Senior Cybersecurity Engineer
Company: Wabtec
Location: Melbourne
Posted on: May 8, 2024
|
|
Job Description:
Wabtec Corporation is a leading global provider of equipment,
systems, digital solutions and value-added services for freight and
transit rail. Drawing on nearly four centuries of collective
experience across Wabtec, GE Transportation and Faiveley Transport,
the company has unmatched digital expertise, technological
innovation, and world-class manufacturing and services, enabling
the digital-rail-and-transit ecosystems. Wabtec is focused on
performance that drives progress, creating transportation solutions
that move and improve the world. Wabtec has approximately 27,000
employees in facilities throughout the world. Visit the company's
new website at: http://www.WabtecCorp.com .
It's not just about your career--- or your job title---it's about
who you are and the impact you are going to make on the world. Do
you want to go into uncharted waters---do things that haven't been
done to make yours and someone else's life better? Wabtec has been
doing that for decades and we will continue to do so! Through our
people, leadership development, services, technology and scale,
Wabtec delivers better outcomes for global customers by speaking
the language of industry.
We are the doers. The leaders. The makers. Our teams are hungry to
make history, acting with integrity to relentlessly improve
people's lives. It's time to stop dreaming about the future; let's
build it together.
If you are interested in joining our Talent Community, please share
your resume with us. When a position that matches your
qualifications becomes available it's that much easier to
connect!
Summary:
The---Senior---Cybersecurity Engineer---is responsible for ongoing
cybersecurity assessments of Wabtec products to determine whether
they comply with applicable Wabtec cybersecurity standards and
technical controls. They will advise product managers and
engineering teams, create awareness of cybersecurity standards and
technical controls, and recommend best practices for satisfying
these standards and controls for web systems designed for cloud,
on-premises, and mobile environments. They will work closely with
others to define and maintain technical controls to address
external standards, Wabtec standards, and product
requirements.---
Duties and Responsibilities:
This position requires solid knowledge and experience with
cybersecurity controls pertaining to web systems. Responsibilities
will include the following:
Conduct ongoing cybersecurity reviews of Wabtec products and
determine whether Cybersecurity Authorization to Operate (CATO)
should be granted based on compliance with Wabtec policies,
standards, and technical controls.
Drive and support an authoritative technical consultation process
on product cybersecurity across Wabtec's embedded electronics and
non-IT networked product portfolio including connected vehicle
security, secure implementation of real-time operating systems,
ongoing security support for heavy industrial systems and web
services.
Drive and support processes to ensure Wabtec products implement
appropriate cybersecurity controls, features, and requirements per
applicable customer requirements, recognized industry standards,
and engineering best practices.
Support engineering teams responsible for conducting threat and
risk assessments to quantify product threat surfaces and attack
vectors.
Recommend and consult on the design of software controls,
environment/server hardening measures, and other risk mitigations
to minimize attack surface and support cost-effective field
maintainability of security controls.
Support engineering teams responsible for conducting root cause and
corrective actions related to cybersecurity defects.
Create, seek, and share best practices for product cybersecurity
across the Wabtec product portfolio.
Deliver effective project management and technical
communications.
Understand technical cybersecurity concepts and their business
implications. Be able to clearly explain these concepts to
management and other engineers.
Minimum Qualifications: (To perform this job successfully, an
individual must be able to perform each essential duty
satisfactorily.)
Bachelor's degree in Computer Science, Cybersecurity, or a related
field---
10 years of experience with design, development, and/or testing of
web systems, at least 4 of which include hands-on cybersecurity
engineering responsibilities.
Experience with at least three of the following areas:
---N-tier architecture
---Microservices
---MVC (Model-View-Controller)
---VMware
---Container management
---SaaS
Competencies / knowledge in below areas:
---Open Worldwide Application Security Project (OWASP)
---Certificate management & PKI
---Cryptography
---Web Application penetration testing
---Server hardening
---Secure Data management (at rest / in transit)
---Access control management
---Firewall configuration
---GDPR, PII
Two certifications from the below list or equivalent:
---OSCP (Offensive Security Certified Professional)
---CEH (Certified Ethical Hacker)
---CCSP (Certified Cloud Security Professional)
---CISP (Certified Information security Professional)
---CDPSE (Certified Data Privacy Solutions Engineer)
---CNDA (Certified Network Defense Architect)
5+ years of experience working with large enterprise web
applications (e.g., bank, insurance)
Extensive hands-on experience with cybersecurity assessment tools
and methods
Knowledge, Skills and Abilities:
Knowledge of cybersecurity regulations and standards, including IEC
62443, NIST 800-53, and/or ISO 27001/2
Ability to support multiple projects simultaneously in a matrix
management environment
Strong organizational, analytical, and problem-solving ability and
adept at communicating with different levels within the
organization
An understanding of software development life cycles
Demonstrated ability to understand industry trends and a commitment
to continuing education
Demonstrated global change agent with strong credibility and an
ability to influence across the organization
Demonstrated thought leader with experience developing and
implementing engineering solutions
Demonstrated commitment for process improvement
Wabtec Corporation is committed to taking on the world's toughest
challenges. In order to fulfill that commitment we rely on a
culture of leadership, diversity and inclusiveness. We aim to
employ the world's brightest minds to help us create a limitless
source of ideas and opportunities. We believe in hiring talented
people of varied backgrounds, experiences and styles---people like
you! Wabtec Corporation is committed to equal employment
opportunity regardless of race, color, ancestry, religion, sex,
national origin, sexual orientation, age, citizenship, marital
status, disability, gender identity or expression, or protected
Veteran status. If you have a disability or special need that
requires accommodation, please let us know.
Keywords: Wabtec, Lakeland , Senior Cybersecurity Engineer, Engineering , Melbourne, Florida
Click
here to apply!
|