Cyber Defense Assurance Analyst

Wabtec Corporation

Pittsburgh, PA


Position summary

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at:

It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.

Duties and Responsibilities:

Wabtec Enterprise Information Security team is seeking a skilled and experienced Cyber Defense Assurance Analyst to join our team Cyber Defense Team. This role will be responsible for evaluating the effectiveness of our cybersecurity controls, identifying vulnerabilities, and making recommendations for improvements. The ideal candidate should have a strong background in cybersecurity, as well as a comprehensive understanding of audit principles, frameworks, and regulations. Under the supervision of the Senior Manager of Cyber Defense you will be a part of a team to achieve the tactical and procedural objectives of the Continuous Cyber Security Assurance team, Vulnerability Management team, Cyber Risk team, and other relevant teams to standardize the cybersecurity risk acceptance processes, procedures, and guidelines for the Enterprise.

Responsibilities will include:

  • Assess security controls and conduct reviews for large, complex systems, and provide support to track and coordinate activities aimed at enhancing the overall cyber security.
  • Provide recommendations for detected vulnerabilities, management, operational, or technical controls to include human procedures, software configuration parameters, system changes, or combinations thereof to mitigate the risk associated with the vulnerability.
  • Review and assess of cybersecurity programs or their individual components to determine compliance with published cybersecurity policies and standards.
  • Review security assessment reports and identify any significant issues and variances, initiating, where necessary, corrective actions.
  • Review and analyze various cybersecurity risk acceptance, justification, and exceptions documents submitted by agencies.
  • Collaborate with teams and relevant parties to track and reconcile agency remediation status risk acceptance timeline and expiration date.
  • Engage in communications with IT and Engineering teams in complying with the policies and standards.
  • Consult and advise on industry standards and best practices, both technical and procedural;
  • Assist, train, and mentor assigned junior staff members.

Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)

  • Bachelor's degree preferred in Information /IT Security, Cybersecurity, or a related field; OR
  • A minimum of 5 years of experience in cybersecurity and/or IT assurance/auditing and assessments, and
  • One of the following certifications: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM); OR
  • 3+ years of relevant cyber security related experience; OR
  • 2+ years experience in operational IT and audit/consulting, specifically performing penetration testing and vulnerability assessment engagements;

Knowledge, Skills and Abilities:

  • Ability to work effectively in a team environment;
  • Being highly organized, motivated and self-directed professional;
  • Knowledge of hardware, software, data, and network principles and systems related to Engineering, Manufacturing and IT services;
  • Understanding of commonly used computer operating systems, databases, network structures;
  • Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS);
  • Investigative and analytical skills;
  • Excellent oral and written communication skills, including the ability to explain complex issues in plain language;
  • Knowledge of current and evolving cyber threat landscape;
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and information privacy;
  • Exhibited leadership ability in a team environment;
  • Knowledge of web/non-web/native mobile software programming technologies (Java, C#, java script, HTML and etc) structures and logic;
  • Knowledge of relational databases, web applications and services;
  • Knowledge of web/non-web/native mobile system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, code injections, race conditions, covert channel, replay, return-oriented attacks, malicious code);
  • Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on;
  • Knowledge of software debugging principles;
  • Skills in conducting software vulnerability scans (DAST, SAST, and etc) and recognizing vulnerabilities in security systems;
  • Skills in designing application and infrastructure countermeasures to the identified security risks.

Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)

The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions.Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.

Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.

Get jobs straight to your inbox

Anonymous company reviews, virtual recruiting events, and a supportive community for women when you sign up.

About the company

Industry: Industrial: Equipment Manufacturing

At Wabtec, we are in the business of realizing potential. Our employees are the architects of the future. Go just about anywhere and you’ll find us. If you want to move and improve the world, start here.