Career Area:Business Technologies, Digital and DataJob Description:Your Work Shapes the World at Caterpillar Inc.When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.Cybersecurity Technical LeadSummary:This role will serve as the primary Cloud Security Engineer focused on Microsoft Azure technologies. This is an opportunity to collaborate with multiple teams designing and hosting Azure solutions across Caterpillar. As a Senior Cloud Security Engineer, you will provide Cybersecurity representation to the Azure operations teams, cloud architects, and business partners to ensure enterprise security requirements are built into the services and solutions being deployed.What You Will Do:
Provide Cybersecurity expertise and direction to leaders from Enterprise Architecture, IT & Cloud operations, and business application teams on architecting cloud tools and solutions, designing security into new and changing cloud-based solutions, and identifying design gaps and potential enhancements in existing system architecture.
Collaborate with leadership and senior architects from those organizations actively deploying Cloud workloads (Cloud COE, CAT Digital, etc.).
Partner with Cloud Architects and operations teams to develop and drive repeatable and consistent approach to cloud solution deployment which balances security with velocity and quality.
Monitor for improvement opportunities in Cloud security service offerings from vendor recommendations and Caterpillar Cybersecurity teams.
Maintain knowledge of industry trends and current news events to drive appropriate awareness and recommend proactive improvements.
Host regular technical vendor touchpoint meetings and collaborate with external vendors as needed.
Participate in Cloud Security Posture Management (CSPM) enablement activities including development of technical security control baseline configurations.
What You Have:
Bachelor’s degree in computer science or a related field.
Advanced experience in information security or information technology, with a focus on Cloud Security.
Significant Cloud operations experience as well as Microsoft Azure Cloud Architecture/Engineering expertise.
Experience with relevant industry standards, such as:
ISO 27001
NIST CSF
OWASP Top 10
Cloud Security Alliance’s Cloud Controls Matrix
Experience with a wide variety of information security processes and principles, such as:
Enterprise Architecture
Azure Well-Architected Framework
Defense in depth
Identity and Access Management (IAM)
Basic understanding of cloud and on-premises networking concepts including routing, HTTP and TCP sockets and protocols, DNS, load balancing, reverse proxies, firewalls, etc.
Ability to educate and mentor operational teams and architects in best practices and practical application of security principles throughout the IT lifecycle.
Excellent written and verbal communications skills; demonstrated ability to communicate highly technical security concepts to non-security audiences.
Planning: Tactical, Strategic: Knowledge of effective planning techniques and ability to contribute to operational (short term), tactical (1-2 years) and strategic (3-5 years) planning in support of the overall business plan.
Level Basic Understanding:
Explains tactical plan for own area.
Defines concepts of short-term and long-term planning.
Describes the planning process and planning cycle used in own area.
Compares tactical to strategic planning.
Communicating Complex Concepts: Knowledge of effective presentation tools and techniques to ensure clear understanding; ability to use summarization and simplification techniques to explain complex technical concepts in simple, understandable language appropriate to the audience.
Level Expert:
Consistently uses the right level of technical terminology for the audience.
Contributes concept simplifications to print, web and other media.
Teaches techniques for evaluating audience comprehension.
Improves colleagues' ability to explain information clearly.
Fosters a multi-dimensional appreciation of concepts.
Incorporates analogies that resonate for a wide audience.
Consulting: Knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply consulting knowledge appropriately.
Level Expert:
Offers constructive ideas on high impact business opportunities.
Develops others' abilities for consulting to multiple clients and multiple assignments.
Ensures others understand the critical importance of clear, client-focused communication.
Consults to senior business executives on own functional specialty.
Monitors industry for developments in consulting best practices and consulting support tools.
Collaborates with own senior business management on feasibility studies and potential projects.
Cybersecurity Standards and Policies: Knowledge of developing cybersecurity policies, standards, and procedures; ability to develop and communicate policies, standards and procedures that guide interactions with customers.
Level Extensive Experience:
Coaches the staff on industry cyber security standards and recommended practices.
Collaborates organization-wide to develop strategies for measuring good security practices and compliance.
Consults on development and implementation of cross-functional standards and policies.
Oversees the development of organizational cybersecurity policies and standards.
Partners with other functions on establishing and documenting joint standards.
Monitors the implementation of cybersecurity standards and polices in projects or services .
