Our Ability Jobs

At Trane Technologies TM and through our businesses including Trane ® and Thermo King ® , we create innovative climate solutions for buildings, homes, and transportation that challenge what’s possible for a sustainable world. We're a team that dares to look at the world's challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go.

Job Summary

Trane Technologies is seeking a Team lead to assess, standardize and mitigate our control product offerings to achieve our connected strategy. You will be responsible for leading a team of penetration testers in conducting assessments of our product offerings to identify and mitigate security vulnerabilities. You will also be responsible for developing and implementing pentesting standards and procedures, as well as participating in architectural reviews and threat modeling exercises.

Responsibilities and Duties

• Conducting penetration testing, architectural reviews, threat modeling and secure coding practices.

• Contribute to the development of workflows to support the transition of strategic plans into practical implementation plans.

• Educate and implement security practices as a standard from the inception of the work.

• Research, learn, and continuously improve skills to emulate attacker tactics, techniques, and procedures.

• Develop standards, methodologies, procedures and manuals for Trane Technologies Software Development Lifecycle

• Provide security and vulnerability remediation expertise to technology stakeholders and partners.

• Version control, build/release tools and methodologies, and CI/CD pipelines.

Qualifications and Skills

• Bachelor's degree/MTech with an emphasis on cyber security.

• Minimum 8+ years of overall experience in SDLC, security architecture and engineering expertise, Application Security, Network Security, Mobile Security, Software Security etc.

• Strong understanding of operational technology principles, concepts and techniques, system security vulnerability assessment and penetration testing for operational technology.

• Mastery understanding the industrial protocols.

• Expertise in leading security projects (including reviews, tool development, and security best practices)

• Experience with penetration testing standardization frameworks, such as ISA/IEC 62443, NIST and CIS.

• Experience with severity ratings systems, and ability to calculate CVSS ratings for identified vulnerabilities.

• Automate penetration and other security tests on networks, systems, and applications.

• Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc.

• Ability to test devices including network protocols: Ethernet, Wi-Fi, Zigbee, Z-Wave, Bluetooth, etc.

• Coding experience for tooling development and security code review (bonus points for C/C++).

• Perform research, evaluation and engineering of security technology, products and solutions.

Preferred Certifications

• LPT, GICSP, GRID, ISA/IEC 62443, CSSA, GPEN, CISSP, CISM, OSCP, CRT

We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.