Caterpillar Inc. · 8 hours ago
Application Security Engineer
Chicago, IL
Full-time
Onsite
Mid Level
$98K/yr - $158K/yrCaterpillar Inc. is a global team focused on innovation and sustainability. They are seeking an Application Security Engineer to enhance the security of their software solutions by integrating security practices into the application development lifecycle.
ConstructionMachinery ManufacturingManufacturingMechanical Engineering
Responsibilities
Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it
Engineering Consulting – Serving as a “best friend” to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues
Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process
Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process
Maturity Measurement – Consulting with software engineers on practices which will improve their application’s security maturity according to scorecards and maturity models established by Cat Digital
Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications
Qualification
Required
Knowledge of the decision-making process and associated tools and techniques; ability to accurately analyze situations and reach productive decisions based on informed judgment
Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors
Knowledge of software development life cycle; ability to use a structured methodology for delivering and managing new or enhanced software products to the marketplace
Knowledge of software integration processes and functions; ability to design, develop and maintain interfaces and linkage to alternative platforms and software packages
Knowledge of software product design; ability to convert market requirements into the software product design
Preferred
Experience as a software engineer (in any language or framework); prefer a focus on cybersecurity related issues
Experience working on a major cloud platform (AWS, Azure, GCP, or Salesforce) as a software engineer, cloud/DevOps engineer, security engineer, or architect
Experience analyzing and remediating security findings from automated and manual sources such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration testing, Software Composition Analysis (SCA), etc
Experience leveraging one or more of the following resources to support secure coding and decision-making: OWASP Top 10, MITRE Common Weakness Enumeration (CWE) Top 25, OWASP Application Security Verification Standard (ASVS), Other industry-standard best practice guides or frameworks
Experience building or supporting web applications and API's including Single Page Applications (SPA) and RESTful APIs
Professional certifications in either cybersecurity or software engineering, such as: Associate or Professional-level certifications from a major cloud provider (AWS, Azure, GCP, or Salesforce). CompTIA Security+, Cloud+, CCSK, and/or other cybersecurity certifications. ISC2 Certified Software Lifecycle Professional (CSLP)
Benefits
Medical, dental, and vision benefits
Paid time off plan (Vacation, Holidays, Volunteer, etc.)
401(k) savings plans
Health Savings Account (HSA)
Flexible Spending Accounts (FSAs)
Health Lifestyle Programs
Employee Assistance Program
Voluntary Benefits and Employee Discounts
Career Development
Incentive bonus
Disability benefits
Life Insurance
Parental leave
Adoption benefits
Tuition Reimbursement
These benefits also apply to part-time employees
Company
Caterpillar Inc.
For 100 years, we’ve been helping customers build a better, more sustainable world.
Founded in 1925
10001+ employees
H1B Sponsorship
Caterpillar Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (363)
2024 (297)
2023 (261)
2022 (355)
2021 (223)
2020 (145)
Funding
Current Stage
Public CompanyTotal Funding
$3.51BKey Investors
US Department of EnergyAdvanced Propulsion Centre UK
2025-08-28Post Ipo Debt· $3.5B
2024-10-31Grant· $5.04M
2019-06-23Grant
Leadership Team
George Moubayed
Chief Sustainability and Strategy Officer / Senior Vice President Enterprise Strategy Division
E
Eric Sporre
Vice President & Global Chief Information Security Officer (CISO)
Recent News
Company data provided by crunchbase