Job Duties/Responsibilities:

• Perform vulnerability scanning and/or assessments of business applications, websites, and identify deviations from acceptable enterprise vulnerability management policy requirements.

• Assist development teams to setup automation pipelines to perform SAST security testing against their applications

• Triage the scanning tool results to remove false positives

• Interface with IT operational teams to influence, prioritize and guidance on remediation of identified vulnerabilities.

• Perform Governance workflows to ensure vulnerabilities are acknowledged and remediated by the development teams

• Support various security and application development projects as a SME/team member to the Enterprise

• Installation, configuration, and maintenance of CI/CD solutions with SAST/DAST enabled

• Provide support of operational tools and methods for dynamic application security testing (DAST), static application security testing (SAST) per policies.

• Obtain and maintain knowledge on existing security procedures and directives related to application security and vulnerability management.

• Provide support for VM Team activities such as new tool implementation/investigation, significant architectural changes, and process improvements to vulnerability management.

Basic Qualifications:

• Bachelor (4 year) degree in Security Engineering/Architecture, Computer Science, Cybersecurity or a related field

• 3-5 years of Cybersecurity, Risk Management, Information Technology experience

• 2+ years of DAST scanning experience (Web Inspect preferably)

• 2+ years of SAST scanning experience (Fortify preferably)

Ideal Candidate Will Also Have:

• One or more professional information security certification from an accredited institution (CISSP, CCSP, CSSLP, CISM, GISCP, GWAPT, GWEB etc.)

• Good Knowledge of OWASP Guidelines for application security.

• 2+ years of software development/testing experience in any of the following programming languages: C#, Python, Bash, Perl, JavaScript, C++, .Net

• 2+ Experience with Azure DevOps Pipelines; CI/CD Automation

• 1+ experience as a member of an Agile team

• 1-3 years of broad AWS or Azure experience

• Working knowledge Azure DevOps (formerly VSTS)

• Working knowledge with SQL queries and SQL/MySql database

• Excellent analytical and problem-solving skills.

• Exhibit strong influencing / negotiation skills as well as written/verbal communication skills and presentation skills.

Caterpillar is an Equal Opportunity Employer (EEO).