls adapt to evolving regulatory, customer, and threat environments. Collaborate on product architectures for security design gaps and vulnerabilities, and provide insight on remediating or mitigating cyber risk. Support internal audits and assessments to identify risks and establish mitigation actions. Identify cybersecurity opportunities that enhance the developer and customer experience. Support product security committees, boards, councils and working groups. Speak at customer-facing events and present at conferences. What we look for Required Bachelor's degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree. Master's degree is helpful. Proven background (8+ years) in software or product cybersecurity. Working knowledge of secure SDLC practices, security and privacy-by-design architectures, and secure-by-default configurations. Experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models. Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit). Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++). Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance. Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing. Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable. CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications. Ability to build trust with partners and explain complex security topics to all audiences. Travel is occasional at approximately 10%, including international. Preferred Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus. Active participation in hackathons, cybersecurity competitions, and exercises are a plus. Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.