Lead Engineer, Cyber Security
Oshkosh Corporation is a leading manufacturer and marketer of access equipment, specialty vehicles and truck bodies for the primary markets of defense, concrete placement, refuse hauling, access equipment and fire & emergency. Founded in 1917, Oshkosh Corporation has manufacturing operations in nine U.S. states and in Australia, Belgium, Brazil, Canada, China, France, Mexico, The Netherlands, and Romania. The company currently employs approximately 12,100 people worldwide.
Oshkosh Corporation is a Fortune 500, multi-billion dollar company. Oshkosh Corporation designs and builds the world's toughest specialty trucks, truck bodies, and access equipment by working shoulder-to-shoulder with the people who use them.
Oshkosh Corporation owns significant assets in the form of information. Some of these assets lose substantial value if they are improperly disclosed, and similar disclosure of other assets could result in significant harm to the organization. This job supports the Enterprise Information Security Office misson by helping to appropriately preserve the confidentiality, integrity and availability of Enterprise information, helping the business understand and balance cyber risk against business needs, and acting as the organizations’s mechanism to appropriately identify, select, maintain and improve information security controls by using risk based approach coupled with continuous improvement.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
These duties are not meant to be all-inclusive and other duties may be assigned.
- Participate/Lead the Security Incident Response Team (SIRT). Help SIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
- Contribute to the InfoSec risk model, and in coordination with other IT teams, establish plans to securely manage the cyber risks associated with business activities and technical implementations.
- Serve as a security expert in network or application design, operating systems, endpoint protection, mobile devices, and foundational InfoSec technical controls. Help project teams comply with InfoSec policies, industry regulations, and best practices.
- Work with enterprise architects, other functional area architects, analysts and project teams ensuring InfoSec solutions are in place throughout all IT systems to mitigate identified risks sufficiently, while meeting business objectives and regulatory requirements.
- Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Advocate for cyber risk mitigation during planning sessions and implementation of new services.
- Maintain knowledge of all aspects of information security and compliance, including PCI, SOX, and HIPAA requirements for information systems and industry best practices; such as, NIST 800-53, 800-171.
- Contribute to the development and maintenance of the information security strategy.
- • Contribute or Lead forensic investigations/analysis, including collaboration with governmental agencies, as needed.
- Bachelor’s degree in Information Systems or equivalent.
- Six (6) or more years of Information Security experience.
- Experience with Network protocols (TCP/IP), network apps and services, sniffers, DLP, and understanding network security issues.
- Experience with Host/System security issues including identifying, analyzing and mitigating security vulnerabilities and weaknesses (malicious code, implementation flaws, hardening, etc.).
- Experience identifying intruder techniques (new vulnerability, attack vectors, exploits, etc.).
- In-depth knowledge and experience with Intrusion Detection/Prevention Systems.
- Experience maintaining incident records (writing threat and risk assessments).
- Experience with a scripting language.
- Experience communicating conceptual and technical information both verbally (on phone, one-on-one, to groups) and in writing (emails, letters, reports, presentations) to various audiences (work group, team, company management, external clients).
- Experience with projects or issues of high complexity that require in-depth knowledge across multiple technical areas and lines of business.
- Relevant industry recognized certifications (CISSP, CEH, GIAC, Security+, etc.)
Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer. This company will provide equal opportunity to all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Information collected regarding categories as provided by law will in no way affect the decision regarding an employment application.
Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.
Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.
The company's major brands - Oshkosh, JLG, Pierce, McNeilus, IMT, Jerr-Dan, CON-E-CO and London - are considered leaders in their industries. JLG leads with a diverse product portfolio including leading brands such as JLG® aerial work platforms; JLG, SkyTrak® and Lull® and telehandlers. Under its Pierce® brand, Oshkosh is North America's leading fire truck manufacturer. Oshkosh is among the world's leading defense vehicle manufacturers. McNeilus® brand concrete mixers are used by more concrete producers than any other. McNeilus is the world leader in refuse collection bodies. Jerr-Dan is a top name in towing and recovery equipment. CON-E-CO is a leading U.S. concrete batch plant manufacturer, and London is the leading Canadian concrete mixer manufacturer.
Founded in 1917, Oshkosh Corporation has manufacturing operations in eight U.S. states and in Australia, Belgium, Canada, China, France, The Netherlands and Romania and through an investment in a joint venture in Mexico. The company currently employs approximately 12,000 people worldwide.
Oshkosh products are valued worldwide in businesses where high quality, superior performance, and rugged reliability and long-term value are paramount.
Company Size: 10,001+