Cybersecurity Risk Management: Knowledge of tools, techniques, approaches, and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
Level Extensive Experience:
Establishes risk management strategy to better responding to organizational cyber threats landscapes.
Relates cyber risk assessment models and analysis tools and processes to own business area.
Provides insight into cyber risks management based on an entire system understanding of organization IT infrastructure.
Develops a practical guide for professionals to manage with cyber risk incidents.
Consults on the adoption of advanced cyber risk maturity models specific to organization's business requirements.
Determines the overall architecture of cyber security risk management system.
Information Security Management: Knowledge of the processes, tools, and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling, and preventing violations of IT security.
Level Expert:
Establishes principles, blueprints and standards for information integrity and security.
Presents strategic initiatives, industry trends, information security products and services to management and stakeholders.
Leads in the design and development of enterprise-wide programs for information security.
Provides leadership on information security tactics and strategies in multiple environments.
Leads in the development and implementation of information security management methodologies.
Develops risks monitoring processes and systems to protect information security.
Information Security Technologies: Knowledge of technologies and technology-based solutions dealing with information security issues; ability to protect information security across the organization using encryption technologies and appropriate security software.
Level Extensive Experience:
Performs cost/benefit analyses of alternative security systems, processes, and technologies.
Resolves issues and considerations in implementing cross-platform and heterogeneous packages.
Resolves issues and considerations for integrating different technologies.
Compares and contrasts security considerations for all major mobile/BYOD device types.
Evaluates multiple hardware and software technologies designed to protect information.
Consults on encryption technologies and security certificates.
Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
Level Extensive Experience:
Revises IT security policies and procedures based on each department's feedback and emerging technical issues.
Elaborates the importance of IT security and improves organizational awareness.
Monitors the implementation of IT security standards and procedures within the organization.
Designs organizational IT security policies, standards, and procedures.
Leads in IT audit projects and processes to ensure no violation.
Evaluates and reports the effectiveness of IT policies through professional group discussion.
Top Candidates will also have:
Professional information security certification (e.g., CISSP, CCSP, GCSA, etc.)
Associate & Expert level cloud security certifications (e.g., Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure DevOps Engineer Expert, Microsoft Certified: Azure Security Engineer Associate).
Working knowledge of other cloud platforms (AWS & GCP).
Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change.
Application development/support experience or knowledge in one or more programming technologies (e.g., .NET, Java, Python, Node, C/C, etc.).
Best practices knowledge for application secret management in the cloud including the use of vaulting technologies, Identity and Access Management, Role Based Access Control, Managed Identities, etc.
Experience implementing or supporting applications hosted behind a Web Application Firewall (WAF).
Experience with automation tools in capacities such as application automation, monitoring, governance/compliance auditing, infrastructure, or deployment automation, etc.
Development experience or foundational knowledge building, deploying, and operating container-based applications using Docker, Kubernetes, serverless containers, container registries, etc.
Experience using or integrating solutions with log aggregation and governance tools including tools such as Azure Monitor, etc.
Familiarity with Cybersecurity Incident Response Lifecycle
Additional Info :
The primary location for this position is Peoria, IL, Dallas, TX or Nashville, TN.
Domestic relocation assistance is available for those who qualify.
SPONSORSHIP IS NOT AVAILABLE.
What You Will Get:
Our goal at Caterpillar is for you to have a rewarding career. Our teams are critical to the success of our customers who build a better world.
Here you earn more than just a salary because we value your performance. We offer a total rewards package that provides benefits on day one (medical, dental, vision, RX, and 401K) along with the potential of an annual bonus. Additional benefits include paid vacation days and paid holidays.
All qualified individuals - Including minorities, females, veterans, and individuals with disabilities - are encouraged to apply.
About Caterpillar -Caterpillar Inc. is the world’s leading manufacturer of construction and mining equipment, off-highway diesel and natural gas engines, industrial gas turbines and diesel-electric locomotives. For nearly 100 years, we’ve been helping customers build a better, more sustainable world and are committed and contributing to a reduced-carbon future. Our innovative products and services, backed by our global dealer network, provide exceptional value that helps customers succeed.Posting Dates:October 9, 2024 - October 22, 2024Any offer of employment is conditioned upon the successful completion of a drug screen.EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.Not ready to apply? Join our Talent Community (http://flows.beamery.com/caterpillarinc/talcom) .