Senior IT Information Security Engineer

Oshkosh Corporation Oshkosh , WI 54902

Posted 2 months ago

At Oshkosh, we build, serve and protect people and communities around the world by designing and manufacturing some of the toughest specialty trucks and access equipment. We employ over 15,000 team members all united by a common purpose. Our engineering and product innovation help keep soldiers and firefighters safe, is critical in building and keeping communities clean and helps people do their jobs every day.

JOB SUMMARY:

Oshkosh Corporation owns significant assets in the form of information. Some of these assets lose substantial value if they are improperly disclosed, and similar disclosure of other assets could result in significant harm to the organization. This role will support the Cybersecurity mission by working with the business as a trusted advisor to reduce cybersecurity risks to acceptable levels. Specifically, by acting as the organization's mechanism to identify, maintain, and improve cybersecurity controls by using risk-based approach and creating effective education and awareness to preserve the confidentiality, integrity, and availability of company information.

GENERAL SECURITY RESPONSIBILITIES:

You'll work in a team-based environment to improve process, procedures, and training and participate in one of the following focus areas:

Education and Awareness:

  • Ensure the information security awareness program communicates our security policies and requirements in a manner which facilitates knowledge and understanding. Create dynamic interactive lessons designed to hold the attention of adults with various learning styles.

  • Coordinate with IT and business regional leads to develop or modify awareness plans for different cultures, nationalities and languages. Develop deeper training for job related security competencies in critical functions.

  • Coordinate the production of training materials for targeted audiences that address various learning styles through visual, auditory, and kinesthetic methods. Prepare and deliver targeted awareness campaigns (phishing, cyber security month, personal security, etc.).

  • Create phishing simulations and other security awareness trainings with internal team members for the rest of the corporation.

  • Keep informed on the latest research, trends, and developments in all areas of adult education. Incorporate best practices into the Security & Awareness (SEA) program.

Incident Response/Threat Intel:

  • Triage alerts, collect related data from various analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise, or unintended/high-risk exposure.

  • Prepare reports detailing background, observables, analysis process & criteria, and conclusions from incidents, news, or other intel.

  • Analyze network flows, system logs, and meta data for patterns/characteristics or general anomalies to trend/baseline activity and correlate for alerts, activities, and detections.

  • Leverage programming/scripting skills to automate data-parsing, reporting, or any repetitive task that is in daily or common work tasks.

  • Interpret IDS/IPS or SEIM offense signatures as part of a layered defense strategy leveraging multiple technologies throughout our environment

  • Work in the Security Incident Response Team to improve process, procedures, and training such as creating playbooks for investigations and response procedures, creating table tops scenarios based on different aspects of our environment, and working through investigations with other analysts to train on proper techniques for investigation.

  • Be involved in threat hunts and purple team events that are put on to strengthen our knowledge of our environment.

  • Work closely with principals, architects, and analyst to ensure adequate security solutions are in place throughout all systems to mitigate identified risks sufficiently, while meeting business objectives and regulatory requirements

  • Assist in updating the InfoSec risk model, and in coordination with other functional teams (e.g. HR, Finance, IT, Engineering), establish plans to securely manage the cyber risks associated with business activities and technical implementations.

  • Serve as a trusted advisor to business functional areas (e.g. Finance, HR, Engineering) and/or internal IT resources (such as infrastructure, applications, IT services).

  • Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Advocate for cyber risk mitigation during planning sessions and implementation of new services.

  • Maintain expert awareness of all aspects of information security and compliance, including PCI, SOC, and HIPAA requirements for information systems and industry best practices, such as, NIST 800-53, 800-171.

  • Contribute to the development and maintenance of the information security strategy.

  • Build and update metrics for measuring performance of the Security Incident Response Team (SIRT).

MINIMUM QUALIFICATIONS:

  • Bachelor's degree in Information Systems or equivalent.

  • Five (5) or more years of Information Security experience.

  • Demonstrated knowledge of security controls for network, applications, and operating systems.

  • Experience communicating conceptual and technical information both verbally (on phone, one-on-one, to groups) and in writing (emails, letters, reports, presentations) to various audiences (work group, team, company management, external clients).

PREFERRED QUALIFICATIONS:

  • Relevant industry recognized certifications (CISSP, CEH, GIAC, Security+, SSAP, etc.)

