Who we are
Johnson Controls is the global leader for smart, healthy and sustainable buildings. At Johnson Controls, we’ve been making buildings smarter since 1885, and our capabilities, depth of innovation experience, and global reach have been growing ever since. Today, we offer the world’s largest portfolio of building products, technologies, software, and services; we put that portfolio to work to transform the environments where people live, work, learn and play.
This is where Johnson Controls comes in, helping drive the outcomes that matter most. Through a full range of systems and digital solutions, we make your buildings smarter. A smarter building is safer, more comfortable, more efficient, and, ultimately, more sustainable. Most important, smarter buildings let you focus more intensely on your unique mission. Better for your people. Better for your bottom line. Better for the planet. We’re helping to create a healthy planet with solutions that decrease energy use, reduce waste and make carbon neutrality a reality.
Sustainability is a top priority for our company. We committed to invest 75 percent of new product development R&D in climate-related innovation to develop sustainable products and services. We take sustainability seriously. Achieving net zero carbon emissions before 2040 is just one of our commitments to making the world a better place.
The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the increasing cybersecurity threat landscape.
Hosted in Singapore, the Information Security Engineer, Network Security is a position reporting into the Global Information Security Network Security Manager with responsibility of assisting in development and implementation of standard operating procedures which support prevention, detection and response of cyber security risks and threats. The global incident management program will provide the company with the ability to complicate, detect, and respond to Cyber Security incidents impacting the enterprise by ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported. The program will have responsibility over security monitoring and is responsible for global 24x7 incident response activities. The global security incident management program will also manage information resources during incident response activities to identify possible cyber-attack or intrusion events, and determine if it is a business impact.
Implementation of the security strategy, working closely with the Incident Response team to build capabilities essential to their mission. Determines information security threats and solutions through partnering with the business groups. University degree or equivalent combination of education and experience. 4 years suggested minimum experience.
What you will do:
- The responsibilities of the Network Security Engineer include, but are not limited to:
- Monitor and analyze network traffic and security event data for proper classification and consumption by security stack
- Investigate intrusion attempts and perform analysis of exploits
- Review security events
- Analyze a variety of network and host-based security appliance logs determine the correct remediation actions and escalation paths for each incident.
- Provide information regarding intrusion events, security incidents, and other threat indicators to IR and other teams
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions
- Participate in knowledge sharing with analyst team on investigative and response methodologies
- Consult with IR for capability and countermeasure enhancements
- Participate in tool lifecycles and roadmaps
The successful candidate will be a passionate information security professional with the ability to communicate to different business and IT leaders. The candidate will be able to execute the security incident response and Information inventory management strategy defined by leaders. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven security strategist.
What We look for:
- A minimum bachelor degree in computer engineering, computer security or computer science discipline
- 4 years of information security related experience log analysis, intrusion detection, or firewall administration, network operations, engineering
- Strong understanding of adversary motivations including cybercrime, cyber hacktivism, cyber war, cyber espionage and the difference between cyber propaganda and cyber terrorism
- Understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment and security metrics
- Strong understanding of Threat Intelligence and Threat Profiling
- Familiarity with network security methodologies, tactics, techniques, and procedures
- Knowledge of network security architecture, understanding of the TCP/IP protocol, and remote access security techniques/products
- Experience with enterprise anti-virus/malware solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
- Have experience monitoring and detecting advanced persistent threats
- Experience with Intrusion Protection Systems (IPS) and other network defense and visibility tools
- Experience with Data Loss Prevention (DLP) technologies
- Understanding of network packet capture and ability to review
- Experience performing security/vulnerability reviews of network environments
- Knowledge of digital forensic and static malware analysis techniques
- Experience generating and modifying network and host-based Indicators of Compromise (IOC)
- Strong research background, utilizing an analytical approach
- Candidate must be able to react quickly, decisively, and deliberately in high stress situations
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, to technical and non-technical audiences at different seniority levels and interact with customers
- Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a global team setting
- Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
- Experience with open source and commercial security management tools
- Experience in the definition and implementation of strategic information security plans
- Moderate knowledge of regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)
- Moderate knowledge in National Institute of Standards and Technology (NIST)
Desired Certifications(but not required):
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GIAC)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Certified Forensic Analyst (GCFA)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Associate Security (CCNA Security)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Professional Security (CCNP Security)
- Cisco Certified Network Professional (CCNP)
- Server Platform Certifications (Microsoft, Linux)
- Forensics Examiner Certification (EnCE, FTK)
Diversity & Inclusion
Our dedication to diversity and inclusion starts with our values. We lead with integrity and purpose, focusing on the future and aligning with our customers’ vision for success. Our High-Performance Culture ensures that we have the best talent that is highly engaged and eager to innovate. Our D&I mission elevates each employee’s responsibility to contribute to our culture. It’s through these contributions that we’ll drive the mindsets and behaviors we need to power our customers’ missions. You have the power. You have the voice. You have the culture in your hands.