Engineering and Technical

Off Board Security Architect – Application Security – CNH Industrial

CNH Industrial is building the next generation of connected vehicles and equipment, which will create new experiences and make our products smarter.  To defend and secure our broad technical environment we are seeking an experienced and passionate Off Board Security Architect (Application Security). 

CNH is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

In this role you will:

·      Serve as a Subject Matter Expert (SME) in Application Security and CI/CD best practices and contribute as a member of the technical solutions team

·      Identify potential security risks and vulnerabilities and work proactively to mitigate risks and enhance end to end security posture across the CNH Application landscape

·      Create and maintain software application security policies and procedures, including secure software development guidelines, vulnerability management program and risk mitigation guidelines

·      Enhance Application Security activities such as Vulnerability Scanning, Certificate Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts[VV(I1] 

·      Design, implement, and maintain CI/CD pipelines for DevSecOps projects

·      Support the operationalization of cloud hosted applications, while pursuing maturation of the delivery tech stack with a flexible framework to ensure easy changes in the future

·      Work within cross-functional teams and apply diverse AppSec skill sets to support successful performance across operations and projects

·      Work with software developers and software engineers to ensure that development follows established security processes and works as intended

·      Generate and maintain programmatic and technical security documentation

·      Monitor current and proposed laws, regulations, industry standards and ethical requirements related to privacy and information security for CNH products and services

·      Drive work effort estimation & story pointing that aligns user/business goals through an Agile project

·      Provide business and technical advice on a wide variety of risk issues, concerns, and problems, making sure all business processes incorporate adequate information security

Requirements and Qualifications

·      Degree in computer science, computer engineering, or technology-related field

·      Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials

·      3+ years of experience in cyber security roles, with background in software security or development

·      3+ years experience with CI/CD Automation tools such as Azure DevOps, Jenkins and GitLab

·      3+ years experience with API Security, Container Security, or Microsoft Azure Cloud Security

·      3+ years experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization

·      3+ years experience coordinating and performing vulnerability assessments using automated or manual tools (Rapid7, NMAP, Fortify, etc.).

·      2+ years experience with Information Security frameworks/standards (i.e. CIS, NIST, OWASP, etc.).

·      2+ years experience with Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc.)

·      2+ years experience and demonstrated hands-on experience in using SAFe Project Management tools (such as Jira), value streams, and Lean-Agile metrics

·      1+ year experience with Go Programming and Bash, Python, or other scripting languages.

 [VV(I1]Jfrog XRAY, SonarCloud, SonarQube, Dashboarding tools, Risk Analysis, “Securization” process – Bringing a non- secure team into the security framework i.e. transitioning from a DevOps to a DevSecOps environment