网络安全分析员
卡特彼勒(天津)有限公司
- 公司规模:150-500人
- 公司性质:外资(欧美)
- 公司行业:机械/设备/重工
职位信息
- 发布日期:2024-01-07
- 工作地点:天津·东丽区
- 工作经验:5年及以上
- 学历要求:本科
- 职位月薪:1.4-2.5万·14薪
- 职位类别:网络工程师 网络安全工程师
职位描述
Job Summary:
This position will be accountable for contributing to the identification, analysis and resolution of needs and problems in a discipline for which the incumbent is beginning to build a reputation as a subject matter expert in Cybersecurity.
This position performs complex analysis work, identifies and resolves problems. Although this position may be the transition from individual contributor to team leadership, the major focus of the job is on technical delivery. Incumbents may work more directly with different Business units, suppliers, internal customers and/or other teams. This requires the ability to communicate technical information in a concise and accurate manner.
This position is a non-supervisory role that reports directly to the AP Cybersecurity Advisory Manager.
Job Description:
Provide consultation on information security objectives and compliance with relevant security standards, policies, and procedures. Serve as trusted advisor to effectively communicate complex security risks in a manner that is easily understood and actionable. Enable the business to leverage enterprise-wide security solutions. Advise on processes and methodologies required when evaluating purchased product, new internal solutions, or outsourcing IT systems by various of security tools and processes, such as Software Asset management (SAM) process, Secure configuration baseline (SCB) and Third-Party Risk Assessment (TPRA), etc.
Test and evaluate information security controls and techniques to ensure they are efficiently and effectively implemented. Conduct Information Security Compliance Assessments according to the process and issue quality reports on time. Help with the risk owners through the remediation process by following the cybersecurity risk treatment plan (RTP) process.
Support Computer Security Incident Response Team (CSIRT) when necessary. Communicate in a timely fashion to update the CSIRT team. Coordinate incident response needs within area of responsibility in the event of an enterprise CSIRT incident or investigation.
Support the Caterpillar’s Information Security Awareness program. Ensure Information Security Awareness material is included in orientation for new staff, or third-party professionals, where applicable by law. Identify the need for customized awareness or phishing result messages specific to business areas. Develop and present messages in alignment with Information Security directives.
Travel may be required based on business need. <5%
?
Must Skills:
Consulting: Knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply consulting knowledge appropriately.
Level Working Knowledge:
? Explains the requirements, deliverables, costs, and criticalities of the assignment.
? Participates in developing consulting opportunities or assignments.
? Uses formal and informal means to keep client informed on progress and issues.
? Carries out the agreed-upon consulting assignment in a professional manner.
? Documents client's objectives and project scope.
Cybersecurity Risk Management: Knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
Level Basic Understanding:
? Explains major methods, tools and processes involved in cyber risk assessment.
? Identifies major categories of cyber risks.
? Describes the goals and objectives of cybersecurity risk management.
? Identifies an organization's resources for cyber risk avoidance and management.
Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
Level Working Knowledge:
? Performs information gathering and research on key elements of IT security policies.
? Assists senior colleagues in identifying and analyzing critical issues in IT security policies.
? Executes IT security policies and standards within a specific region in organization.
? Conducts performance reviews on implementation of IT security policies.
? Generates status reports for senior management to ensure the implementation of IT security policies.
Bachelor’s or equivalent degree on Computer Science, Information Security, IT infrastructure.
Good understanding of the information security knowledge in at least 1-2 security domains, such as:
Law & Regulation
Information security management
Communication security
Cryptography and Encryption
Access Control management
Software Development Life Cycle Management
Business Continuity and Disaster Recovery
Obtain one of the following certifications within eighteen months and maintain in good standing: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Controls (CRISC). CISSP is preferred.
?Prefer skill:
Requirements Analysis: Knowledge of tools, methods, and techniques of requirement analysis; ability to elicit, analyze and record required business functionality and non-functionality requirements to ensure the success of a system or software development project.
Level Extensive Experience:
? Plays an active or leading role in recording and storing requirement documents in various forms.
? Ensures the successful completion of all major activities, tasks and deliverables pertaining to the requirement analysis stage.
? Supervises the advanced use of requirements analysis tools and services, including prototyping and use cases.
? Produces detailed functional and information requirements models and documentation.
? Trains others on requirements walkthroughs and quality reviews.
? Utilizes automated diagramming tools to ensure traceability of requirements.
Information Security Technologies: Knowledge of technologies and technology-based solutions dealing with information security issues; ability to protect information security across the organization using encryption technologies and appropriate security software.
Level Working Knowledge:
? Collects and documents information about new information security tools.
? Explains computer forensics, authentication mechanisms and digital certificates.
? Installs, upgrades or maintains firewall technology or anti-virus software.
? Participates in evaluating information security features against business requirements.
? Utilizes a specific hardware or software security technology to control risks.
5年以上IT领域人员均可投递,只要后期愿意往网络安全领域发展~
职能类别:
网络安全工程师
关键字:
网络安全防火墙
This position will be accountable for contributing to the identification, analysis and resolution of needs and problems in a discipline for which the incumbent is beginning to build a reputation as a subject matter expert in Cybersecurity.
