Product Cybersecurity Engineer II

Woodward's Diversity, Inclusion and Belonging Commitment

At Woodward, no matter where you are from, your physical appearance, or how you identify, you deserve the opportunity to reach your greatest potential. We are on a journey to achieve this as an organization and want to work closely with our members to set the right path.

We humbly acknowledge this will be an imperfect journey. Yet, we are steadfastly committed to embracing the power of diverse people, perspectives and experiences for our current members, attracting the best talent across our communities, and creating an inclusive and rewarding workplace for all.

Woodward supports our members' wellbeing and regularly benchmarks with other companies in our industry to offer an extensive Total Reward package for this position. Salary will be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.

• Estimated annual base pay: $108,000.00 (minimum) - $135,000.00 (midpoint) - $162,000.00 (maximum)
• All members included in annual cash bonus opportunity
• 401(k) match (4.5%)
• Annual Woodward stock contribution (5%)
• Tuition reimbursement and Training/Professional Development opportunities for all members
• 12 paid holidays, including floating holidays
• Industry leading medical, dental, and vision Insurance upon date of hire
• Vacation / Sick Time / Vacation Buy-up / Short Term Disability / Bereavement leave
• Paid parental leave
• Adoption Assistance
• Employee Assistance Program, including mental health benefits
• Member Life & AD&D / Long Term Disability / Member Optional Life
• Member referral bonus
• Spouse / Child Optional Life / Optional AD&D / Healthcare and Dependent Care Flexible Spending
• Voluntary benefits, including:
• Home / Auto Insurance discounts
• Whole Life Insurance / Critical Illness Insurance / Legal Assistance / Military Leave

Are you ready to make your mark? If you're a Product Cybersecurity Engineer, we have an exciting opportunity for you. This member is expected to be fully aligned with the company's security goals as established by our policies, procedures and guidelines and to actively work toward upholding and implementing strategies that meet these goals. This position typically works with a low to medium level of supervision and has an increased level of contact with external suppliers or customers. This position will facilitate the auditing of the SDLC, compliance with frameworks such as NIST CSF, and penetration testing of Woodward enterprise systems and products. This member supports the implementation adoption and auditing of cyber security standard work processes. (Including, but not limited to, auditing compliance, risk assessment, awareness/training, incident response, and strategic initiatives.). This member will advise diverse stakeholders across Woodward on cybersecurity issues.

What You Will Be Doing

• Responsible for auditing compliance of Woodward segments and/or departments to relevant security standards for system development, component development, information protection, and information controls. Assist with audit deficiency remediation and external audits initiated by customers or regulatory authorities.
• Responsible for documenting compliance policies and procedures and ensuring staff members are kept current on any changes or updates to the program. Update policies and procedures for Global IT compliance, Coordinate and manage efforts associated with IT policies and standards reviews.
• Act as a resource to other IT departments, business segments, and Woodward members seeking security-related advice and/or information including the review of work effort estimates, project planning efforts, deliverables, and architecture / design reviews.
• Research and stay abreast of all local, national laws and regulations as it related to record retention and information security requirements. Assist with training WWD members on national, regional, and international regulations/standards for Information Security as well as Product Security
• Participate in external/internal penetration testing, including the remediation and follow-up action plans Lead and assist in IT security incident management activities
• Participates in vulnerability response by identifying security vulnerabilities and threat vectors and identify/monitor/manage solution implementation. Coordinating security patch management, vulnerability scans, reporting and remediation follow-up with system owners. Coordinates product security incident response with business segment stakeholders and follow up with product teams.
• Advise and define license recommendations, open-source usage and licensing policies that support business goals. Coordinate with WWD licensing stakeholders to ensure proper controls are in place by performing licensing and related compliance support including routine license analysis, new volume purchases to verify inventory, license use & compliance
• Provide IT investigative and forensic support for legal, HR, BCOC and internal audit
• Provides project updates to IT Security Manager and during monthly project status meetings

What We Are Looking For

• US - Technical/Vocational Degree 4-year technical/science degree or international equivalent, or advanced degree required
• 5+ years in professional software development of real-time, embedded software. Solid understanding of networking fundamentals. Participated on an NPI project requiring Cyber Security, involved directly or indirectly in Cyber Security implementation required
• Solid problem solving & troubleshooting skills and analytical calculation skills Strong leadership skills, good written and oral communication skills. Ability to work with individuals, teams, and external resources.
• Solid experience auditing to standards and frameworks
• Solid knowledge of cyber security concepts such as CWE/SANS Top 25, secure design patterns in embedded systems, Purdue model, zones and conduits
• Solid knowledge of NIST SP800 series publications (such as -53, -171, -218); NIST Cyber Security Framework, HIPAA, PCI DSS, SOX, NIST, DFARS, ITAR and GDPR compliance. Secure development standards and frameworks such as IEC 62443, ISA Secure, UL 2900, DO-326A, ISO/SAE-21434. Industry standards organizations and regulations such as NERC-CIP, ENISA, ABS, DNV-GL, UNECE WP.29, China GB Automotive standards. Understanding of standard and regulatory development lifecycle
• Ability to conduct research into IT security issues and products as required

Application window is anticipated to close 30 days from original posting date.

This information is provided in compliance with the Colorado Equal Pay for Equal Work Act and is the company's good faith and reasonable estimate of the compensation range and benefits offered for this position. The compensation offered to the successful applicant may vary based on factors including experience, skills, education, location, and other job-related reasons.

This position requires use of information which is subject to the International Traffic in Arms Regulations (ITAR) and/or the Export Administration Regulations (EAR). All applicants must be U.S. Persons within the meaning of the ITAR and EAR, or eligible to obtain all required authorizations from the U.S. Department of State and/or the U.S. Department of Commerce. The ITAR defines a U.S. Person as a U.S. citizen or national, lawful permanent resident (i.e., 'Green Card holder'), or a protected person (e.g., asylee, or refugee).

Woodward is an Equal Opportunity Employer

EO/AA/M/F/Disabled/Protected Veterans