At Oshkosh, we build, serve and protect people and communities around the world by designing and manufacturing some of the toughest specialty trucks and access equipment. We employ over 17,000 team members all united by a common purpose. Our engineering and product innovation help keep soldiers and firefighters safe, is critical in building and keeping communities clean and helps people do their jobs every day.
JOB SUMMARY:
Oshkosh Corporation owns significant assets in the form of information. Some of these assets lose substantial value if they are improperly disclosed, and similar disclosure of other assets could result in significant harm to the organization. This role will support the Cybersecurity mission by working with the business as a trusted advisor to reduce cybersecurity risks to acceptable levels. Specifically, by acting as the organization’s mechanism to identify, maintain, and improve cybersecurity controls by using risk-based approach and creating effective education and awareness to preserve the confidentiality, integrity, and availability of company information.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
These duties are not meant to be all-inclusive and other duties may be assigned.
- Participate in the Security Incident Response Team (SIRT). Help SIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
- Serve as a security resource in network or application design, operating systems, endpoint protection, mobile devices, and foundational InfoSec technical controls. Maintain and roadmap InfoSec hosted systems (e.g. SIEM, DLP) and drive continuous improvements.
- Work with other functional area analysts ensuring InfoSec solutions are in place throughout all IT systems to mitigate identified risks sufficiently, while meeting business objectives and regulatory requirements. Help project teams comply with InfoSec policies.
- Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Advocate for cyber risk mitigation during planning sessions and implementation of new services.
- Maintain awareness of all aspects of information security and compliance. Include PCI, SOX, and HIPAA requirements for information systems and industry best practices such as NIST 800-53, 800-171.
- Participate in, as required, forensic investigations/analysis, including collaboration with governmental agencies as needed.
MINIMUM QUALIFICATIONS:
- Bachelor’s Degree in Information Security or a related field.
- OR equivalent education and experience combination.
- Ability to travel 10%.
PREFERRED QUALIFICATIONS:
- Relevant industry recognized certifications (CISSP, CEH, GIAC, Security+, etc.).
- Excellent organizational skills and ability to communicate with internal/external entities.
- Experience with Network Protocols (TCP/IP), network applications and services, sniffers, DLP, and understanding network security issues.
- Experience with Host/System security issues including identifying, analyzing, and mitigating security vulnerabilities and weaknesses (malicious code, implementation flaws, hardening, etc.).
- Familiarity with identifying intruder techniques (new vulnerability, attack vectors, exploits, etc.).
- Familiarity with Intrusion Detection/prevention Systems, SIEM, and other InfoSec Systems.
CORE COMPETENCIES:
- Internal Contacts: Contact with employees or others primarily at a routine level involving basic information exchange; Contact with peers and others involving explanation of information (these contacts may be within or outside department or division), and the gathering of factual information. May include the communication of sensitive or confidential information.
- External Contacts: Limited external contact to: gather information, answer queries, or ask assistance.
- Communication Skills: Read, write and comprehend simple instructions, short correspondence and memos; Read and interpret safety rules, operation/maintenance instructions and procedure manuals; Write routine reports, correspondence and speak effectively before both internal and external groups; Language Skill(s): English.
- Decision-Making: Regularly makes decisions involving how a project or operation will be conducted (i.e. sequence or method), and generally from an available set of alternatives or precedents.
- Complexity, Judgment and Problem Solving: Generally structured work, but involving a choice of action within limits of standard policy and procedures.
WORKING CONDITIONS:
- Physical Demands: Frequent Sitting, Hearing, Hearing, Talking, Visual, Typing, Manual Dexterity (use of hands), Seldom Standing, Walking/Running, Reaching, Driving, Bending/Kneeling, Fine Dexterity (small muscle movements), Upper Extremity Repetitive Motion, Lifting/Carrying 40lbs, Pushing/Pulling 40lbs.
- Non-Physical Demands: Frequent Analysis/Reasoning, Communication/Interpretation, Math/Mental Computation, Reading, Sustained Mental Activity (i.e., auditing, problem solving, grant writing, composing reports, etc.), Writing.
- Environmental Demands: Occasional Work Alone, Seldom Task Changes, Tedious/Exacting Work.
- Work Schedule: Routine shift hours. Infrequent overtime, weekend, or shift rotation.
- Demands/Deadlines: Occasional stress due to deadlines or workload because of intermittent or cyclical work pressures, or occasional exposure to distressed individuals within the immediate work environment.
Oshkosh is committed to working with and offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability for any part of the recruitment process, please contact our talent acquisition team by email [email protected].
Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer. This company will provide equal opportunity to all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Information collected regarding categories as provided by law will in no way affect the decision regarding an employment application.
Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.
Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.