At
Trane Technologies® we Challenge Possible. Our brands – including
Trane® and
Thermo King® - create access to cooling and comfort in buildings and homes, transport and protect food and perishables, connect customers to elevated performance with less environmental impact, dramatically reduce energy demands and carbon emissions, and innovate with a better world in mind. We boldly challenge what’s possible for a sustainable world.
Job Summary:Trane Technologies is seeking candidates to determine if vulnerabilities exist in control product offerings in our connected strategy. This includes assessing the security of cloud and web applications and embedded systems, including operating systems, software/firmware applications, embedded devices, and communications networks, with an emphasis on the cybersecurity of software and control systems.
Responsibilities:
This role is responsible for working with controls engineering team members of Trane strategic business units to identify business and technology vulnerabilities during product development phases of the Trane Technologies Product Development Process and recommend security requirements to address them. Assessment responsibilities will include test artifacts for coverage related to security aspects, hands-on threat modeling, hands-on vulnerability assessment services, hands-on penetration testing, and coaching of less experienced analysts.
- Perform iterative threat and vulnerability assessments and pen tests for re-assessing throughout a products’ lifetime.
- Recommend and implement assessment updates on new approaches as needed, to counteract new threats and mitigate discovered vulnerabilities.
- Use black box and/or white box techniques (e.g., SAST/DAST) to locate vulnerabilities
- Understand standards relevant to customer requirements, e.g. FIPS, NIST and be able to create tests to validate the standard
- Coach other analysts to support the assessment and test phases, and leverage external partners to support activities as needed.
- Good exposure to scripting and command-line configuration and utilities required
- In-depth knowledge of web technologies, protocols, web services, and interfaces required
- Applied experience in Jira/Confluence or other defect management systems required
- Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc. required
- Deep understanding of the Vulnerability Management process pertaining to applications
- Experience with Firewall, IDS/IPS, WAF (Web Application Firewall) preferred
- Should have good working knowledge on Vulnerability Assessment, Penetration Testing
- Good exposure to secure application architecture assessment
Qualifications:
- Bachelor's degree in Computer Science, Electrical Engineering or similar engineering discipline with an emphasis on cybersecurity.
- Strong understanding of operational technology principles, concepts, and techniques
- Experience with system security vulnerability assessment and penetration testing for operational technology
- Minimum 4 to 5 years of overall experience with 2 years of minimum experience in Application Security, Network Security, Cloud Security, Mobile Security, etc
- Ability to test devices including network protocols: Ethernet, 802.11 Wifi, intra-component such as Zigbee, Z-Wave, Bluetooth, etc
- Understanding and skill in cybersecurity tools and environments, i.e. Kali Linux, McAfee, Metasploit, etc.
- Aware of current security threats, techniques, and landscape, as well as a self-motivated desire to define and implement new test artifacts to identify new vulnerabilities
- Demonstrated ability to lead efforts in this area, with a desire to expand beyond the assessment and testing phases to lead cybersecurity efforts across the entire software development lifecycle
- Strong written and oral communication skills
Additional Qualifications
- Threat Modeling and Secure Development Lifecycle experience.
- GWAPT, GPEN, SEC588, GMOB, OSCP, and CSSLP Certification preferred.
- Working experience with OWASP Top 10 for web applications
We offer competitive compensation and comprehensive benefits and programs that help our employees thrive in both their professional and personal lives. We are proud of our winning culture which is inclusive and respectful at its core. We share a passion for serving customers, caring for others, and boldly challenging what’s possible for a sustainable world.
We are committed to achieving workforce diversity reflective of our communities. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.
