Caterpillar Inc.

Cybersecurity Engineer

Caterpillar Inc.

full-time

Posted on:

Location Type: Office

Location: BangaloreIndia

Visit company website

Explore more

AI Apply
Apply

Job Level

SeniorLead

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud Platform

About the role

  • At Cat Digital, every software engineer is the one who cares the most about their application.
  • As a Lead Application Security Engineer, you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues, influence security and prioritization decisions at the bug or story level, and act a trusted partner in their mission to deliver solutions securely.
  • You will also work as a technical mentor to other security engineers, increasing their skills, explaining advanced topics, and contributing to security policies and decision making.
  • You will be responsible for delivering a suite of security services according to internal processes and standards, including: Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc.
  • In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
  • Engineering Consulting – Serving as a “best friend” to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
  • Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
  • Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
  • Maturity Measurement – Consulting with software engineers on practices which will improve their application’s security maturity according to scorecards and maturity models established by Cat Digital.
  • Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.

Requirements

  • Two of three: 8+ years of experience as a software engineer (in any language or framework)
  • 8+ years of experience as a software development-focused cybersecurity professional
  • 8+ years of experience working on a major cloud platform (AWS, Azure, GCP, or Salesforce) as a software engineer, cloud/DevOps engineer, security engineer, or architect.
  • Experience analyzing and remediating security findings from automated and manual sources such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration testing, Software Composition Analysis (SCA), etc.
  • Experience leveraging one or more of the following resources to support secure coding and decision-making: OWASP Top 10 MITRE Common Weakness Enumeration (CWE) Top 25 OWASP Application Security Verification Standard (ASVS) Other industry-standard best practice guides or frameworks
  • Experience building or supporting web applications and API’s including Single Page Applications (SPA) and RESTful APIs.
  • Proficiency in one or more programming languages.
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securitycybersecuritypenetration testingStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Software Composition Analysis (SCA)secure codingweb applicationsRESTful APIsSingle Page Applications (SPA)
Soft Skills
technical leadershipmentoringconsultingcommunicationcollaborationdecision makingdocumentationguidanceproblem solvinginfluencing