Principal Cybersecurity Engineer

At Oshkosh, we build, serve and protect people and communities around the world by designing and manufacturing some of the toughest specialty trucks and access equipment. We employ over 18,000 team members all united by a common purpose. Our engineering and product innovation help keep soldiers and firefighters safe, is critical in building and keeping communities clean and helps people do their jobs every day.

Oshkosh Corporation owns significant assets in the form of information. Some of these assets may lose substantial value if improperly disclosed, and such disclosure could result in significant harm to the organization. This role supports the Cybersecurity mission by partnering with the business as a trusted advisor to reduce cybersecurity risk to acceptable levels. Specifically, the role serves as a key mechanism to identify, maintain, and improve cybersecurity controls through a risk-based approach, while driving education and awareness to preserve the confidentiality, integrity, and availability of company information.

YOUR IMPACT

These duties are not meant to be all-inclusive; additional responsibilities may be assigned.

• Serve as a cybersecurity expert or coach in areas including network and application design, operating systems, endpoint protection, mobile device security, and foundational cybersecurity controls across on-premises and cloud environments (IaaS, PaaS, SaaS). Conduct security assessments and recommend appropriate controls to ensure solutions meet regulatory, contractual, and corporate security policies.
• Act as a trusted advisor to business functional areas (e.g., Finance, HR, Engineering) and internal Digital Technology (DT) teams (e.g., infrastructure, applications, services). Ensure alignment between business and technical requirements and compliance with regulatory and contractual obligations. Advocate for cybersecurity risk mitigation during planning and implementation of new services.
• Provide cybersecurity consulting to a wide range of stakeholders, including business units with limited technical knowledge, technical teams with deep domain expertise, and cybersecurity professionals.
• Collaborate with technology architects and analysts to ensure security is embedded in systems design and implementation, effectively mitigating identified risks while supporting business goals.
• Maintain expert-level awareness of cybersecurity regulations and best practices, including CMMC, PCI, SOC, HIPAA, and NIST (800-53, 800-171).
• Contribute to the development and continuous improvement of cybersecurity strategies and roadmaps. Develop and update metrics to measure the effectiveness of cybersecurity programs.
• Support the Cybersecurity Education & Awareness (SEA) program by creating strategies and content to promote positive security behaviors and raise global awareness.
• Use programming and scripting skills to automate tasks such as data parsing, reporting, and other repeatable workflows.
• Support the Security Incident Response Team (SIRT) in detecting, responding to, and recovering from security incidents, employing risk-based strategies to limit impact and recurrence.
• Collaborate with SIRT to enhance processes, procedures, and training materials—such as investigation playbooks—and participate in threat hunts and purple team exercises to deepen knowledge of the environment.

MINIMUM QUALIFICATIONS

• Bachelor’s degree in Cybersecurity, Information Systems, or a related field, or equivalent experience.
• Eight (8) or more years of cybersecurity experience.

STANDOUT QUALIFICATIONS

• Graduate degree in Cybersecurity, Information Systems, Management, or related discipline.
• Strong conceptual, analytical, and innovative problem-solving skills.
• Demonstrated knowledge of security controls for networks, applications, and operating systems.
• Excellent communication skills—both verbal (e.g., phone, one-on-one, group presentations) and written (e.g., email, reports, documentation)—across technical and non-technical audiences.
• Experience leading or contributing to complex projects involving multiple technologies and lines of business.
• Industry-recognized certifications (e.g., CISSP, CEH, GIAC, Security+, SSAP).
• Experience identifying attacker techniques, including emerging vulnerabilities, attack vectors, and exploits.
• In-depth knowledge of cybersecurity tools and systems, including SIEM, SOAR, IDS/IPS, honeypots, open-source intelligence (OSINT), and sandbox analysis tools.
• Ability to obtain or maintain a U.S. Government Secret-level (or higher) security clearance.
• Hands-on experience with: SIEM/SOAR platforms (e.g., Splunk, IBM QRadar, Palo Alto XSOAR)
• Hands-on experience with: Identity and Access Management (IAM) tools (e.g., SailPoint, Azure Entra, Okta)
• Hands-on experience with Network tools and platforms (e.g., Cisco, Palo Alto Networks, SolarWinds)

Pay Range:

The above pay range reflects the minimum and maximum target pay for the position across all U.S. locations. Within this range, individual pay is determined by various factors, including the scope and responsibilities of the role, the candidate's experience, education and skills, as well as the equity of pay among team members in similar positions. Beyond offering a competitive total rewards package, we prioritize a people-first culture and offer various opportunities to support team member growth and success.

Oshkosh is committed to working with and offering reasonable accommodation to job applicants with disabilities. If you need assistance or an accommodation due to disability for any part of the employment process, please contact us at corporatetalentacquisition@oshkoshcorp.com.

Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer. This company will provide equal opportunity to all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Information collected regarding categories as provided by law will in no way affect the decision regarding an employment application.

Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.

Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.