COMPANY DESCRIPTION

At Fortune Brands Innovations, we believe that our innovation and success are fueled by the passion of our people and the strength of our teams. Together, we work to fulfill dreams of home by aligning around common goals, being agile in the face of change, holding ourselves accountable, and acting with integrity and transparency. We succeed when everyone belongs and strive to build a Home for All where all associates can be their true, authentic selves at work. Learn more about our culture here

JOB DESCRIPTION

We are seeking a skilled cybersecurity engineer to join our Security Operations team, focusing on the overall security of Connected Product architecture as well as traditional IT infrastructure. Fortune Brands defines Connect Product as products that have connectivity and intelligence, providing services to customers (e.g., smart water, door, security products) that enrich their lives, and enable our modern factories of the future. The ideal candidate for this role will have a strong background in cybersecurity technical operations across multiple technical aspects of information security, including data security.

QUALIFICATIONS

• Bachelor’s degree in computer science, information security, or a related field is preferred.
• Equivalent experience within Information Security will be highly considered
• Minimum of 3 years of experience in information security in a highly technical role
• Understanding and hands-on experience with:
• Windows and Linux operating systems
• Common network communication protocols
• Microsoft Azure and Amazon AWS PaaS and IaaS systems
• Database security, encryption in transit and at rest
• Foundational knowledge of connected products (IoT and OT) protocols such as MQTT, LoRa, etc.
• Foundational knowledge of connected products (IoT and OT) device level technologies (radios, firmware, etc.)
• Authentication services and protocols such as Kerberos, LDAP, SAML, etc.
• Passion and experience in implementing security controls for multiple system types, including connected products and traditional IT.
• Relevant certifications such as CISA, CISSP, CRISC, or similar are nice to have
• Strong understanding of network security, data protection, server / container security, and application security principles
• Has some experience with scripting languages such as PowerShell, and Python, with a focus on automation
• Excellent written and verbal communication skills, with the ability to articulate complex security concepts to a diverse audience

WHAT YOU WILL BE DOING

• Develop and implement robust security requirements and solutions for IoT projects, ensuring devices and communications are protected against cyber threats.
• Requirements coming from these standards: NIST, Cyber Trust Mark, and PTSI
• Lead security risk assessments and reviews for IoT, identifying vulnerabilities and driving compliance with security policy and standards.
• Must know Cloud Security
• Collaborate with cross-functional teams to integrate security practices into IoT project development and system design to ensure Security Best Practices.
• Stay updated with the latest developments in IoT and security and apply this knowledge to enhance our security posture.

WHAT YOU WILL BE DOING

• Partner with technical teams to assist with securing connected products, as well as their underlying infrastructure.
• Assist with administering cloud environments such as AWS and Azure, in addition to traditional on-premises infrastructure.
• Work with the technical and management teams to integrate security practices into project development, and design systems according to best practices.
• Stay updated with the latest developments in cybersecurity and apply this knowledge to enhance our security posture.
• Work closely with other members of the Security Operations Team to build, administer, and support cybersecurity solutions.
• Develop, implement, and enforce data security strategies, policies, and controls to ensure confidentiality, integrity, and availability of data across multiple platforms.
• Monitor and respond to data security incidents, ensuring compliance with regulatory requirements and internal security policies.
• Research, support, and implement secure AI and LLM technologies.
• Drive “security by design” principles for systems, devices, and networks.