Cybersecurity Engineer

Career Area:

Job Description:

Your Work Shapes the World at Caterpillar Inc.

When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other.  We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.

JOB DUTIES: 

At Cat Digital, every software engineer is the one who cares the most about their application. As a Lead Application Security Engineer, you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues, influence security and prioritization decisions at the bug or story level, and act a trusted partner in their mission to deliver solutions securely. You will also work as a technical mentor to other security engineers, increasing their skills, explaining advanced topics, and contributing to security policies and decision making. 

You will be responsible for delivering a suite of security services according to internal processes and standards, including: 

Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it. 

Engineering Consulting – Serving as a "best friend" to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues. 

Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process. 

Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process. 

Maturity Measurement – Consulting with software engineers on practices which will improve their application's security maturity according to scorecards and maturity models established by Cat Digital. 

Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications. 

This role is an excellent opportunity for an experienced software engineer with a passion for cybersecurity to move to a full-time cybersecurity role and help their fellow software engineers deliver solutions securely. 

Basic Qualifications 

Two of three: 

8+ years of experience as a software engineer (in any language or framework) 

8+ years of experience as a software development-focused cybersecurity professional 

8+ years of experience working on a major cloud platform (AWS, Azure, GCP, or Salesforce) as a software engineer, cloud/DevOps engineer, security engineer, or architect.  

As well as: 

Experience analyzing and remediating security findings from automated and manual sources such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration testing, Software Composition Analysis (SCA), etc. 

Experience leveraging one or more of the following resources to support secure coding and decision-making: 

OWASP Top 10 

MITRE Common Weakness Enumeration (CWE) Top 25 

OWASP Application Security Verification Standard (ASVS) 

Other industry-standard best practice guides or frameworks 

Experience building or supporting web applications and API's including Single Page Applications (SPA) and RESTful APIs. 

Proficiency in one or more programming languages. 

Candidates must also demonstrate the following attributes: 

Technical Leadership – Our lead engineers mentor and develop other security engineers, software engineers, and DevOps engineers. Lead engineers contribute to strategic discussions with principal engineers and cybersecurity managers and ensure successful tactical implementation by themselves and others. 

Decision-Making Ability – Our engineers make sound, justifiable, customer-first decisions to determine which security issues to raise to software engineers/leaders and support work prioritization decisions. 

Strong Communication – Our engineers relate complex technical concepts to non-technical audiences and technical audiences without a security background. Additionally, the Cat Digital team spans the globe, and our engineers must collaborate effectively with engineers from a number of locations and cultural backgrounds.  

Active Participation – Software engineering is not a "spectator sport". The input and experience our engineers bring to the table are valued and should be shared freely. Similarly, engineers are relied upon to complete complex assignments at a high level of quality with limited supervision. 

Top candidates will also have one or more of: 

Professional certifications in either cybersecurity or software engineering, such as: 

Associate or Professional-level certifications from a major cloud provider (AWS, Azure, GCP, or Salesforce). 

CompTIA Security+, Cloud+, etc. 

ISC2 Certified Software Lifecycle Professional (CSLP) 

Background in problem identification, root cause analysis, and process improvement. 

Excellent writing abilities and experience writing technical analysis and reports for consumption by software engineers, architects, and managers. 

Experience as a software or security engineer as an employee or contractor of a Fortune 500 company. 

Experience as a software or security engineer in eCommerce, device telematics, data analytics, or mobile applications. 

Bachelor's degree (or equivalent) in Computer Science, Software Engineering, Cybersecurity, Electrical Engineering, or a related discipline. 

Posting Dates:

Caterpillar is an Equal Opportunity Employer.  Qualified applicants of any age are encouraged to apply

Not ready to apply? Join our Talent Community.