Career Area:
Business Technologies, Digital and Data
Job Description:
Your Work Shapes the World at Caterpillar Inc.
When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.
We are seeking an Application Security (Appsec) developer to join our world-class cybersecurity team. This role will work with other cybersecurity professionals as well as IT partners to advocate for and create security solutions for the development of software and other technologies.
Responsibilities:
DAST Scan Review and Triage:
Conduct in-depth reviews of DAST scan findings to identify and prioritize potential vulnerabilities.
Manually reproduce and retest vulnerabilities to validate their existence and severity.
Provide expert consulting to IT partners on remediation strategies and risk mitigation measures.
SAST Scan Review and Triage:
Conduct in-depth reviews of SAST scan findings, particularly those generated using GitHub CodeQL.
Analyze source code for vulnerabilities and provide recommendations for remediation.
Collaborate with development teams to address SAST findings and improve code quality.
Vulnerability Exploitation and Demonstration:
Manually exploit identified vulnerabilities to demonstrate their impact and risk to application owners.
Ensure compliance with Enterprise Security Policies and Directives, including OWASP Top 10, SANS 25 software flaws, and other vulnerabilities.
DAST Tool Configuration and Support:
Configure and tune the Enterprise DAST scanning tool to optimize its effectiveness.
Assist IT application owners in running self-service DAST scans on their applications.
Vulnerability Prioritization and Remediation:
Regularly review DAST scans and prioritize vulnerabilities based on risk and impact.
Collaborate with IT partners to drive remediation efforts and meet required metrics thresholds.
Technical Education and Awareness:
Provide technical education to IT application owners on web application vulnerabilities, their causes, and mitigation techniques.
Document and report DAST scan findings to business and IT stakeholders.
DAST Program Development and Support:
Contribute to the development and evolution of the DAST scanning program.
Provide awareness, education, and guidance on DAST tools and best practices.
Cross-Functional Collaboration:
Collaborate with Corporate Security partners and other teams to ensure effective security practices.
Provide backup support for SAST scanning operations and firewall rule requests.
Automation and Tool Development:
Develop automated software solutions and applications to improve efficiency and streamline security processes.
Minimum Qualifications:
Bachelor's degree in Computer Science, Information Technology, or related field or equivalent experience
5+ years previous cumulative Information Technology and/or Cybersecurity experience
3+ years experience developing software in at least one or more of the following disciplines: JavaScript, .Net Core, C#, CSS, Python, Java, Bootstrap, Git
3+ years experience utilizing databases such as SQL or cloud native databases
Preferred Qualifications:
Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10)
Familiar with access control systems, network security, or cryptography
Previous experience with DAST/SAST scanning tools
Active CISSP Certification or relevant industry certifications
Previous experience with Risk Management frameworks
Previous experience with Threat Model Assessments
Previous experience with Project Management (Waterfall, Agile, etc.)
Strong analytical and problem-solving skills
Excellent oral and written communication skills
Ability to work independently and in a team environment
Experience in developing software using UX/UI design principles
Experience in RESTful API design and implementation
Experience in cloud software development and security
Posting Dates:
October 9, 2024 - October 18, 2024
Caterpillar is an Equal Opportunity Employer (EEO).
#J-18808-Ljbffr