Career Area:
Business Technologies, Digital and Data
Job Description:
Your Work Shapes the World at Caterpillar Inc.
When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.
We are seeking an Application Security (Appsec) developer to join our world-class cybersecurity team. This role will work with other cybersecurity professionals as well as IT partners to advocate for and create security solutions for the development of software and other technologies.
Responsibilities:
DAST Scan Review and Triage:
- Conduct in-depth reviews of DAST scan findings to identify and prioritize potential vulnerabilities.
- Manually reproduce and retest vulnerabilities to validate their existence and severity.
- Provide expert consulting to IT partners on remediation strategies and risk mitigation measures.
SAST Scan Review and Triage:
- Conduct in-depth reviews of SAST scan findings, particularly those generated using Git Hub Code QL.
- Analyze source code for vulnerabilities and provide recommendations for remediation.
- Collaborate with development teams to address SAST findings and improve code quality.
Vulnerability Exploitation and Demonstration:
- Manually exploit identified vulnerabilities to demonstrate their impact and risk to application owners.
- Ensure compliance with Enterprise Security Policies and Directives, including OWASP Top 10, SANS 25 software flaws, and other vulnerabilities.
DAST Tool Configuration and Support:
- Configure and tune the Enterprise DAST scanning tool to optimize its effectiveness.
- Assist IT application owners in running self-service DAST scans on their applications.
Vulnerability Prioritization and Remediation:
- Regularly review DAST scans and prioritize vulnerabilities based on risk and impact.
- Collaborate with IT partners to drive remediation efforts and meet required metrics thresholds.
Technical Education and Awareness:
- Provide technical education to IT application owners on web application vulnerabilities, their causes, and mitigation techniques.
- Document and report DAST scan findings to business and IT stakeholders.
DAST Program Development and Support:
- Contribute to the development and evolution of the DAST scanning program.
- Provide awareness, education, and guidance on DAST tools and best practices.
Cross-Functional Collaboration:
- Collaborate with Corporate Security partners and other teams to ensure effective security practices.
- Provide backup support for SAST scanning operations and firewall rule requests.
Automation and Tool Development:
- Develop automated software solutions and applications to improve efficiency and streamline security processes.
Minimum Qualifications:
- Bachelor's degree in Computer Science, Information Technology, or related field or equivalent experience
- 5+ years previous cumulative Information Technology and/or Cybersecurity experience
- 3+ years experience developing software in at least one or more of the following disciplines: Java Script, .Net Core, C#, CSS, Python, Java, Bootstrap, Git
- 3+ years experience utilizing databases such as SQL or cloud native databases
Preferred Qualifications:
- Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10)
- Familiar with access control systems, network security, or cryptography
- Previous experience with DAST/SAST scanning tools
- Active CISSP Certification or relevant industry certifications
- Previous experience with Risk Management frameworks
- Previous experience with Threat Model Assessments
- Previous experience with Project Management (Waterfall, Agile, etc.)
- Strong analytical and problem-solving skills
- Excellent oral and written communication skills
- Ability to work independently and in a team environment
- Experience in developing software using UX/UI design principles
- Experience in RESTful API design and implementation
- Experience in cloud software development and security
Skill Descriptors
Consulting: Knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply consulting knowledge appropriately.
Level Working Knowledge:
- Explains the requirements, deliverables, costs, and criticalities of the assignment.
- Participates in developing consulting opportunities or assignments.
- Uses formal and informal means to keep client informed on progress and issues.
- Carries out the agreed-upon consulting assignment in a professional manner.
- Documents client's objectives and project scope.
Cybersecurity Risk Management: Knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
Level Basic Understanding:
- Explains major methods, tools and processes involved in cyber risk assessment.
- Identifies major categories of cyber risks.
- Describes the goals and objectives of cybersecurity risk management.
- Identifies an organization's resources for cyber risk avoidance and management.
Information Security Technologies: Knowledge of technologies and technology-based solutions dealing with information security issues; ability to protect information security across the organization using encryption technologies and appropriate security software.
Level Working Knowledge:
- Collects and documents information about new information security tools.
- Explains computer forensics, authentication mechanisms and digital certificates.
- Installs, upgrades or maintains firewall technology or anti-virus software.
- Participates in evaluating information security features against business requirements.
- Utilizes a specific hardware or software security technology to control risks.
Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
Level Working Knowledge:
- Performs information gathering and research on key elements of IT security policies.
- Assists senior colleagues in identifying and analyzing critical issues in IT security policies.
- Executes IT security policies and standards within a specific region in organization.
- Conducts performance reviews on implementation of IT security policies.
- Generates status reports for senior management to ensure the implementation of IT security policies.
System and Technology Integration: Knowledge of the features and facilities of systems; ability to integrate and communicate among applications, databases and technology platforms.
Level Working Knowledge:
- Assists with current and planned integration initiatives.
- Explores major issues and considerations for successful system integration.
- Works with applications, data, technology bridges and a variety of platforms.
- Works with existing interfaces as well as integration and migration plans within own area.
- Plays an active role in local integration efforts.
Posting Dates:
October 9, 2024 - October 18, 2024
Caterpillar is an Equal Opportunity Employer (EEO).
Not ready to apply? Join our
Talent Community
.