- This position requires solid knowledge and experience with cybersecurity controls pertaining to web systems. Responsibilities will include the following :
- Conduct ongoing cybersecurity reviews of Wabtec products and determine whether Cybersecurity Authorization to Operate (CATO) should be granted based on compliance with Wabtec policies, standards, and technical controls.
- Drive and support an authoritative technical consultation process on product cybersecurity across Wabtec's embedded electronics and non-IT networked product portfolio including connected vehicle security, secure implementation of real-time operating systems, ongoing security support for heavy industrial systems and web services.
- Drive and support processes to ensure Wabtec products implement appropriate cybersecurity controls, features, and requirements per applicable customer requirements, recognized industry standards, and engineering best practices.
- Support engineering teams responsible for conducting threat and risk assessments to quantify product threat surfaces and attack vectors.
- Recommend and consult on the design of software controls, environment / server hardening measures, and other risk mitigations to minimize attack surface and support cost-effective field maintainability of security controls.
- Support engineering teams responsible for conducting root cause and corrective actions related to cybersecurity defects.
- Create, seek, and share best practices for product cybersecurity across the Wabtec product portfolio.
- Deliver effective project management and technical communications.
- Understand technical cybersecurity concepts and their business implications. Be able to clearly explain these concepts to management and other engineers.
Minimum Qualifications : (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)
- Bachelor's degree in Computer Science, Cybersecurity, or a related field
- 10 years of experience with design, development, and / or testing of web systems, at least 4 of which include hands-on cybersecurity engineering responsibilities.
- Experience with at least three of the following areas :
- N-tier architecture
- Microservices
- MVC (Model-View-Controller)
- VMware
- Container management
- SaaS
- Competencies / knowledge in below areas :
- Open Worldwide Application Security Project (OWASP)
- Certificate management & PKI
- Cryptography
- Web Application penetration testing
- Server hardening
- Secure Data management (at rest / in transit)
- Access control management
- Firewall configuration
- GDPR, PII
- Two certifications from the below list or equivalent :
- OSCP (Offensive Security Certified Professional)
- CEH (Certified Ethical Hacker)
- CCSP (Certified Cloud Security Professional)
- CISP (Certified Information security Professional)
- CDPSE (Certified Data Privacy Solutions Engineer)
- CNDA (Certified Network Defense Architect)
- 5+ years of experience working with large enterprise web applications (e.g., bank, insurance)
- Extensive hands-on experience with cybersecurity assessment tools and methods
Knowledge, Skills and Abilities :
- Knowledge of cybersecurity regulations and standards, including IEC 62443, NIST 800-53, and / or ISO 27001 / 2
- Ability to support multiple projects simultaneously in a matrix management environment
- Strong organizational, analytical, and problem-solving ability and adept at communicating with different levels within the organization
- An understanding of software development life cycles
- Demonstrated ability to understand industry trends and a commitment to continuing education
- Demonstrated global change agent with strong credibility and an ability to influence across the organization
- Demonstrated thought leader with experience developing and implementing engineering solutions
- Demonstrated commitment for process improvement
Wabtec Corporation is committed to taking on the world's toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness.
We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles.
people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status.
If you have a disability or special need that requires accommodation, please let us know.