This position performs complex analysis work, identifies and resolves problems. Although this position may be the transition from individual contributor to team leadership, the major focus of the job is on technical delivery. Incumbents may work more directly with different Business units, suppliers, internal customers and/or other teams. This requires the ability to communicate technical information in a concise and accurate manner.
This position is a non-supervisory role that reports directly to the AP Cybersecurity Advisory Manager.
Job Description:
Provide consultation on information security objectives and compliance with relevant security standards, policies, and procedures. Serve as trusted advisor to effectively communicate complex security risks in a manner that is easily understood and actionable. Enable the business to leverage enterprise-wide security solutions. Advise on processes and methodologies required when evaluating purchased product, new internal solutions, or outsourcing IT systems by various of security tools and processes, such as Software Asset management (SAM) process, Secure configuration baseline (SCB) and Third-Party Risk Assessment (TPRA), etc.
Test and evaluate information security controls and techniques to ensure they are efficiently and effectively implemented. Conduct Information Security Compliance Assessments according to the process and issue quality reports on time. Help with the risk owners through the remediation process by following the cybersecurity risk treatment plan (RTP) process.
Support Computer Security Incident Response Team (CSIRT) when necessary. Communicate in a timely fashion to update the CSIRT team. Coordinate incident response needs within area of responsibility in the event of an enterprise CSIRT incident or investigation.
Support the Caterpillar’s Information Security Awareness program. Ensure Information Security Awareness material is included in orientation for new staff, or third-party professionals, where applicable by law. Identify the need for customized awareness or phishing result messages specific to business areas. Develop and present messages in alignment with Information Security directives.
Travel may be required based on business need. <5%
?
Must Skills:
Consulting: Knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply consulting knowledge appropriately.
Level Working Knowledge:
? Explains the requirements, deliverables, costs, and criticalities of the assignment.
? Participates in developing consulting opportunities or assignments.
? Uses formal and informal means to keep client informed on progress and issues.
? Carries out the agreed-upon consulting assignment in a professional manner.
? Documents client's objectives and project scope.
Cybersecurity Risk Management: Knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
Level Basic Understanding:
? Explains major methods, tools and processes involved in cyber risk assessment.
? Identifies major categories of cyber risks.
? Describes the goals and objectives of cybersecurity risk management.
? Identifies an organization's resources for cyber risk avoidance and management.
Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
Level Working Knowledge:
? Performs information gathering and research on key elements of IT security policies.
? Assists senior colleagues in identifying and analyzing critical issues in IT security policies.
? Executes IT security policies and standards within a specific region in organization.
? Conducts performance reviews on implementation of IT security policies.
? Generates status reports for senior management to ensure the implementation of IT security policies.
Bachelor’s or equivalent degree on Computer Science, Information Security, IT infrastructure.
Good understanding of the information security knowledge in at least 1-2 security domains, such as:
Law & Regulation
Information security management
Communication security
Cryptography and Encryption
Access Control management
Software Development Life Cycle Management
Business Continuity and Disaster Recovery
Obtain one of the following certifications within eighteen months and maintain in good standing: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Controls (CRISC). CISSP is preferred.
?Prefer skill:
Requirements Analysis: Knowledge of tools, methods, and techniques of requirement analysis; ability to elicit, analyze and record required business functionality and non-functionality requirements to ensure the success of a system or software development project.
Level Extensive Experience:
? Plays an active or leading role in recording and storing requirement documents in various forms.
? Ensures the successful completion of all major activities, tasks and deliverables pertaining to the requirement analysis stage.
? Supervises the advanced use of requirements analysis tools and services, including prototyping and use cases.
? Produces detailed functional and information requirements models and documentation.
? Trains others on requirements walkthroughs and quality reviews.
? Utilizes automated diagramming tools to ensure traceability of requirements.
Information Security Technologies: Knowledge of technologies and technology-based solutions dealing with information security issues; ability to protect information security across the organization using encryption technologies and appropriate security software.
Level Working Knowledge:
? Collects and documents information about new information security tools.
? Explains computer forensics, authentication mechanisms and digital certificates.
? Installs, upgrades or maintains firewall technology or anti-virus software.
? Participates in evaluating information security features against business requirements.
? Utilizes a specific hardware or software security technology to control risks.
5年以上IT领域人员均可投递,只要后期愿意往网络安全领域发展~
职能类别:
网络安全工程师
关键字:
网络安全防火墙
公司介绍
卡特彼勒(天津)有限公司是卡特彼勒公司的独资公司,占地面积约25万平方米,总投资约为3亿美元。主要生产卡特彼勒3500系列大型发动机和发电机组。 该公司预计于2013年***季度正式投产,它将成为卡特彼勒在全球范围内第三个生产领先的3500系列发动机的基地,产品主要面向中国及亚太地区。
联系方式
- Email:eva@cat.com
- 公司地址:天津空港经济区保税路270号 (邮编:300000)