SECURITY ENGINEER, CAT DIGITAL at Caterpillar
Join the Application Integration team of Cat Digital and build software solutions that integration common services across our application portfolio and other enterprise systems used by Caterpillar customers and dealers. The integration of applications with various Digital Platform capabilities that are built on the latest technologies by adopting industry’s best architecture patterns, security best practices etc. are critical for application’s success and its adoption.
As a Senior Security Engineer, you will contribute to Secure by design, secured development practices, Security testing and devsecops of software systems and/or applications. The security engineer is responsible for facilitating security efforts between the Cybersecurity Organization and the development teams creating services on the data platform. Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.
- Review and assessment of architectural artifacts (e.g. architecture diagrams) for compliance to security policy and identification of risks and potential areas of improvement
- Collaborate with peer Cybersecurity professional in the assessment of IT solution for security posture
- Liaison between Caterpillar Cybersecurity organization and the rest of Caterpillar to communicate, embed, and demonstrate compliance to Cybersecurity requirements
- Technical point of contact for application teams related to automation, CI/CD, and Application Security Operations.
- Understand and communicate business risk with security risk.
- Understand and identify the existing processes and security gaps.
- Guide to improve and streamline the development process to secure the application in every stage of software development by implementing devSecOps
- Competent to perform all assignments without close supervision; normally assigned the more complex aspects of systems work.
- Works directly on complex application/technical problem identification and resolution,
- Drives application development focused around delivering of security needs features
- Maintains high standards of software quality within the team by establishing good practices and habits
- Guide the team to develop a structured application/interface code, new program documentation, operations documentation, and user guides in a casual, flexible environment
- Maintain current knowledge on existing security procedures, directives and technology controls including application testing, threat modeling, attack and penetration testing, data classification and data handling
- Participate in industry working groups and provide insights to product development teams on leading architecture, design, and security practices
- Understand security requirements and risk tolerance baselines
- Keep development teams accountable to metrics measuring risk
- Position requires a four-year degree from an accredited college or university.
- 5 years or more of software development experience or at least 3 years of experience with master’s degree in computer science or related field.
- 3+ years in information security
- 3 years or more of developing using languages such as Java, Scala, Python, or Node.JS
- Cloud Security best practices (e.g. Cloud Security Alliance’ CCM – Cloud Controls Matrix)
- Security expertise and hands-on experience with MS Azure and AWS (4+ years of experience)
- Experience with relevant industry standards, such as: ISO 27001, 27002, NIST CSF, ISA 62443 and SOC Reporting
- Experience with a wide variety of information security processes and principles, such as:
- Enterprise security architecture
- Threat model development
- Vulnerability assessment
- Risk analysis
- Defense in depth
- SDLC and product development processes
- Identity and access management
- Business process design
- Web services security
Top candidates will also have:
- Strong understanding and experience with information security technologies
- Ability to coordinate multiple teams in accomplishing process review and improvement
- Ability to work under pressure and within time constraints
- Passion for technology and an eagerness to contribute to a team-oriented environment
- Demonstrated leadership on small to medium-scale projects impacting strategic priorities
- Bachelor’s degree in Computer science or Electrical engineering or related field is required
- Professional information security certification (CISSP, CCSP, CSSLP, GISCP, GWAPT, GWEB etc.)
Visa sponsorship available for eligible applicants.
EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.
Not ready to apply? Submit your information to our Talent Network here.