What's the role?
The Cyber Security Engineer will be part of the Cyber Security team consisting of employees and external partners for Hilti’s Digital Marketing and Services unit. Project scope includes E-commerce sites, collaboration apps, digital catalog and learning systems to help Hilti clients buy, engage, and learn about, and how to use, Hilti products. The Cyber Security Engineer influences both internal and external stakeholders at all levels in developing and depending secure systems for all Digital marketing platform applications.
Provide leadership in the Cyber Security areas of: Vulnerability Scanning; Certificate and Password Policy Management; Data Analysis of security monitoring outputs; coordination of Remediation Patching; Analysis of threat landscape and advise development team on cyber risk and mitigation measures; and other daily Security and Compliance efforts. You will work in close collaboration with Security Incident Responders, Cyber Threat Intelligence Analysts and Cybersecurity Architects in the team and with colleagues in IT Operations to improve the overall security posture of Hilti.
Who is Hilti?
Hilti is where innovation is improving productivity, safety and sustainability in the global construction industry, and beyond. Where strong customer relationships are creating solutions that build a better future. Where there is pride and a sense of belonging across our 120 locations, carrying right into our lives and homes. Where people are exploring possibilities, leveraging their potential, owning their personal development and growing lasting careers.
What does the role involve?
- Manage and enforce with security governance policy
- Managing identify and access management thru collaboration with Global IT managed Active Directory, AWS IAM.
- Ensure that development team members have the least-privileged access that they can function day-to-day.
- Audit of access logs for seeing patterns and possible violations. Create scripts or automation of audit checks.
- Managing security policy for secure coding guidelines for the application development team. Responsibility includes managing, administrating and enforcing security policies for tools like Secure Code Analysis and Dynamic Application Security Testing.
- Vulnerability management
- Assists in penetration testing preparedness.
- Managing and creating alerts for potential security incidence like looking at access errors, possible attacks and working with the API gateway and network team in transparencies of errors across the data access path.
- Data access protection
- For secure data access, ensure the data has the proper rule and setup for integrity, availability, and confidentiality. Collaborate with the Global IT team in ensuring the data is properly backup with timely snapshots, encrypted at rest, and have proper access control.
- Continuously Improved Application and System Security processes and Tools
- By subscribing to Common Vulnerability and Exposure database, we continuously monitor CVE that can affect application or systems and alert and collaborate with the rest of the Application Development and Dev Ops team for code and systems remediation and patching.
- Collaborate with Hilti Information Security Office in improving security control policy and assists in security compliance certification.
- Additional duties, as assigned.
80% of our management positions are filled with internal candidates. It’s a testament to how much we value, develop and look after our people.
What do we offer?
- Company-paid benefits are effective on your first day of employment
- Hybrid work environment for independent focus and team collaboration
- Education and professional certifications assistance
- Recognition: online, points-based recognition platform that helps team members recognize and reward one another
- Holidays, vacation, personal days, health and wellness days, and community service days to provide balance in your life
What you need is:
- Bachelor’s degree in Computer Science, Computer Engineering or related field (or equivalent work experience
- Minimum six (6) years combined experience in system or development and cybersecurity
- Good knowledge of security standards and cybersecurity frameworks (i.e. CIS, NIST, RFC2196)
- Familiarity with the MITRE ATT@CK framework
- Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives
- Capability to prepare security vulnerability and risk management reports for management.
- Experience of managing and administration of Security protection tools such as Web Application Firewall, Denial of Service protection
- Working knowledge of Secure Code Analysis and Dynamic Application Security Testing tools
- Scripting knowledge like shell scripting, Node.js, or python that can leverage API and automation tools in cloud provider
- Knowledge of Linux/Unix patch management
- and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc.)
- Prior experience working with geographically distributed development teams
- Exceptional organizational skills with strong attention to detail and follow-up
- Excellent communication skills (verbal & written)
Why should you apply?
Let’s face it, we know there are lots of other companies out there. We have an excellent mix of people, which we believe makes for a more vibrant, more innovative, more productive team. This role gives you the opportunity to help shape our future anchor offerings and make a real impact from day one.
Hilti, Inc is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.