IT Information Security Engineer Principal (Remote)
Posted on Jun 26, 2020 by Oshkosh Corporation
Oshkosh Corporation is a leading manufacturer and marketer of access equipment,
specialty vehicles and truck bodies for the primary markets of defense,
concrete placement, refuse hauling, access equipment and fire & emergency.
Founded in 1917, Oshkosh Corporation has manufacturing operations in nine U.S.
states and in Australia, Belgium, Brazil, Canada, China, France, Mexico, The
Netherlands, and Romania. The company currently employs approximately 12,100
Oshkosh Corporation is a Fortune 350, multi-billion dollar company. Oshkosh
Corporation designs and builds the world's toughest specialty trucks, truck
bodies, and access equipment by working shoulder-to-shoulder with the people
who use them.
*This posting is for future anticipated openings*
These duties are not meant to be all-inclusive and other duties may be
* Participate in or coach the Security Incident Response Team (SIRT): to
employ strategy, standards, processes, and technology to detect, respond
and recover from security incidents and to limit impacts of any such
occurrence or reoccurrence by using risk-based triage.
* Participate in or coach the Global InfoSec Risk Management Program
including Global Threat & Vulnerability Management, Global Insider Threat
Management, Data Governance, Cloud Security, Supplier Risk Management,
Global Security Policies, and InfoSec Governance & Compliance.
* Serve as a security expert or coach in network or application design,
operating systems, endpoint protection, mobile devices, and foundational
InfoSec technical controls. Develop and maintain InfoSec hosted system
roadmaps (e.g. SIEM, DLP) and drive continuous improvements.
* Work closely with architects and analyst to ensure adequate security
solutions are in place throughout all systems to mitigate identified
risks sufficiently, while meeting business objectives and regulatory
* Manage and update the InfoSec risk model, and in coordination with other
functional teams (e.g. HR, Finance, IT, Engineering), establish plans to
securely manage the cyber risks associated with business activities and
* Serve as a trusted advisor to business functional areas (e.g. Finance,
HR, Engineering) and/or internal IT resources (such as infrastructure,
applications, IT services).
* Ensure that business and technical requirements are aligned to policy and
are implemented within regulatory and contractual compliance. Advocate
for cyber risk mitigation during planning sessions and implementation of
* Maintain expert awareness of all aspects of information security and
compliance, including PCI, SOC, and HIPAA requirements for information
systems and industry best practices; such as, NIST 800-53, 800-171.
* Contribute to the development and maintenance of the information security
* Supervise forensic investigations/analysis, including collaboration with
governmental agencies, as needed.
* Bachelor s degree in Information Systems or equivalent.
* Seven (7) or more years of Information Security experience.
* One (1) or more years of supervisory or management experience.
* Demonstrated conceptual, analytical and innovative problem-solving and
* Demonstrated knowledge of security controls for network, applications and
* Experience communicating conceptual and technical information both
verbally (on phone, one-on-one, to groups) and in writing (emails,
letters, reports, presentations) to various audiences (work group, team,
company management, external clients).
* Experience with projects or issues of high complexity that require in-
depth knowledge across multiple technical areas and lines of business.
* Experience identifying intruder techniques (new vulnerability, attack
vectors, exploits, etc.).
* In-depth knowledge and experience with InfoSec systems (SIEM, Risk).
* Graduate degree in Information Systems, Management or equivalent.
* Relevant industry recognized certifications (CISSP, CEH, GIAC, Security+,
* Hold an active or can obtain a U.S. Government Secret level or above
Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer.
This company will provide equal opportunity to all individuals without regard
to race, color, religion, sex, sexual orientation, gender identity, national
origin, disability, or veteran status. Information collected regarding
categories as provided by law will in no way affect the decision regarding an
Oshkosh Corporation will not discharge or in any manner discriminate against
employees or applicants because they have inquired about, discussed, or
disclosed their own pay or the pay of another employee or applicant. However,
employees who have access to the compensation information of other employees or
applicants as a part of their essential job functions cannot disclose the pay
of other employees or applicants to individuals who do not otherwise have
access to compensation information, unless the disclosure is (a) in response to
a formal complaint or charge, (b) in furtherance of an investigation,
proceeding, hearing, or action, including an investigation conducted by the
employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish
Certain positions with Oshkosh Corporation require access to controlled goods
and technologies subject to the International Traffic in Arms Regulations or
the Export Administration Regulations. Applicants for these positions may need
to be "U.S. Persons," as defined in these regulations. Generally, a "U.S.
Person" is a U.S. citizen, lawful permanent resident, or an individual who has
been admitted as a refugee or granted asylum.