SUMMARY PAY RANGE:

$126,000.00 - $204,720.00
Compensation and benefits offered may vary depending on multiple individualized factors, job level, market location, job-related knowledge, skills, individual performance and experience. Please note that salary is only one component of total compensation at Caterpillar.

ROLE SUMMARY:

Join the DevOps Cybersecurity team of Cat Digital and establish cybersecurity practice within the Salesforce community. You will have deep integration with applications as they move from an idea into a solution, integrating Security practices and enabling delivery for Caterpillar Digital Applications. Be a part of the team that is using innovative solutions and methods to securely enable, build, and deploy modern applications and software.

WHAT YOU WILL DO:

As a Lead Cybersecurity Engineer, you will be responsible for understanding and contributing to Security by Design practices, secure application software development lifecycle practices, security testing and assessment, and the integration of Security with DevOps. This role is responsible for cultivating cybersecurity practice across Salesforce development community by leveraging tools that are tailored for Salesforce. You will spend time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

• Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
• Engineering Consulting – Serving as a “best friend” to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
• Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeAnalyzer, Checkmarx, etc.) at the repository or application level according to established process.
• Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
• Maturity Measurement – Consulting with software engineers on practices which will improve their application’s security maturity according to scorecards and maturity models established by Cat Digital.
• Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.