Lead Cybersecurity Engineer Vulnerability Management

Who will you be working with?

Join Enterprise Information Security (EIS) to drive cybersecurity excellence leveraging intelligence, strategic partnerships, and analysis. Collaborate daily with GRC, Architecture, Operations, and key Information Technology stakeholders to advance our information security capabilities.

How will you make a difference?

As a member of Enterprise Information Security, Wabtec is looking for an individual to run a Vulnerability Management program. The Lead Cybersecurity Engineer role reports directly into Enterprise Security Services (ESS) and is responsible for vulnerability response. Use your expertise to identify improvement areas and influence cybersecurity hygiene across all IT functions. Join us and lead the charge in cybersecurity excellence!

What do we want to know about you?

You must have:

• Bachelor's degree in computer engineering or STEM major (Science, Technology, Engineering, or Math) and/or a minimum of six years of vulnerability management experience
• 6+ years of experience overseeing the identification, assessment, and remediation of security vulnerabilities across IT infrastructure
• Experience with the development of technical documentation
• Thorough understanding of standards such as NVD, CVE, CPE, CWE, CVSS, CESS, EPSS
• Effective project management and communications skills with ability to work on a Global team
• Must be willing to work weekends/off-shift hours, as needed during incidents.

We would love it if you had:

• Excellent communication skills with the ability to manage joint response and remediation efforts and constructively influence peers and leadership
• Proficiencies in collaborating with Architecture, Product Security and IT stakeholders to refine vulnerability management lifecycle between Enterprise and Product
• Ability to react quickly, decisively, and deliberately in high stress situations
• Hands-on experience with popular vulnerability management solutions such as Tenable and ServiceNow-VR
• Preferred -Tanium Comply, WIZ, ArmorCode, and Black Duck

What will your typical day look like?

• Conduct regular vulnerability assessments using tools such as Tenable and ServiceNow-Vulnerability Response
• Leverage experience to analyze and prioritize vulnerabilities based on risk and impact with the ability to work independently and receive minimal guidance
• Develop and implement remediation plans in collaboration with IT and application teams, collaborate with various departments, ensuring systems are secure and compliant with industry standards
• Continuously monitor the security landscape and provide detailed reports on vulnerability status, trends, remediation progress
• Assist in the response to security incidents, providing expertise in vulnerability exploitation and mitigation

What about the physical demands of the job? (Usual office job examples)

• Regularly remaining in a stationary position, often standing or sitting for prolonged periods
• Regularly communicating with others to exchange information
• Regularly required to attend meetings in person and virtually using video and audio computer equipment
• Regularly repeating motions that may include the wrists, hands and/or fingers, such as typing
• Occasionally moving about to accomplish tasks or moving from one worksite to another
• Occasionally light work that includes moving objects up to 20 pounds

You may also be asked to perform other duties outside of your function or trade, for which adequate training will be provided if necessary.

Work Environment: (Usual office job)

• Hybrid work schedule (both on-site and remote)
• The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.