Lead Cybersecurity Engineer (Salesforce)

Career Area:

Job Description:

Your Work Shapes the World at Caterpillar Inc.

When you join Caterpillar yourejoining a global team who cares not just about the work we do but also about each other. We are the makers problem solvers and future world builders who are creating stronger more sustainable communities. We dontjust talk about progress and innovation here we make it happen with our customers where we work and live. Together we are building a better world so we can all enjoy living in it.

Role Summary:

Join the DevOps Cybersecurity team of Cat Digital and establish cybersecurity practice within the Salesforce community. You will have deep integration with applications as they move from an idea into a solution integrating Security practices and enabling delivery for Caterpillar Digital Applications. Be a part of the team that is using innovative solutions and methods to securely enable build and deploy modern applications and software.

What you will do:

As a Lead Cybersecurity Engineer you will be responsible for understanding and contributing to Security by Design practices secure application software development lifecycle practices security testing and assessment and the integration of Security with DevOps. This role is responsible for cultivating cybersecurity practice across Salesforce development community by leveraging tools that are tailored for Salesforce. You will spend time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

• Security Defect Management - Analyzing validating communicating and consulting on security defects identified by both automated and manual sources such as CodeQL Rapid7 Web Application Security penetration testing bug bounty other words our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
• Engineering Consulting Serving as a best friend to software engineers architects product owners and leaders provide contextually-aware guidance to help these groups make good decisions document those decisions and resulting architectures and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
• Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeAnalyzer Checkmarx etc.) at the repository or application level according to established process.
• Security Test Onboarding & Management Collecting and communicating required scope and access information for penetration testing and security assurance assessments as well as handling the output of these assessments via our Defect Management Process.
• Maturity Measurement Consulting with software engineers on practices which will improve their applications security maturity according to scorecards and maturity models established by Cat Digital.
• Correction of Error Authoring in close partnership with software engineers correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.

What you will have:

• Decision Making and Critical Thinking: Knowledge of the decision-making process and associated tools and techniques; ability to accurately analyze situations and reach productive decisions based on informed judgment.
• Effective Communications: Understanding effective communication concepts tools and techniques; ability to effectively transmit receive and accurately interpret ideas information and needs through the application of appropriate communication behaviors.
• Software Development Life Cycle: Knowledge of software development life cycle; ability to use a structured methodology for delivering and managing new or enhanced software products to the marketplace.
• Software Product Design/Architecture: Knowledge of software product design; ability to convert market requirements into the software product design.
• Software Integration Engineering: Knowledge of software integration processes and functions; ability to design develop and maintain interfaces and linkage to alternative platforms and software packages.

Consideration for top candidates:

• Application security expertise in Salesforce is a must
• Leading large more complex application security initiatives across multiple teams.
• Demonstrated experience leading software engineering projects.
• Application security expertise understanding vulnerabilities and remediation solutions (OWASP CWE/CVE SANS 25)
• Experience with a wide variety of information security processes and principles such as:
  • Enterprise security architecture
  • Threat modeling
  • Vulnerability assessment
  • Risk analysis
  • Defense in depth
  • SDLC and product development processes
  • Identity and access management
  • API security
  • SCA/SAST/DAST
• Cloud securityexperience with MS Azure and/or AWS
• Professional certification (CISSP CCSP GWAPT GWEB AWS SA / Certified Security etc.)
• Development experience (Java JS or equivalent)
• Implementation of automation and scripting

Additional Details:

This position has the option to be based out of either our Chicago IL Peoria IL or Irving TX (Dallas) offices.

#LI

#BI

Summary Pay Range:

Compensation and benefits offered may vary depending on multiple individualized factors job level market locationjob-related knowledge skills individual performance and experience. Please note that salary is only one component of total compensation at Caterpillar.

Benefits:

Subject to plan eligibility terms and guidelines. This is a summary list of benefits.

• Medical dental and vision benefits*

• Paid time off plan (Vacation Holidays Volunteer etc.)*

• 401(k) savings plans*

• Health Savings Account (HSA)*

• Flexible Spending Accounts (FSAs)*

• Health Lifestyle Programs*

• Employee Assistance Program*

• Voluntary Benefits and Employee Discounts*

• Career Development*

• Incentive bonus*

• Disability benefits

• Life Insurance

• Parental leave

• Adoption benefits

• Tuition Reimbursement

* These benefits also apply to part-time employees

Posting Dates:

Any offer of employment is conditioned upon the successful completion of a drug screen.

Caterpillar is an Equal Opportunity Employer Including Veterans and Individuals with Disabilities. Qualified applicants of any age are encouraged to apply.

Not ready to apply Join our Talent Community.