Siemens Careers

Sr. Security Engineer

Charlotte, North Carolina
Research & Development

Apply
English (US)

Job Description

Division: Digital Factory
Business Unit: Product Lifecycle Management-PLM
Requisition Number: 222804
Primary Location: United States-North Carolina-Charlotte
Assignment Category: Full-time regular
Experience Level: Mid level
Education Required Level: Bachelor's Degree
Travel Required: 10%

Division Description:

Siemens Digital Factory offers a comprehensive portfolio of seamlessly-integrated hardware software and technology-based services in order to support manufacturing companies worldwide. Siemens PLM Software, a Plano, Texas-based business unit of the Digital Factory Division, is a leading global provider of product lifecycle management (PLM) and manufacturing operations management (MOM) software, systems and services with over nine million licensed seats and more than 77,000 customers worldwide.


For more information, please visit: 

https://www.siemens.com/us/en/home/company/about/businesses/digital-factory.html



Job Description:

As a junior information security officer you will have key
responsibilities in defining, planning, implementing, and automating
security processes for Siemens PL environments that meet or exceed the
objectives.  Key deliverables include supporting the investigation and
resolution of incidents; support the resource requirments of
development; integrate security into the CI/CD pipeline; support the
roll out of best practice standards; work with and support the CSO &
compliance officer; meet compliance and create best practice standards
for cloud services; and document all processes.

A successful candidate will be a self-starter, have a solid
understanding of security policies, processes, demonstrated an ability
support multiple, large initiatives simultaneously, and support
management to achieve results while maintaining a high velocity of
activity across the security program. The ideal candidate will be
experienced with agile development methodologies and able to drive
agile processes throughout the security teams.

 

Provide support to the CSO in the area of security compliance and risk
management function within the Siemens PL cloud services group
* Support the information security policy projects and tasks
* Lead security awareness and training initiatives
* Perform phishing exercises & threat assesments on a regular cadence
* Work with teams to dentify security gaps prior to PEN testing &
schedule PEN testing for services
* Support compliance officer in achieving industry certifications (e.g.
ISO 9001, SOC, FedRAMP, etc.)
* Contribute security best practices to Operations strategy planning,
design, implementation, and maintenance activities
* Support the security team to ensure the production environment is
operating in accordance with established security procedures and best
practices
* Align security policies to industry standards
* Acts as an advocate of information security, GRC (Governance, Risk
management & Compliance), and privacy programs across the organization
* Maintain security policy program in accordance with industry
standards and requirements
* Create & evaluate reports and performance metrics on security policy
for the teams
* Provides analysis of policy activities including: policy impacts on
IT systems; procedural integration and alignment to policy;
alternatives analysis; and policy rollout or implementation plans
* Writes, edits, and maintains information security policies,
procedures, standards, and guidelines
* Develops, manages, and maintains enterprise wide phishing campaigns &
threat assesments to test security awareness and training
* Develops, manages, and maintains enterprise wide security awareness
and training programs
* Collaborate closely with other departments to ensure that the
information security policy, compliance, and risk management
requirements are met
* Ensures that Siemens PL Cloud Services maintain compliance to
generally accepted security practices which are reinforced through
sound security policy
* Support business units in responding to audits and other information
requests, and assists or coordinates the responses to policy inquiries
*Ensures that all policy projects are delivered on-time, within scope,
and within budget
* Report and escalate security project issues to management as needed
* Coordinate with the IT, Information Security, andother stakeholders
* Supports in GRC activities to minimize business or project risks
* Other duties as assigned

 

REQUIREMENTS:
* Bachelor’s Degree in Business, Management, Computer Sciences, or
equivalent prior work experience in a related field
* Current Information Security Certification (e.g. CISSP, CISM, CISA,
or related security certification) preferred or the ability to attain
one within 6 months of hire
* Excellent client-facing and internal communication skills
* Excellent written skills and a demonstrated ability to express
technical requirements in words through technical documentation
* Understanding of security products and concepts such as firewalls,
VPNs, IDS and other security devices
* Understanding of information security risk management frameworks such
as ISO 27001, NIST, NIST 800-190, etc.
* Experience developing, tailoring, updating, and managing security
policy lifecycles
* Experience with system automation at an enterprise level
* Experience with networking and network/system security, including
firewalls, VPN, routing, switching, load balancers, monitoring,
security and DNS
* Ability to manage goals, track milestones and report on status
* Act as a technical resource for a variety of information security
projects that arise from current business and technological
developments
* 2+ years of IT experience (or a Master’s Degree)
* 2+ years experience with open source tools (Linux, Python, Git,
Ansible)

OTHER REQUIREMENTS:
*Willingness/ability to work off-shifts (evening, night-time, weekend)
as needed or required
* Knowledge of risk assessment procedures, policy formation, role-based
authorization methodologies, authentication technologies, and security
attack pathologies
* Ability to work effectively in both an independent and team
environment
* Must have the ability to communicate technical and security-related
concepts to a broad range of technical and non-technical staff,
security vendors, consultants and senior management
* Possesses strong interpersonal skills
* Experience with security program development
* Knowledge and understanding of application, container, database,
cloud native, and OS level security
* Excellent problem solving and analytical ability
* Requires use of a wireless handheld device with messaging capability

Preferred Qualifications:
* System administration experience, including troubleshooting, support,
mentorship/training, and oversight in an enterprise setting
* AWS security services such as Macie, Sheild, WAF, IAM, GuardDuty, &
Trusted Advisor
* Strong nderstanding of Internet security considerations in web and
application development cloud native environments
* Strong base for software architecture and design including
inter-process communications, asynchronous processing, micro-services,
message queueing, interfaces, and API development
* Terraform, CloudFormation, Ansible, Jenkins, CodeSuite or equivalent
tools
* 2+ years of cloud native application security experience
* 2+ years' experience with full-stack development of web interface
applications
* 3+ years of Linux administration & troubleshooting
* 3+ years shell scripting - sh/bash/ksh
* 3+ years of experience in an Enterprise IT environment
* Experience managing network monitoring systems
* Experience with design, develop, and configuration of information
security tools

 

Want to find out more about Cloud and MindSphere at Siemens PLM Software? Watch this great video!

 

 

*LI-HES



Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, protected veteran or military status, and other categories protected by federal, state or local law.

EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.

Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.