At Trane TechnologiesTM and through our businesses including Trane® and Thermo King®, we create innovative climate solutions for buildings, homes, and transportation that challenge what’s possible for a sustainable world. We're a team that dares to look at the world's challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go.

Job Summary???
Trane Technologies’ SecOps team are looking for someone whose blue security defender heart bleeds a little purple from their red team thoughts. Someone fascinated by the ever-expanding digital reach companies have these days but also aware of the risks that being on the public Internet brings. Have you ever looked at what companies put out on the web and thought “OMG, they have X exposed, they need to do Y and Z”? If you’re nodding your head, you’re probably just who we’re looking for to join us as our first External Attack Surface (EAS) Analyst.

The EAS Analyst will work to help us reduce our risk and minimize impact to our systems (and reputation) by identifying and mitigating issues from automated scan results and by conducting external attack surface scans with our tools while driving validations of and responses to external report and monitoring systems.

The EAS Analyst will report to our Sr. Manager of Vulnerability Management and work with our Application Security Lead and assist them with establishing process for responding to external reports regarding Trane Technologies’ security posture. The EAS Analyst also partners with Strategic Business Unit (SBU) Business Cybersecurity Leaders (BCLs), developers, and application teams to validate and respond to findings from internal and external penetration tests. Most importantly the EAS Analyst will help TraneTechnologies to set and achieve a “good” external score for our security posture, as reported across several services. This position is Remote.

Qualifications:

• 2-4 years of experience with vulnerability management, detecting or reporting on external attack surface, Security Operations Center (SOC), application assessments or penetration testing activities, other information security or risk management domain activities.
• Equivalent training or bachelor's degree in something that has engaged your critical thinking and practical problem-solving skills.
• Certifications: GSEC, Security+, CEH or PenTest+ (encouraged but not required).

Key Competencies:

• Broad knowledge of cloud security concepts and web application configuration best practices
• Understanding of application security vulnerabilities (e.g., OWASP top 10) and prevention, along with techniques for application and infrastructure baseline hardening
• Communications skills to engage internal teams to fix the security issues discovered
• Patience and persistence to work with security vendors to ensure correction/maintenance/enhancements for the accurate reporting of security information.
• Ability to engage key stakeholders at many different technical levels, including senior leadership
• Knowledge of security vulnerability assessment techniques during design, development, and testing -Static Application Security Testing (SAST, Dynamic Application Security Testing (DAST)
• Exposure to and use of a variety of External Attack Surface (EAS) testing, monitoring and developer tools
• Experience with Software Development Lifecycle (SDLC), DevSecOps, and Agile development practices
• Threat modeling, assessment or testing of web applications and architecture
• Operation in accordance with, and offering subject matter expertise for the revision of, enterprise policies and standards governing emerging technologies, their development and testing
• Business experience in and/or supporting the manufacturing sector
• Python, PowerShell scripting experience.

What's in it for you:

• Benefits kick in day one!
• 6% 401K match, additional 2% core contribution = 8% overall match
• 3 weeks of vacation, plus site paid holidays
• Benefits*: Trane-Technologies-Benefits-Offered.pdf

Base Salary Range: $82k - $110k

We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.