Trane Technologies is looking to create and implement secure embedded software for their refrigeration and mobile HVAC applications by addressing threats and vulnerabilities throughout the product lifecycle.
Requirements
- Demonstrated expertise in securing embedded controls platforms, with hands-on knowledge of Embedded Linux (e.g., Yocto) and RTOS environments (e.g., FreeRTOS, Zephyr Project, MicroC/OS-II).
- Preferred background in industrial communication protocols—CAN J1939, MQTT, OPC-UA, secure IP-based protocols, and Automotive Ethernet (100Base-T1, 10Base-T1S).
- Strong grasp of static analysis (SAST) and software composition analysis techniques for vulnerability detection and remediation.
- Familiarity with modern DevOps pipelines and tools (e.g., GitHub Actions, Azure DevOps, GitLab CI), with practical knowledge of automated testing frameworks (e.g., CppUTest).
- Experience with embedded software development and proficiency in relevant programming languages (e.g., C, C++, C-Sharp, Rust, Python).
Responsibilities
- Assess product security risks, develop comprehensive mitigation strategies, and evaluate technical and business trade-offs.
- Apply the Secure Development Lifecycle and lead product security processes including architectural analysis, threat modeling, security DFMEA, penetration testing, attack modeling and simulation, and data privacy impact assessments.
- Identify, evaluate, and verify security issues discovered through automated testing, penetration testing, and customer feedback. Maintain and track closure of vulnerability backlogs.
- Interpret and enforce product security requirements, conduct vulnerability reviews, and ensure compliance with industry regulations and standards (IEC 62443, ISO 21434, NIST, etc.).
- Monitor outputs and effectiveness from all security tools integrated within the software development lifecycle.
- Advise, guide, and mentor cross-disciplinary engineering teams during the design, review, and implementation of security features.
- Validate that software meets all functional, security, regulatory (cybersecurity compliance), and quality benchmarks—particularly within industrial and transportation environments.
Other
- On-Site (5 days)
- From Monday to Thursday, work onsite with your colleagues. On Fridays, choose your work location, balancing what your work requires
- Prioritize engaging with customers. When not directly interacting with customers; collaborate with colleagues in your office
- Effective communicator with strong organizational skills, adept at working with cross-functional teams and presenting technical risks to varied audiences.
- Commitment to ongoing learning and driving continuous maturity in product security processes and technical strategies.
