Caterpillar
Cat Digital uses digital technologies to help Caterpillar Inc. customers build a better world.
Chicago, IL

Principal Security Engineer, DevSecOps

| Chicago, IL
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Career Area:
Digital
Job Description:
Big machines require big thinking. Are you looking for your next big challenge?
Cat® Digital is the digital and technology arm of Caterpillar Inc., leveraging the latest technologies to build industry leading digital solutions for our customers and dealers. With over one million connected assets worldwide, our teams use data, technology, advanced analytics, telematics and AI capabilities to help our customers build a better world.
Working with a Fortune 100 leader, you can build your career on a global scale and take advantage of development opportunities with emerging technologies. We've created an inclusive environment for you to explore your passions, make an impact and do the work that really matters. Join Us.
PURPOSE:
Join the Application Integration team of Cat Digital and build software solutions that integration common services across our application portfolio and other enterprise systems used by Caterpillar customers and dealers. The integration of applications with various Digital Platform capabilities that are built on the latest technologies by adopting industry's best architecture patterns, security best practices etc. are critical for application's success and its adoption.
JOB DUTIES:
As a Principal Security Engineer, you will lead to Secure by design, secured development practices, Security testing and DevSecOps of software systems and/or applications. The Principal Security Engineer is responsible for facilitating security efforts between the Cybersecurity Organization and the development teams creating services on the data platform. Principal Security Engineer will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.
  • Provide principal level leadership across Cat Digital for the team and projects you are aligned
  • Mentor and assist other Security Engineers, providing technical assistance and direction as needed
  • Review and assessment of architectural artifacts (e.g. architecture diagrams) for compliance to security policy and identification of risks and potential areas of improvement
  • Collaborate with peer Cybersecurity professional in the assessment of IT solution for security posture
  • Liaison between Caterpillar Cybersecurity organization and the rest of Caterpillar to communicate, embed, and demonstrate compliance to Cybersecurity requirements
  • Technical point of contact for application teams related to automation, CI/CD, and Application Security Operations.
  • Understand and communicate business risk with security risk.
  • Understand and identify the existing processes and security gaps.
  • Guide to improve and streamline the development process to secure the application in every stage of software development by implementing DevSecOps
  • Works directly on complex application/technical problem identification and resolution,
  • Drives application development focused around delivering of security needs features
  • Maintains high standards of software quality within the team by establishing good practices and habits
  • Guide the team to develop a structured application/interface code, new program documentation, operations documentation, and user guides in a casual, flexible environment
  • Maintain current knowledge on existing security procedures, directives and technology controls including application testing, threat modeling, attack and penetration testing, data classification and data handling
  • Participate in industry working groups and provide insights to product development teams on leading architecture, design, and security practices
  • Understand security requirements and risk tolerance baselines
  • Keep development teams accountable to metrics measuring risk

Basic Qualifications:
  • Position requires a four-year degree from an accredited college or university.
  • 10 years or more of software development experience or at least 5 years of experience with master's degree in computer science or related field.
  • 8+ years in information security
  • 5 years or more of developing using languages such as Java, Scala, Python, or Node.JS
  • Cloud Security best practices (e.g. Cloud Security Alliance' CCM - Cloud Controls Matrix)
  • Security expertise and hands-on experience with MS Azure and AWS (3+ years of experience)
  • Experience with relevant industry standards, such as: ISO 27001, 27002, NIST CSF, ISA 62443 and SOC Reporting
  • Experience with a wide variety of information security processes and principles, such as:
    • Enterprise security architecture
    • Threat model development
    • Vulnerability assessment
    • Risk analysis
    • Defense in depth
    • SDLC and product development processes
    • Identity and access management
    • Business process design
    • Web services security

Top Candidates will also have:
  • Strong understanding and experience with information security technologies
  • Ability to coordinate multiple teams in accomplishing process review and improvement
  • Ability to work under pressure and within time constraints
  • Passion for technology and an eagerness to contribute to a team-oriented environment
  • Demonstrated leadership on small to medium-scale projects impacting strategic priorities
  • Bachelor's degree in Computer science or Electrical engineering or related field is required
  • Professional information security certification (CISSP, CCSP, CSSLP, GISCP, GWAPT, GWEB etc.)

This position has the option to based out of either our Chicago, IL; Peoria, IL or Dallas, TX office with flexibility for partial remote work from home when we return to office.
Visa sponsorship available for eligible applicants.
EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.
Not ready to apply? Submit your information to our Talent Network here .
See More
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • ScalaLanguages
    • SqlLanguages
    • ReactLibraries
    • ReduxLibraries
    • AngularJSFrameworks
    • Backbone.jsFrameworks
    • Ember.jsFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • AWS ElasticSearchFrameworks
    • AWS Code PipelineFrameworks
    • DockerFrameworks
    • ApigeeFrameworks
    • FlinkFrameworks
    • AkkaFrameworks
    • Amazon ECSFrameworks
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • SnowflakeDatabases
    • DynamoDBDatabases
    • RDSDatabases
    • Google AnalyticsAnalytics
    • TableauAnalytics
    • SalesforceCRM
Previous
Next

What are Caterpillar Perks + Benefits

Culture
Volunteer in local community
Caterpillar Inc. participates in local volunteer activities such as the Chase Corporate Challenge
Partners with Nonprofits
Friends outside of work
Eat lunch together
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Open office floor plan
Diversity
Documented equal pay policy
Dedicated Diversity/Inclusion Staff
Unconscious bias training
Diversity Employee Resource Groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Game Room
Recreational Clubs
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Time allotted for learning
Online course subscriptions available
Customized development tracks
Paid industry certifications

An Insider's view of Caterpillar

What are some social events your company does?

Whether we’re working virtually or in-person, we are always looking for ways to have fun and grow as a team. Team dinners, coffee chats, ax throwing, chess club, and virtual happy hours are just a few of the activities we do to make work more fun and connect with colleagues around the world.

Madison

Recruiter

What kinds of technical challenges do you and your team face?

It’s amazing to be able to work in an architectural framework where we can negotiate between speed to market and a solid application – software that is well-built, well-designed, well-tested. I find this negotiation both challenging and exhilarating.

MacGregor

Lead Software Engineer

How does the company support your career growth?

I’ve been with Caterpillar for 20 years now, and I’ve been lucky to work on teams that have different focuses. I’ve worked on everything from engineering applications to the latest and greatest digital technology applications.

Rakshan

Digital Product Manager

How do you make yourself accessible to the rest of the team?

The team should be comfortable approaching me with any kind of issue — like improving a process, getting rid of unnecessary ceremonies or something else — and know that I will address it. I believe a manager should be the first line of defense against bugs and conflicting priorities, and my team needs to know that I have their back.

Stan

Software Engineering Manager

What projects are you most excited about?

Deep learning algorithms, popularized in the past five years, allow us to scan huge volumes of data from Caterpillar's fleet of connected engines and machines for unusual patterns. We're now able to make sophisticated predictions that wouldn’t have been possible 20 years ago.

Dan

Analytics Director

More Jobs at Caterpillar