Cybersecurity Engineer 4

Job Title: Cybersecurity Engineer 4
Client: Caterpillar
Location: Chicago, IL (Hybrid 1 to 3 days onsite per week)
Duration: 12 months (possible extension)
Onsite Requirement: Must be onsite from Day 1 (relocation must be clearly mentioned in the resume if applicable)
______________
Education & Experience:
Bachelor s degree with 8+ years of relevant experience
Candidates without a degree must have at least 12 years of experience
______________
Required Technical Skills:
Solid understanding of cybersecurity frameworks and standards including ISO, SOC, OWASP, MITRE, and Microsoft security practices
Hands-on experience auditing existing systems and solutions against Security and GRC (Governance, Risk, and Compliance) standards
______________
Required Soft Skills:
Should be comfortable working in a Research & Development (R&D) environment
Must be flexible in handling both technical and administrative tasks as needed

______________
Disqualifiers / Red Flags:
Frequent job changes or unstable work history
Lack of enthusiasm for team collaboration the hiring manager seeks proactive team players, not passive contributors
Non-local candidates must be ready to relocate and start onsite from Day 1; this must be clearly mentioned in the resume
______________
Job Overview:
This position involves securing Caterpillar's cloud environments (AWS and Azure) and application development pipelines. The engineer will be responsible for integrating security practices into the software development lifecycle (SDLC), managing vulnerabilities, and supporting DevSecOps efforts using tools like SAST, DAST, and Infrastructure-as-Code scanning.
The role includes helping software development teams understand and mitigate security risks through proactive consulting, secure design, testing, and ongoing support. The goal is to embed security within agile development and DevOps workflows across cloud platforms.
______________
Key Responsibilities:
Act as a security advisor for multiple software applications within the portfolio
Guide developers on secure coding practices, vulnerability management, and DevSecOps processes
Deliver a comprehensive set of security services in line with company policies and industry best practices
These include:
Security Defect Management: Validate and consult on vulnerabilities from tools like CodeQL, Rapid7, and third-party assessments (e.g., penetration tests, bug bounty reports)
Engineering Consultation: Partner with architects, product owners, and developers to guide secure decision-making and compliance through contextual guidance
Tool Integration: Set up and maintain automated security testing tools at the application/repository level
Security Testing Coordination: Organize and manage security assessments and ensure follow-through on remediation steps
Security Maturity Improvements: Advise teams on steps to enhance their security posture using scorecards and internal maturity models
Root Cause Analysis: Collaborate with development teams to create post-mortem reports to prevent recurring issues
______________
Team Structure & Collaboration:
Work closely with a DevOps team of 13 members, supporting a major initiative involving over 60 project contributors
The team follows a cross-functional model, where members are expected to be proactive, adaptive, and continuously learning to support evolving project needs