Siemens Careers

Product Security Analyst

Malvern, Pennsylvania
Information Technology

Apply
English (US)

Job Description

Division: Siemens Healthineers
Business Unit: Services
Requisition Number: 214086
Primary Location: United States-Pennsylvania-Malvern
Assignment Category: Full-time regular
Experience Level: Senior level
Education Required Level: Bachelor's Degree
Travel Required: 30%

Division Description:

Siemens is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for more than 165 years. As a global technology company, Siemens is rigorously leveraging the advantages that this setup provides. To tap business opportunities in both new and established markets, the Company is organized in nine Divisions: Power and Gas, Wind Power and Renewables, Energy Management, Building Technologies, Mobility, Digital Factory, Process Industries and Drives, Healthineers and Financial Services.

 With 45,000 employees Siemens Healthineers is one of the world’s largest suppliers of technology to the healthcare industry and a leader in medical imaging, laboratory diagnostics and healthcare IT. All supported by a comprehensive portfolio of clinical consulting, training, and services available across the globe and tailored to customers’ needs. So that more people can have a life that is longer, richer, and more filled with happiness.

 For more information, please visit:  http://www.usa.siemens.com/healthineers


Job Description:


Position Overview

Are you ready to help guide the cybersecurity organization for a business on the forefront of medical software technology?  Come join our team at Digital Health Services where we are building software solutions in the areas of population health management, Teleradiology, and traditional medical IT products.


The Product Security Analyst will be responsible for researching, recommending, documenting, and coordinating implementation of product cybersecurity policies, procedures, facilities, and systems. This is a key technical/hands-on position in our security organization and will support all products in our Digital Health Services portfolio.


Responsibilities

  • Acts as a technical and process SME for product security activities
  • Facilitate compliance with product security policies, practices and legal requirements and provide coaching, on-the-job and formal training, creation of reference materials, and procedures.
  • Implement central security processes, e.g. supplier qualification and certification program
  • Moderate security reviews of application and infrastructure systems (Threat and Risk Analyses) 
  • Support our secure software development initiatives
    • Determine tools to be used
    • Prototype tools
    • Determine standardized rule sets
    • Support projects on implementation
  • Support our security testing initiatives
    • STIG testing, Fuzz testing, vulnerability scanning
    • Determine tools to be used
    • Prototype tools
    • Support projects on implementation 
    • Conduct penetration tests (preferred skill)           
  • Incident Handling
    • Provide analysis of security events and investigate security threats to the environment
    • Participate as a member on the Incident Response Team
  • Synchronize with Information Security organization to ensure that the development, manufacturing and integration IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration)
  • Continuously assess suitability of existing capabilities to address emerging technologies and changing threat behaviors


Knowledge/Skills, Education, and Experience

  • Bachelor's degree in Computer Science, Information Systems, Engineering or a related field
  • 4+ years of cyber security engineering and software systems development experience
  • Experience working in a software development organization
  • Experience working in a highly regulated environment
  • Proven ability to deliver using agile DevOps methodologies
  • Track record of incorporating automation and design thinking to build highly usable and secure systems
  • Demonstrated abilities in analytical skills, sound judgment, the ability to work effectively with others, and driven to increase security knowledge.
  • Expert knowledge of encryption technologies, authentication methods, networking and security infrastructure, packet capture, scripting and programming, intrusion analysis, root-cause analysis.
  • Expert experience with security tools 
  • Experience with Windows and Linux Operating Systems
  • Experience with Azure and AWS
  • Knowledge of application, network and system security
  • CISSP Certification (Preferred)
  • Experience performing penetration tests (Preferred)

 

as well as the following soft skills:

  • Deal honestly and genuinely with my colleagues throughout (across, up and down) Siemens Healthineers and with our customers and partners
  • Build trust as a basis for simplifying the way we work together and improving the effectiveness of our work
  • Live a culture of open debate
  • Actively listen to others - colleagues, customers, and partners - to understand and best address their needs
  • Actively challenge the status quo and strive to continually improve —to “Get a Little Better Every Day"
  • Deliver on commitments and excel at execution
  • Translate listening into action
  • Proactively share my knowledge and successes to continuously improve performance of my colleagues, customers and partners
  • Contribute new and innovative ideas to expand the boundaries of our current thinking and practice
  • Ask “why not” instead of “why”. Start things quickly, and end them early if necessary
  • Not take shortcuts and not sacrifice quality
  • Think outside today's boundaries to learn and take Siemens Healthineers forward
  • Make the tough choices today that will enhance our success tomorrow
  • Strive for Siemens Healthineers’ success first, independent of my role, interests and goals
  • Consistently demonstrate passion for our customers' - and Siemens Healthineers' - success; encourage and inspire this passion in my colleagues, customers, and partners
  • Never sacrifice the future for short-term gain
  • Understand the key quality expectations of my colleagues, customers, and partners
  • Be a role model to attract, retain, and engage passionate people
  • Share information in a timely manner and seek feedback from others
  • Acknowledge and celebrate success
  • Take personal responsibility and make informed, conscious decisions in my area of responsibility
  • Actively learn, and develop myself and others every day
  • Contribute ideas for improving our processes, without assigning blame, by using lean tools
  • Take informed risks, accept mistakes and failure as a learning opportunity
  • Role model passion and curiosity; make my voice heard; challenge cynicism
  • Encourage others to speak up and bring their ideas forward
  • Focus my “talking” on what is helpful and important to others, not just what it interesting to me




Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, protected veteran or military status, and other categories protected by federal, state or local law.

EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.

Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.