Sr. Product Security Engineer

Trane Technologies • Full-time • Minneapolis • 3h ago

At Trane Technologies^TM and through our businesses including Trane^® and Thermo King^®, we create innovative climate solutions for buildings, homes, and transportation that challenge what’s possible for a sustainable world. We're a team that dares to look at the world's challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go.
What’s in it for you:  

Be a part of our mission! As a world leader in creating comfortable, sustainable, and efficient environments, it’s our responsibility to put the planet first. For us at Trane Technologies, sustainability is not just how we do business—it is our business. Do you dare to look at the world's challenges and see impactful possibilities? Do you want to contribute to making a better future? If the answer is yes, we invite you to consider joining us in boldly challenging what’s possible for a sustainable world. 

Thrive at work and at home:  

Benefits kick in on DAY ONE for you and your family, including health insurance and holistic wellness programs that include generous incentives – WE DARE TO CARE!

Family building benefits include fertility coverage and adoption/surrogacy assistance.

401K match up to 6%, plus an additional 2% core contribution = up to 8% company contribution.

Paid time off, including in support of volunteer and parental leave needs.

Educational and training opportunities through company programs along with tuition assistance and student debt support.

Learn more about our benefits here!

Where is the work:

On-Site (5 days)

From Monday to Thursday, work onsite with your colleagues. On Fridays, choose your work location, balancing what your work requires

Prioritize engaging with customers. When not directly interacting with customers; collaborate with colleagues in your office

This is a virtual position

Our Thermo King business develops transport HVAC and refrigeration products that provide temperature control solutions to help our customers efficiently deliver cargo with confidence.Using our range of transport refrigeration solutions, our customers deliver essential cargo, like food and pharmaceuticals, all while maintaining the critical temperature control-chain.

Thrive at work and at home:

Benefits kick in on DAY ONE for you and your family, including health insurance and holistic wellness programs that include generous incentives – WE DARE TO CARE!
Family building benefits include fertility coverage and adoption/surrogacy assistance.
401K match up to 6%, plus an additional 2% core contribution = up to 8% company contribution.
Paid time off, including in support of volunteer and parental leave needs.
Educational and training opportunities through company programs along with tuition assistance and student debt support.
Learn more about our benefits here!

Where is the work:

This position has been designated as hybrid. From Mon-Thurs, work onsite with your colleagues. On Fridays, choose your work location, balancing what your work requires.

Job Summary:

We are hiring an experienced Senior Product Security Engineer, who will work on the creation and implementation of secure embedded software by demonstrating a comprehensive understanding of secure by design principles to support multiple refrigeration and mobile HVAC applications.

In this role, you will lead the cross-product efforts to regularly assess threats and vulnerabilities, perform Security DFMEA, and facilitate penetration tests on products throughout its lifecycle. You will use the findings from new threats to improve processes and productivity by providing guidance and implementing priority updates based on findings. Your tasks include developing and capturing requirements, writing software, coordinating implementation, and helping the team to deliver product security goals. You will work closely with Systems, Hardware, Software, and teams to understand customer needs, align product security with overall practices, and define effective product security solutions and oversee their development.

Core Job Responsibilities (others may be added):

Risk Management: Assess product security risks, develop comprehensive mitigation strategies, and evaluate technical and business trade-offs.
Lead Security Activities: Apply the Secure Development Lifecycle and lead product security processes including architectural analysis, threat modeling, security DFMEA, penetration testing, attack modeling and simulation, and data privacy impact assessments.
Vulnerability Management: Identify, evaluate, and verify security issues discovered through automated testing, penetration testing, and customer feedback. Maintain and track closure of vulnerability backlogs.
Compliance & Standards: Interpret and enforce product security requirements, conduct vulnerability reviews, and ensure compliance with industry regulations and standards (IEC 62443, ISO 21434, NIST, etc.).
Security Tools Oversight: Monitor outputs and effectiveness from all security tools integrated within the software development lifecycle.
Technical Guidance: Advise, guide, and mentor cross-disciplinary engineering teams during the design, review, and implementation of security features.
Assurance: Validate that software meets all functional, security, regulatory (cybersecurity compliance), and quality benchmarks—particularly within industrial and transportation environments.

Key Competencies & Skillset

Embedded Systems Experience: Demonstrated expertise in securing embedded controls platforms, with hands-on knowledge of Embedded Linux (e.g., Yocto) and RTOS environments (e.g., FreeRTOS, Zephyr Project, MicroC/OS-II).
Connectivity Protocols: Preferred background in industrial communication protocols—CAN J1939, MQTT, OPC-UA, secure IP-based protocols, and Automotive Ethernet (100Base-T1, 10Base-T1S).
Security Analysis: Strong grasp of static analysis (SAST) and software composition analysis techniques for vulnerability detection and remediation.
DevOps & Automation: Familiarity with modern DevOps pipelines and tools (e.g., GitHub Actions, Azure DevOps, GitLab CI), with practical knowledge of automated testing frameworks (e.g., CppUTest).
Communication & Collaboration: Effective communicator with strong organizational skills, adept at working with cross-functional teams and presenting technical risks to varied audiences.
Continuous Improvement: Commitment to ongoing learning and driving continuous maturity in product security processes and technical strategies.

Preferred Qualifications

Bachelor’s or Master’s degree in computer engineering, computer science, electrical engineering or related technical field with 5+ years of experience.
Preferred that the candidate have experience as an embedded product security engineer.
Experience with embedded software development and proficiency in relevant programming languages (e.g., C, C++, C#, Rust, Python).
Multi-region travel up to 5% may be required

Compensation:

Base Pay Range: $90,000- $135,000+

Total compensation for this role will include a commission/incentive plan. Disclaimer: This base pay range is based on US national averages. Actual base pay could be a result of seniority, merit, and geographic location where the work is performed.

Equal Employment Opportunity:  
We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status. 

Related Jobs

Apply