AppSec Jobs
← Back to all jobs

Wabtec Corporation

Lead Engineer - Embedded Software Security

Bengaluru, Karnataka, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Wabtec Corporation

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for the freight and transit rail sectors. Headquartered in Pittsburgh, Pennsylvania, the company operates in over 50 countries and employs approximately 27,000 people. Wabtec was formed in 1999 through the merger of the Westinghouse Air Brake Company and MotivePower, with roots dating back to 1869. The company manufactures a wide range of products, including locomotives, freight car components, passenger transit vehicles, and mining equipment. Wabtec also offers digital solutions such as advanced software and energy management systems. With more than 24,000 locomotives in its global installed base, Wabtec plays a significant role in the rail industry. In 2024, the company reported revenues of $10.4 billion.

Industry

railroad manufacture

Employees

NaN

2,807 engineers

Revenue

$NaNK

Website

Visit →

Security at Wabtec Corporation

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Wabtec's product cybersecurity philosophy is centered on supporting customer efforts to reduce cybersecurity risk, providing well-defined benchmarks throughout the development lifecycle, and achieving certifications like IEC 62443-4-1.
  • Their approach includes engineering-focused training and awareness programs. The Product Security Incident Response Team (PSIRT) manages incident response, vulnerability reporting, triage, and disclosure.

Security Team

  • Wabtec has a Chief Product Security Officer (CPSO) responsible for embedding cybersecurity.
  • Publicly identified product security leaders include Shravan M (Principal Security Architect, Product Cybersecurity), Brandon DuPree (Product Security Engineer specializing in PSIRT operations), and Derek Klepac (Business Information Security Officer).
  • The Audit Committee, CIO, and CISO maintain an ongoing dialogue regarding the company's cybersecurity risk.

Key Initiatives

  • Wabtec implements secure SDLC controls and expectations for third-parties, requiring a 'Secure software development lifecycle policy' and documented 'Secure development tollgates'.
  • Threat modeling is mandatory for all software systems developed for Wabtec, and an SBOM may be required.
  • All source code and third-party libraries must be periodically scanned for vulnerabilities, with critical, high, or medium vulnerabilities requiring remediation before delivery.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.