Web Application Firewall (WAF) Specialist
Career Area:
Information Technology
Job Description:
Caterpillar is looking for a Web Applications Firewall, WAF, Integration Specialist to join their team. This is an IT analyst role on the Caterpillar Cybersecurity Vulnerability Management Team and is focused on delivery of security subject matter expertise for the advancement, execution, and sustainability of the Cybersecurity Vulnerability Management Programs.
JOB DUTIES/RESPONSIBILITIES:
- Web Application Firewall (WAF) Process Owner
- Provide support to Application Development teams and other counterparts on policies, procedures, and operational processes regarding WAF configurations and migrated applications as well as future migrations
- Provide operational process recommendations to ensure successful migration and maintenance of applications behind the WAF
- Provide engineering support for WAF readiness and security policy readiness. Engineering support onboarding activities for external applications including scheduling & executing Private Key Transit, and scheduling & executing WAF-deployment activities
- Set priorities based on customer impact/understanding, pain points
- Set work unit and project deadlines
- Perform customer outreach meetings to share service expansion & improvements
- Lead project teams and/or plan and monitor assignments of project team members
- Execute ITSM (Incident/Problem/Change) for the WAF team
- Consult with Development teams to ensure accurate application deployments into Production.
- Should have experience with web-based attacks, OWASP Top 10 web vulnerabilities, web application testing with tools like Zed Attack Proxy, and extensive knowledge of networking protocols
- Travel expected is 2 times a year for 1-week increment for in-person strategy planning.
Basic Qualifications:
- Bachelor's degree in security engineering/Architecture, Computer Science, Cybersecurity or a related field
- 5 years of Cybersecurity, Information Technology, Risk Management and/or Cyber Threat Intelligence
- 5-8 years of Information Technology experience (Networking or Application Development)
- Understanding of web application firewall tools, concepts, methodologies
- Excellent oral, written communication, and presentation skills
- Good Knowledge of OWASP Top 10 Guidelines for application security.
- Good documentation and process development skills.
- Microsoft Office (Excel, PowerPoint, Word, Outlook)
- Experience developing and testing apps in .NET or Java and other leading modern programming languages and technologies
- Experience with newer development frameworks
- Network Infrastructure experience with multi-vendor environments.
- Experience with cloud security: Amazon AWS, Windows Azure
Top candidates will also have:
- One or more professional information security certification from an accredited institution (CISSP, CCSP, CSSLP, CISM, GISCP, GWAPT, GWEB etc.)
- 5+ years of Information Security Knowledge of Information Security, IT Risks and Controls assessment, Cyber Threat assessments
- Knowledge of information security frameworks, ISO 27001, 27002, NIST CSF, NIST 800-82.
- Knowledge of Cybersecurity risks associated with vulnerability testing, patch management, and secure configuration management.
- Good Knowledge of software development processes, integration of security assessments in Software development life cycle (SDLC) process, secure coding is desirable.
- Excellent critical thinking, analytical and problem-solving skills.
- Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively.
- Ability to work with and influence developers, development managers, project managers, technology peers, and business contacts are required.
This position can be on-site in Dallas, Texas; Nashville, Tennessee; or East Peoria, Illinois.
Relocation assistance is not available for this position. Any relocation costs incurred would be the responsibility of the selected applicant
This employer is not currently hiring foreign national applicants that require or will require sponsorship tied to a specific employer, such as H, L, TN, F, J, E, O. As a global company, Caterpillar offers many job opportunities outside of the U.S. which can be found through our employment website at www.caterpillar.com/careers
EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.
Not ready to apply? Submit your information to our Talent Network here .