WE CREATE EMPOWERED LEADERS! At Milwaukee Tool we firmly believe that our People and our Culture are the secrets to our success -- so we give you unlimited access to everything you need to create disruptive new technologies and solutions on our ONE-KEY™ Connected Tools Team.
Our ONE-KEY™ Connected Tools Team is responsible for developing and maintaining a collaborative tool and equipment platform that helps jobs run smoother, with fewer headaches along the way. We help users track and lock tools, dial in performance, pull utilization data, and give users the ultimate control over their tools. We strive to deliver customer value, be transparent with work in all directions, embrace empowered, autonomous teams, receive, give, and ask for feedback frequently, and think with an entrepreneurial mindset.
Behind our doors you'll be empowered every day to own it, drive it, and do what it takes to develop and maintain the biggest breakthroughs in the industry. Meanwhile, you'll have the support and resources of the fastest-growing brand in the construction industry to make it happen. Learn more about ONE-KEY™ HERE.
Your Role on Our Team
As a Senior Security Engineer - Architect, you will be directly responsible for maintaining the confidentiality, integrity, and availability of Milwaukee's One Key application. This position will provide information security direction and consultation to development teams and product engineering. You will also be involved with proactive auditing and penetration testing of systems, simulating sophisticated external and internal threats with the goal of uncovering vulnerabilities and testing defenses. You will be involved in the selection, development, deployment, monitoring, maintenance, and enhancement of security technology as well as incident investigation.
You'll be DISRUPTIVE through these duties and responsibilities:
- Lead technical vision and security road mapping for the One Key application end to end (identity, cloud infrastructure, web/mobile application, BLE connectivity, firmware, etc.).
- Create security designs for system level architecture with cross functional participation from other security leaders (Enterprise IT, Electrical Engineering).
- Design security architecture to ensure compliance to security policies as well as regulatory compliance (GDPR, CCPA, SOC 2, ISO 27001, etc.).
- Work with business partners on understanding of the trust services criteria (processing integrity, confidentiality, privacy, availability, security) and how that may impact each functional area (e.g., working with the development team on processing integrity or the infrastructure team on availability).
- Establish security standards, lead security improvement initiatives including development of secure reference architectures and mentoring developers on security best practices.
- Threat modeling and risk evaluation with key stakeholders.
- Partner with the leadership team to automate security testing and reduce repetitive tasks.
- Engage with third party vendors and internal teams to scope Red Team/Blue Team testing activities and determine appropriate cadence.
- Maintain deep understanding of networking, cloud infrastructure (AWS), system hardening, secure application development and BLE hardware/firmware.
- Maintain understanding of technical threats and how they may impact the environment.
- Monitor, analyze and respond to security events.
- Participate in on call rotation with your team
- Other duties and responsibilities as assigned.
The TOOLS you'll bring with you:
- Bachelor's degree in Computer Science, Information Systems, Business Administration, or another related field.
- 10 or more years of hands-on experience in information security technologies such as security design review, threat modeling, risk analysis, security controls and processes such as passive network monitoring, endpoint detection and response, incident response (Managed Detection and Response), and vulnerability management.
- 3 or more years of experience with web applications, APIs, or mobile applications.
Other TOOLS we prefer you to have:
- Demonstrated knowledge of information security domains (security & risk management, asset security, security architecture and engineering, communications & network, IAM, security assessment and testing, security operations, and software development).
- Experience with cloud monitoring systems (e.g., CloudWatch, New Relic, Datadog) and audit trails (e.g., Cloud trail).
- Experience establishing processes and controls aligning to SOC2 Type2 and ISO 27001 certifications.
- Experience working with Agile methodologies such as Scrum or Kanban.
- Experience with infrastructure as code (e.g., terraform, CloudFormation, CDK).
- Experience in one of the following languages: AWS API Gateway, C#/.NET Core, Node JS, Python.
- Experience with secret management services/appliances (e.g., AWS Secrets Manager, HasiCorp Vault, CyberArk).
- CISSP, CISM, CISA, CEH, GPEN, GWAPT, GCPN, GMOB, AWS Certified Solutions Architect, AWS Certified DevOps Engineer or similar security certifications.
- Experience with application hardening solutions (Veracode, SonarQube, AWS Xray, fortify, etc.).
- Experience with cloud security offerings and capabilities (AWS preferred).
- Experience leading Red Team/Blue Team testing activities.
- Experience identifying and implementing the best authentication and authorization methods for a given solution.
- Experience identifying and implementing the best encryption mechanism for a given solution.
- Familiarity with mobile applications including connectivity with Bluetooth Low Energy and associated hardware/firmware.
- Familiarity with Keychain, jail break/root detection and Elliptic Curve Diffie-Hellman Key Exchange.
- Familiarity with application containerization and implementation of Roles Based Access
- Familiarity with configuration management tools.
- Strong communication, analytical and interpersonal skills.
We provide these great perks and benefits:
- Robust health, dental and vision insurance plans
- Generous 401 (K) savings plan
- Education assistance
- On-site wellness, fitness center, food, and coffee service
- And many more, check out our benefits site HERE.