Application Security Engineer

Build your best future with the Johnson Controls team

As a global leader in smart, healthy and sustainable buildings, our mission is to reimagine the performance of buildings to serve people, places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities.

We strive to provide our employees with an experience, focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard – your next great opportunity is just a few clicks away!

• Competitive salary

• Paid vacation/holidays/sick time

• Comprehensive benefits package including 401K, medical, dental, and vision care

• On the job/cross training opportunities

• Encouraging and collaborative team environment

• Dedication to safety through our Zero Harm policy

In this high impact opportunity within the Application Security organization, you will report directly to the Manager, Application Security. You will drive continuous improvement initiatives aligned to our cybersecurity maturity framework and roadmap, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, applications, platforms, and service offerings.

You will apply your expertise in secure software development practices to ensure security and privacy by design requirements are fulfilled and that applications are delivered with strong cybersecurity as a core feature. In this role, you will play a pivotal role in managing cybersecurity risk, differentiating Johnson Controls, and enabling business success.

• Provide cybersecurity expertise and guidance to application development teams, security champions, and business leaders throughout all phases of the software development life cycle.

• Drive policy compliance and high quality for secure SDLC activities – security requirements, security architectures, threat and attack models, supply chain security, code reviews, SAST, DAST, IAST, penetration testing, and security, hardening. Architect security and privacy by design and secure‑by‑default into software applications for mobile, embedded systems, and cloud.

• Drive efforts to quantify residual product and application risk and identify appropriate security controls.

• Review application architectures for security design gaps and vulnerabilities and consult with development teams to remediate or mitigate cyber risk.

• Assist coordination of third‑party penetration testing vendor engagements with product teams.

• Help engineers and product managers identify solutions to meet cybersecurity requirements.

• Maintain current knowledge of security threats and vulnerabilities that could impact products and applications.

• Support incident response operations, training, and exercises, including exploitation analysis and countermeasure testing.

• Assist coordination and tracking of vulnerability remediation activities.

• Raise security awareness and drive security training and certification for people and products.

• Support periodic reporting to senior executive leadership on health and status of the application security program, cybersecurity risks, risk mitigations, and trends.

• Use agile project management to manage resources and track milestones and deliverables.

• Support internal audits and assessments to identify risks and determine mitigation actions.

• Identify cybersecurity opportunities that enhance the developer and customer experience.

• Support cybersecurity risk and technology assessments.

• Knowledge of cybersecurity compliance, regulations, industry standards and certifications.

• Excellent written and verbal communication and presentation skills.

• Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.

• Customer relations acumen with ability to explain complex technical details to a wide audience.

• Excellent interpersonal, organizational, written and verbal communication skills.

• Relevant work experience.

• BS/BA in cybersecurity, computer science, engineering, or related technical degree or equivalent years of experience.

• Cybersecurity certifications, e.g. CISSP, GSEC, Sec+, or related are preferred.

• Up to 10‑15% travel, including international.

HIRING SALARY RANGE: $84,000 -$105,000 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, location and alignment with market data.)This position includes a competitive benefits package. For details, please visit the About Us tab on the Johnson Controls Careers site at

#LI-Remote