Application Cybersecurity Engineer

Client: Caterpillar

Type: Contract- 12 mo- 100% remote

Rate: ~80/hr

Top Skills' Details

1. Understanding and experience application security tools, DAST (Dynamic Analysis) and SAST (Static Analysis)
2. OWASP Security Standards and Issues, (Web and application Security Standards)
3. General Cyber Security Standards
8 years total experience required
Bachelors degree within a computer field is required

Job Description

TEKsystems is seeking an experienced security, cloud, software, or IT operations engineer with a passion for building secure-by-design applications to join the security architecture team.

- The Application Cybersecurity engineer is responsible for facilitating security solutions to help software engineers build secure applications.
- Application Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Typical task breakdown:
- Maintain current knowledge on existing security procedures, directives and technology controls including application testing, threat modeling, attack and penetration testing, data classification and data handling
- Work directly in traditional AppSec tools like SAST, SCA, and DAST to ensure that the tools are working properly and that findings are addressed and managed as defects.
- Understand security requirements and risk tolerance baselines
- Keep development teams accountable to metrics measuring risk
- Track existing risk statements and work with risk owners to close gaps

Interaction with team:
- Accountable for a dedicated set of applications to work directly with development teams. Part of a larger security engineering team that sets standards and ways of working for interacting with development teams.
- Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Technical Skills
(Required)
- Experience with relevant industry standards, such as: o ISO 27001, 27002 o NIST CSF o NIST 800-82 o ISA 62443 o SOC Reporting
- Experience with a wide variety of information security processes and principles, such as: Enterprise security architecture; Threat model development; Vulnerability assessment; Risk analysis; Defense in depth; SDLC and product development processes o Identity and access management; Business process design.
- Engineers must have the following:
- 3-5 years of CyberSecurity experience
- Familiarity with Web Application Security standards (OWASP, MITRE)
- Experience with application security technologies including SCA/SAST/DAST and the ability to identify false positives and assist with remediation planning
- Previous experience integrating security tools in CI/CD development pipelines
- Excellent verbal and written communications
- Preferred candidates should have:********
- 5+ years Cybersecurity experience
- Professional certification (CISSP, CCSP, GWAPT, GWEB, AWS SA / Certified Security, etc.)
- 1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS
- Familiarity with ServiceNow VM and GRC modules
- Development of automation and scripting 3 years experience.

(Desired)
- Web services security Desired: Professional information security certification (CISSP, CCSP, CSSLP, GISCP, GWAPT, GWEB etc) ; Strong understanding and experience with information security technologies

Additional Skills & Qualifications

Some familiarity with CI/CD tooling like Jenkins, Azure Devops, etc.
Certifications are nice to have- SANS, AWS, Azure certs
1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS
Familiarity with ServiceNow VM and GRC modules

Employee Value Proposition (EVP)

Working in Cat Digital- the fastest growing and highly funded area of a Fortune 70 client.

Work Environment

There are currently 8 other engineers on team, this would be adding two more to make a team of 10.

Business Drivers/Customer Impact

This team supports CAT Digital, which is where all of the software engineering for the enterprise goes through.

Client: Caterpillar

Type: Contract- 12 mo- 100% remote

Rate: DL: ~80/hr

Top Skills' Details

1. Understanding and experience application security tools, DAST (Dynamic Analysis) and SAST (Static Analysis)
2. OWASP Security Standards and Issues, (Web and application Security Standards)
3. General Cyber Security Standards
8 years total experience required
Bachelors degree within a computer field is required

Job Description

TEKsystems is seeking an experienced security, cloud, software, or IT operations engineer with a passion for building secure-by-design applications to join the security architecture team.

- The Application Cybersecurity engineer is responsible for facilitating security solutions to help software engineers build secure applications.
- Application Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Typical task breakdown:
- Maintain current knowledge on existing security procedures, directives and technology controls including application testing, threat modeling, attack and penetration testing, data classification and data handling
- Work directly in traditional AppSec tools like SAST, SCA, and DAST to ensure that the tools are working properly and that findings are addressed and managed as defects.
- Understand security requirements and risk tolerance baselines
- Keep development teams accountable to metrics measuring risk
- Track existing risk statements and work with risk owners to close gaps

Interaction with team:
- Accountable for a dedicated set of applications to work directly with development teams. Part of a larger security engineering team that sets standards and ways of working for interacting with development teams.
- Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Technical Skills
(Required)
- Experience with relevant industry standards, such as: o ISO 27001, 27002 o NIST CSF o NIST 800-82 o ISA 62443 o SOC Reporting
- Experience with a wide variety of information security processes and principles, such as: Enterprise security architecture; Threat model development; Vulnerability assessment; Risk analysis; Defense in depth; SDLC and product development processes o Identity and access management; Business process design.
- Engineers must have the following:
- 3-5 years of CyberSecurity experience
- Familiarity with Web Application Security standards (OWASP, MITRE)
- Experience with application security technologies including SCA/SAST/DAST and the ability to identify false positives and assist with remediation planning
- Previous experience integrating security tools in CI/CD development pipelines
- Excellent verbal and written communications
- Preferred candidates should have:********
- 5+ years Cybersecurity experience
- Professional certification (CISSP, CCSP, GWAPT, GWEB, AWS SA / Certified Security, etc.)
- 1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS
- Familiarity with ServiceNow VM and GRC modules
- Development of automation and scripting 3 years experience.

(Desired)
- Web services security Desired: Professional information security certification (CISSP, CCSP, CSSLP, GISCP, GWAPT, GWEB etc) ; Strong understanding and experience with information security technologies

Additional Skills & Qualifications

Some familiarity with CI/CD tooling like Jenkins, Azure Devops, etc.
Certifications are nice to have- SANS, AWS, Azure certs
1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS
Familiarity with ServiceNow VM and GRC modules

Employee Value Proposition (EVP)

Working in Cat Digital- the fastest growing and highly funded area of a Fortune 70 client.

Work Environment

There are currently 8 other engineers on team, this would be adding two more to make a team of 10.

Business Drivers/Customer Impact

This team supports CAT Digital, which is where all of the software engineering for the enterprise goes through.