Penetration Test Engineer (Cloud & Red Team)

Who we are

Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.

Cloud Penetration Test Engineer

What you will do

The Cloud Penetration Testing Lead is responsible for leading and executing penetration testing activities specifically focused on JCI’s cloud environments. This role requires a deep understanding of cloud technologies, security best practices, and penetration testing methodologies. The lead will work closely with security architects, development teams, and infrastructure teams to identify and exploit vulnerabilities wherever possible in cloud-based systems.

How you will do it

• Design and execute complex penetration tests against cloud-native applications, infrastructure, and data stores.
• Exploit vulnerabilities in cloud platforms, such as AWS, Azure, and GCP, using advanced techniques and tools.
• Assess the security posture of cloud-native applications, microservices, and serverless architectures.
• Develop and execute attack scenarios that simulate real-world threats, including supply chain attacks, privilege escalation, and lateral movement.

What we look for

Required

• Must have B.E / B.Tech / M.Tech / MCA in Computer Science or Information Technology
• Must have a minimum of 6 to 8 years penetration testing, with a strong focus on cloud environments.
• In-depth understanding of cloud technologies (AWS, Azure, GCP) and their security implications.
• Proficiency in advanced penetration testing tools and techniques, such as Metasploit, Cobalt Strike, and PowerSploit.
• Experience with container technologies (Docker, Kubernetes) and serverless architectures.
• Strong scripting skills (Python, PowerShell) for automation and custom tool development.
• Active security certifications such as OSCP, CSSLP or related is desired.
• Ability to work well under minimal supervision.
• Requires strong interpersonal, organizational, written and verbal communication skills.

Preferred

• Experience with threat hunting, red team assessments and intelligence gathering techniques.
• Knowledge of emerging security threats and vulnerabilities.
• Experience with cloud-native security controls and best practices.
• Strong understanding of cryptography and network protocols.
• Ability to think critically and creatively to identify and exploit vulnerabilities.