“Making an impact that matters!”, that’s the motto we live by. We at Siemens are continuously pushing the boundaries of sectors such as the Internet of Things (IoT), big data analytics, artificial intelligence (AI) and cloud technologies. However, with such digital innovations come unpredictable security challenges and vulnerabilities, thus increasing the risk of cyberattacks.
Join us! Together we can make our digital world more secure.
The Driver’s License project is an initiative to improve the security in applications as well as the alignment of them (and their supporting infrastructure) to Siemens security policies. Two initiatives were put in place within the project to achieve that:
- Build a security training for admins, technical managers and business leaders in charge of applications and the infrastructure behind
- Develop an application to monitor the compliance of some of the mandatory security controls based on the feedback provided by different tools already in place (like vulnerability scan) and presenting a unified vision with a scoring system.
The project will turn soon into a service and must be maintained and evolved. Hence, the Cybersecurity Expert for the “driver’s license service” will be in charge for the maintenance and evolution of both the training artifacts (wikis, web based training, test questions, etc.) and the tool for cybersecurity regulations compliance monitoring and reporting (by gathering requirements/issues and formalizing them).
Example tasks to be performed as part of the job:
- Stablish a network of contacts within Siemens cybersecurity ecosystem in order to discuss and understand ongoing trends and challenges and push the creation of how-to documentation on all security topics as well as ensure their maintenance and evolution.
- Build up a network of contacts with all IT and business areas worldwide to be the trusted point of contact with managers to locate new users for the training and awareness. Become the single point of contact for all support requests of the 3 target groups.
- Updating and adding current and new content to the training (both wikis and WBT) to ensure the delivered content is aligned with updated cybersecurity policies requirements (e.g. after security policies or standards changes) as well as with latest technology developments.
- Tracking and monitoring the training progress and the amount of accomplished trainings by all 3 roles (Asset Owner, Asset Manager, Admins).
- Coordinate with external agency to maintain and evolve the WBT material according to changes in content.
- Ensure the adequacy completeness and validity of questions for the certification test as well as for linked artifacts (documents, wikis, etc.) with further information on how to deploy, maintain and handle the security controls (once this further information is built or discovered).
- Compliance monitoring tool (INSIGHT):
- Requirements gathering and analysis.
- Change management and specification analysis.
- Adapt the tools to new security regulations or changes to existing ones.
- Coordination of external developers
- Sprint & release planning in coordination with Cybersecurity Reporting platform team
- Incident & problem management.
- Support the resolution of bugs.
- Developing documentation & training
- Building new and updating existing reports for different partners.
- Single point of contact to all user requests concerning the penalty point system and its consequences.
- SPOC for Key User Community, user requests and communications.
What do I need to qualify?
- · Computer science degree or related.
- · Master’s degree or similar in information security.
- · Passed exam for one or more security certifications like CISSP, CISM or similar would be valuable (not necessary currently holding the certification)
- · 2-4 years of experience in cybersecurity.
- · Experience creating security awareness and training materials.
- · Experience in gathering and formalizing requirements.
- · Experience or knowledge in Agile methodology
- · Knowledge on ISO and NIST Cybersecurity Frameworks
- · Experience in Software Lifecycle Management would be valuable.
- · Knowledge on Industrial Security Frameworks would be valuable.
- · English fluent proficiency, German is a plus
- · Strong communication skills.
- · Ability to create and maintain wide networks within an organization.
- · Creativity.
- Interest and drive to continuously improve.
We’ve got quite a lot to offer. How about you?
Do you want to know more about Cybersecurity at Siemens? www.siemens.com/cybersecurity
Organization: Corporate Technology
Company: Siemens Holding S.L.
Experience Level: Experienced Professional
Job Type: Full-time