Manager, Cyber Security

Company: Whirlpool
Location: Benton Harbor
Posted on: May 28, 2023

Job Description:

Requisition ID:57645



Whirlpool Corporation (NYSE: WHR) is committed to being the best global kitchen and laundry company, in constant pursuit of improving life at home. In an increasingly digital world, the company is driving purposeful innovation to meet the evolving needs of consumers through its iconic brand portfolio, including Whirlpool, KitchenAid, Maytag, Consul, Brastemp, Amana, Bauknecht, JennAir, Indesit and Yummly. In 2021, the company reported approximately $22 billion in annual sales, 69,000 employees, and 54 manufacturing and technology research centers.



Whirlpool Corporation is consistently recognized by FORTUNE as one of the Worlds Most Admired Companies. Our values are the driving force behind everything we do. Integrity, Respect, Inclusion & Diversity, One Whirlpool, and the Spirit of Winning propel our teams to excellence. Get to know us and see what it's like to be part of a company that is in constant pursuit of improving life at home.

This role in summary

As a Manager, Cyber Security, you will help secure Whirlpool's infrastructure against both insider and outsider threats. You will help deploy and manage Whirlpool's state-of-the-art security tools and platforms to identify threats, respond to incidents, and protect our global assets. Additionally, you'll work collaboratively with other members of our Global Security team to investigate incidents, analyze attack methods, research new defense techniques, and document procedures and standards. Successful candidates will need a strong foundation in Information Security and a strong desire for continuous learning. This person will report directly to the Senior Manager of Cyber Security Engineering and Architecture.



Employees in this role can work a hybrid schedule of three core days in the office and two days remote. This enables employees to come together to collaborate in person and gives employees the added flexibility to work remotely.







Your responsibilities will include

* Perform security-focused code and design reviews of all systems and applications
* Conduct application security assessments across user-facing and internal services
* Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
* Assist in development of security processes and automated tooling that prevent classes of security issues
* Act as a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice
* Collaborate with engineers, consultants and architects to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC)
* Build security standards for teams and integrate platforms, including container, vulnerability management tools within continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines
* Perform validation of security controls to ensure consistency with compliance and industry standard methodologies
* Working together with engineers to mitigate security vulnerabilities identified by our security tools and external reported vulnerabilities
* Work with the product development teams, raising security awareness and offering expertise to keep systems protected against known and unknown vulnerabilities.
* Collaborate with the cross-functional teams to map out the tech stack, development tools, infrastructure, and processes
* Plan and improve the DevSecOps solutions to meet compliance requirements
* Define security guardrails through automated tool policies, Service Level Agreements, custom rules, and support the developers
* Understand, balance and communicate business risk with security risk
* Serves as a subject matter expert for application security, providing guidance on industry best practices and defense in-depth strategies for the security posture of the systems.
* Respond to threats, through diagnosis, communication, and remediation
* Prevent successful attacks by hardening Whirlpool's defenses
* Work on security global projects to enhance Whirlpool's defense, monitoring and response capabilities



Minimum requirements

* Bachelor's Degreein Computer Science, Computer Information Systems,Information Security orInformation Technology with an emphasis in Cybersecurity
* 5+ years of experience in Cyber Security Engineeringwith a focus on secure coding practices, vulnerability testing, and penetration testing
* 5+ years of development or scripting experiencewith programming languages such as Java, .Net, Python, or C++
* 3+years of experience with network and web protocols such as TCP/IP (Transmission Control Protocol/Internet Protocol), HTTP (Hypertext Transfer Protocol), HTTPS (Hypertext Transfer Protocol Secure) protocols
* 3+ years of experience with Open Web Application Security Project (OWASP), Common Vulnerability Scoring System (CVSS), the MITRE ATT&CK (adversarial tactics, techniques, and common knowledge)framework, and the secure software development lifecycle (SLDC)
* 3+years of experience with development methodologies such as Agile, Waterfall, DevOps etc.

Preferred skills and experiences

* 3+ years of experience withstatic application security testing (SAST), Software Composition Analysis (SCA),dynamic application security testing(DAST), interactiveapplication security testing (IAST), Runtime application self-protection(RASP) tooling.
* 3+ years experience with common security libraries and tools (e.g. static analysis tools/ penetration testing tools) like Veracode, SonarQube, etc
* Familiarity and ability to explain common security vulnerabilities and ways to address them (e.g.Open Web Application Security Project OWASPTop 10)
* Experience conducting technical security assessments, code audits, and architectural design reviews.
* Serve as a subject matter expert to reviewsecurity for containers (e.g., Docker), container orchestration (e.g., Docker Swarm, Kubernetes), and cloud orchestration platform.
* Experience in testing and development of RESTful APIs (application programming interface).
* Experience with automation through solutions such as Chef, Puppet, Jenkins, and Ansible.
* Knowledge up and down the technology stack - user interface, applications, communications, infrastructure, database, network, storage, etc.
* Desire and aptitude for continuous learning and keeping abreast of new and emerging technology.
* Security certifications such as Certified DevSecOps Professional,Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker(CEH), or Offensive Security Certified Professional (OSCP) are a plus



RSRWH



Connect with us and learn more about Whirlpool Corporation. See what it's like to work at Whirlpool by visiting Whirlpool Careers. Additional information about the company can be found on Facebook, Twitter, LinkedIn, Instagram, and YouTube.



At Whirlpool Corporation, we value and celebrate diversity. Whirlpool Corporation is committed to equal employment opportunity and prohibits any discrimination on the basis of race or ethnicity, religion, sex, pregnancy, gender expression or identity, sexual orientation, age, physical or mental disability, veteran status, or any other category protected by applicable law.

Keywords: Whirlpool, South Bend , Manager, Cyber Security, Executive , Benton Harbor, Indiana