Experience Inc. Jobs

At Trane Technologies we Challenge Possible. Our brands – including Trane® and Thermo King® (https://www.thermoking.com/na/en.html) - create access to cooling and comfort in buildings and homes, transport and protect food and perishables, connect customers to elevated performance with less environmental impact, dramatically reduce energy demands and carbon emissions, and innovate with a better world in mind. We boldly challenge what’s possible for a sustainable world.

Job Summary

Trane Technologies is seeking an engineer to assess, standardize and mitigate our control product offerings to achieve our connected strategy. You will be responsible for conducting assessments of our product offerings to identify and mitigate security vulnerabilities. You will also be responsible for developing and implementing pen testing standards and procedures, as well as participating in architectural reviews and threat modelling exercises.

Responsibilities and Duties

• Conducting penetration testing, architectural reviews, threat modelling and secure coding practices.

• Contribute to the development of workflows to support the transition of strategic plans into practical implementation plans.

• Educate and implement security practices as a standard from the inception of the work.

• Research, learn, and continuously improve skills to emulate attacker tactics, techniques, and procedures.

• Develop standards, methodologies, procedures, and manuals for Trane Technologies Software Development Lifecycle

• Provide security and vulnerability remediation expertise to technology stakeholders and partners.

• Version control, build/release tools and methodologies, and CI/CD pipelines.

Qualifications and Skills

• Bachelor's degree/MTech with an emphasis on cyber security.

• Minimum 3+ years of overall experience in SDLC, security architecture and engineering expertise, Application Security, Network Security, Mobile Security, Software Security etc.

• Strong understanding of operational technology principles, concepts and techniques, system security vulnerability assessment and penetration testing for operational technology.

• Mastery understanding the industrial protocols.

• Expertise in leading security projects (including reviews, tool development, and security best practices)

• Experience with penetration testing standardization frameworks, such as ISA/IEC 62443, NIST and CIS.

• Experience with severity ratings systems, and ability to calculate CVSS ratings for identified vulnerabilities.

• Automate penetration and other security tests on networks, systems, and applications.

• Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc.

• Ability to test devices including network protocols: Ethernet, Wi-Fi, Zigbee, Z-Wave, Bluetooth, etc.

• Coding experience for tooling development and security code review (bonus points for C/C++).

• Perform research, evaluation and engineering of security technology, products and solutions.

Preferred Certifications

• LPT, GICSP, GRID, ISA/IEC 62443, CSSA, GPEN, CISSP, CISM, OSCP, CRT

We offer competitive compensation and comprehensive benefits and programs that help our employees thrive in both their professional and personal lives. We are proud of our winning culture which is inclusive and respectful at its core. We share passion for serving customers, caring for others, and boldly challenging what’s possible for a sustainable world.

We are committed to achieving workforce diversity reflective of our communities. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.