Career Area:
Information Technology
Job Description:
This is an entry to intermediate level cybersecurity analyst role on the Caterpillar Cybersecurity Vulnerability Management Team. This role will be focused on web application security testing and security tool integrations into S-SDLC.
Description:
Provide support of operational tools and processes for dynamic application security testing (DAST), static application security testing (SAST) and methods for identifying and communicating vulnerable items for Vulnerability Management (VM).
Provide technical expertise in the integration of security tools in CI/CD pipelines.
Provide education and guidance about SAST/DAST tools and process best practices
Provide input and support to leaders/peers from architecture, engineering, Cloud, and IT operations on architecting tools and solutions related to application security and vulnerability management.
Obtain and maintain knowledge on existing security procedures and directives related to application security and vulnerability management.
Provide overview of services and status of key project to stakeholders and security leadership.
Key contributor on team deliverables and key projects.
Provide oversight for VM activities such as new tool implementation/investigation, significant changes, and process improvements.
Develop and/or report on metrics to departmental and business unit leaders & stakeholders.
Interface with IT Operations staff and leadership to drive efficiency into vulnerability management processes in ServiceNow
Educate Caterpillar workforce on VMA operational processes to ensure successful execution.
Basic Requirements:
Bachelor's degree in security engineering/Architecture, Computer Science, Cybersecurity, or a related field
2+ years of Cybersecurity, Information Technology, Risk Management and/or Cyber Threat Intelligence
Experience with SAST tools - Fortify, Check Marx
Experience with DAST tools - Web Inspect, Acunetix
Understanding of the Secure Software Testing
Experience developing and testing apps in .NET or Java and other leading modern programming languages and technologies
Experience with newer development frameworks
Experience performing mobile security reviews
Experience with cloud security: Amazon AWS, Windows Azure
Top Candidate Will Also Have:
One or more professional information security certification from an accredited institution (CISSP, CCSP, CSSLP, CISM, GISCP, GWAPT, GWEB etc.)
Knowledge of information security frameworks, ISO 27001, 27002, NIST CSF, NIST 800-82.
Knowledge of Cybersecurity risks associated with vulnerability testing, patch management, and secure configuration management.
Good Knowledge of OWASP Guidelines for application security.
Good Knowledge of software development processes, integration of security assessments in Software development life cycle (SDLC) process, secure coding is desirable.
Excellent critical thinking, analytical and problem-solving skills.
Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively.
Exhibit strong influencing / negotiation skills as well as written/verbal communication skills and presentation skills.
#LI-Hybrid
Relocation is available for this position.
EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.