  • Excellent organizational skills and ability to communicate with internal/external entities and executives.

  • Experience identifying intruder techniques (new vulnerability, attack vectors, exploits, etc.).

  • Knowledge and experience with InfoSec systems (SEIM, SOAR, IDS/IPS, Phishing Toolkits, Sandbox Analysis Tools, etc.).

  • Hold an active or can obtain a U.S. Government Secret level or above clearance.

  • Programming experience in any language.

  • Demonstrate conceptual, analytical, and innovative problem-solving and evaluative skills

WORKING CONDITIONS:

  • Physical Demands: Frequent Sitting, Hearing, Talking, Visual, Typing, and Manual Dexterity.

Oshkosh is committed to working with and offering reasonable accommodation to job applicants with disabilities. If you need assistance or an accommodation due to disability for any part of the employment process, please contact us at: 920-502-3009 or corporatetalentacquisition@oshkoshcorp.com.

Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer. This company will provide equal opportunity to all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Information collected regarding categories as provided by law will in no way affect the decision regarding an employment application.

Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.

Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Project Engineer

Oshkosh Corp.

Posted 2 weeks ago

VIEW JOBS 9/1/2021 12:00:00 AM 2021-11-30T00:00 At Oshkosh, we build, serve and protect people and communities around the world by designing and manufacturing some of the toughest specialty trucks and access equipment. We employ over 15,000 team members all united by a common purpose. Our engineering and product innovation help keep soldiers and firefighters safe, is critical in building and keeping communities clean and helps people do their jobs every day. SUMMARY Responsible for engineering project(s) within a design and development program with specific emphasis on commercial cab design. This includes the supervision of teams of engineers and designers. The position will also direct high level engineering analysis and design of new and modified components and subsystems in accordance with engineering standards and project scope to ensure that designs meet customer requirements, corporate objectives, are safe, and can be manufactured. ESSENTIAL DUTIES AND RESPONSIBILITIES * Participate in the budgeting process to include recommending capital improvements and preparing justification data as required * Researches, studies, and proposes use of new technologies to be used in the development of new and improved products * Maintain effective communication with suppliers, internal and external customers, and outside resources concerning technical issues * Communicate project objectives to team members * Enforce the proper use of engineering criteria and drawing standards. Ensure that technical issues are conducted within the framework of company policies and procedures * Evaluate designs for performance, safety and reliability * Directs preparation layouts, drawings, specifications, and bills of material * Create and maintain project documentation for project planning, requirements analysis, risk management, issues, management, status reporting, project communication, and quality assurance * Perform engineering analysis to support the selection of parts, components, and materials that meet requirements * Perform job duties in an ethical, professional manner which is consistent with the Oshkosh Way. Conduct duties consistent with the Company's mission statement, quality objectives, and defined policies and procedures * Provide technical assistance for prototype, pilot, and production support * Analyze and resolve issues reported to Engineering via verbal or written communication * Provide guidance to team members to ensure the appropriate engineering analysis is performed and documented * Provide leadership to a technical staff to ensure program success. Assure designs meet customer requirements, statutory requirements, and corporate objectives * Establishes priorities for work delegated to others * Provide management/leadership to technical staff including resource planning, scheduling, and administration to ensure program success * Prepare technical proposals, quotations, reports, and presentations * Able to obtain a secret security clearance as required by job duties BASIC QUALIFICATIONS * Bachelor's of Science in Engineering * 8-plus years related experience PREFERRED QUALIFICATIONS * Experience with a high level cad system * Possess a strong mechanical knowledge of vehicles and related systems * Experience with complex metal forming processes including stamping and hydroforming * Strong verbal presentation and written communication skills * Excellent time management and organizational skills Oshkosh is committed to working with and offering reasonable accommodation to job applicants with disabilities. If you need assistance or an accommodation due to disability for any part of the employment process, please contact us at: 920-502-3009 or corporatetalentacquisition@oshkoshcorp.com. Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer. This company will provide equal opportunity to all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Information collected regarding categories as provided by law will in no way affect the decision regarding an employment application. Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information. Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum. Oshkosh Corp. Oshkosh WI

Senior IT Information Security Engineer

Oshkosh Corporation