Cybersecurity Engineer

Cybersecurity Engineer

Emp Type: W2 or 1099........ (No C2C)

Visa: H1B OPT H4EAD GCEAD L2 Green Card US Citizens (Only USA Applicants)

Workplace Type: Onsite/ Hybrid Peoria /Chicago IL

Experience: 6 Yrs

Positions Contributions to Work Group:

As a Senior Application Security Engineer you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues influence security and prioritization decisions at the bug or story level and act as a trusted partner in their mission to deliver solutions securely.

Typical task breakdown:

You will be responsible for delivering a suite of security services according to internal processes and standards including:

1. Security Defect Management Analyzing validating communicatingand consulting on security defects identified by both automated and manual sources such as CodeQL Rapid7 Web Application Security penetration testing bug bounty etc. In other words our security

engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.

2. Tool Enablement Enabling and monitoring automated defect detection tooling (CodeQL Rapid7 etc.) at the repository or application level according to established process.

3. Security Test Onboarding & Management Collecting and communicating required scope and access information for penetration testing and security assurance assessments as well as handling the output of these assessments via our Defect Management Process.

4. Maturity Measurement Consulting with software engineers on practices which will improve their applications security maturity according to scorecards and maturity models established

5. Correction of Error Authoring in close partnership with software engineers correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.

This role is an excellent opportunity for an experienced software engineer with a passion for cybersecurity to move to a fulltime cybersecurity role and help their fellow software engineers deliver solutions securely.

Interaction with team:

Working with the team lead. 4 FTE and 3 agency workers on the team.

Work environment:

Hybrid work model

Education & Experience Required:

Minimum of 5 year exp in cloud architecture.

College degree not required.

Technical Skills (Required)

5 years of experience as a software engineer (in any language or framework) or software engineering manager

5 years of experience as a software developmentfocused cybersecurity professional

5 years of experience working on a major cloud platform (AWS Azure GCP or Salesforce) as a software engineer cloud/DevOps engineer security engineer or architect.

Experience analyzing and remediating security findings from automated and manual sources such as Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) penetration testing Software Composition Analysis (SCA) etc.

Experience leveraging one or more of the following resources to support secure coding and decisionmaking: OWASP Top 10 MITRE Common Weakness Enumeration (CWE) Top 25 OWASP Application Security Verification Standard (ASVS) and Other industrystandard best practice guides or frameworks

Experience building or supporting web applications and APIs including Single Page Applications (SPA) and RESTful APIs.

Proficiency in one or more programming languages.

DecisionMaking Ability Our engineers make sound justifiable customerfirst decisions to determine which security issues to raise to software engineers/leaders and support work prioritization decisions.

Strong Communication Our engineers relate complex technical concepts to nontechnical audiences and technical audiences without a security background. Additionally the Cat Digital team spans the globe and our engineers must collaborate effectively with engineers from a

number of locations and cultural backgrounds.

Active Participation Software engineering is not a spectator sport. The input and experience our engineers bring to the table are valued and should be shared freely. Similarly engineers are relied upon to complete complex assignments at a high level of quality with limited supervision.

(Desired)

1. Professional certifications in either cybersecurity or software engineering such as: Associate or Professionallevel certifications from a major cloud provider (AWS Azure GCP or Salesforce) CompTIA Security Cloud etc. ISC2 Certified Software Lifecycle Professional (CSLP)

Background in problem identification root cause analysis and process improvement.

Excellent writing abilities and experience writing technical analysis and reports for consumption by software engineers architects and managers.

Experience as a software or security engineer as an employee or contractor of a Fortune 500 company.

Experience as a software or security engineer on eCommerce device telematics data analytics or mobile applications.

Soft Skills (Required)

Role requires strong communication with leadership and managers.

Disqualifiers/Red Flags:

Choppy tenure/ consistent job hopping.

Please forward your resume and contact details to / or can call on