Software Developer for Automation in Hardening
With 111 years of presence in Romania, Siemens is a global technology powerhouse that owns innovative solutions in the areas of electrification, automation and digitalization.
Software and R&D play a crucial role at Siemens. The Corporate Technology division in Brasov , Cluj-Napoca and Bucharest is the competence center for research, software development, IT and engineering, which makes the company a major leader in vertical IT technologies. For more information about Siemens please visit www.siemens.ro and http://www.siemens.com/innovation.
Siemens Corporate Technology, the research and development power house of Siemens, is setting up a new Cyber Security Research & Development Center. Given the highly dynamic and complex technological landscape, shaped by endeavors such as as Industry 4.0 (“the 4th Industrial Revolution”), Internet of Things and Critical Infrastructures, cyber security cyber security strategies should be secure, vigilant, and resilient, as well as fully integrated into organizational strategy from the start - this plays a crucial role for the success of both Siemens and its customers.
Therefore cyber security has evolved into one of the core technologies at Siemens which helps shape the new age of smart manufacturing, dynamic supply chains as well as tailored products and services.
Siemens Corporate Technology is focused on state-of-the-art, and beyond, technological challenges which help Siemens provide better, more efficient and secure products to its customers. Siemens Corporate Technology provides security building blocks and blueprint architectures for all Siemens business units in order to facilitate faster and better product development - we test and assess products & solutions, analyze and review code, develop security measures, and optimize their implementation. And finally, we analyze threat landscapes, manage vulnerabilities, and provide solutions for incident response.
We are looking for security professionals to drive operational excellence, continuous development and improvement of Siemens’s security solutions.
Software Developer for Automation in Hardening
What are my responsibilities?
- Support the responsible Key Experts to develop new features to further automate the Hardening of systems and devices at Siemens, e.g., by
- Maintaining the code base of the authoring tools for technical policies (interpreter for the Scap-o-lite mark-up language)
- Develop and implement new features for the authoring tool for technical policies
- Develop and implement tools to gather a detailed list of installed software, and interface with asset inventory databases and vulnerability databases (“SVM”) to create an automated reporting of software asset inventory
- Develop and implement tools or code (e.g., PowerShell code) to automatically check for correct configuration of technical policies
- Develop and implement tools or code (e.g., PowerShell code) to automatically configure systems according to technical policies
- Work in a DevSecOps environment – software developers are expected to also work in operations to experience the tool chain, tasks, and challenged to better understand relevance of solutions and approaches to Security Automation
What do I need to qualify for this job?
- Fluency in spoken and written English, including security terminology; proficiency in German a plus
- Significant technical system expertise (as, e.g., gathered from being an IT Administrator for certain systems) with relevant exposure and expertise in IT Security, in at least some of the following technologies
- Windows Server Operating Systems (preferably Windows Server 2016, or Windows Server 2012)
- Windows Client Operating Systems (preferably Windows 10, or Windows 7)
- Microsoft Office (preferably Office 365, Office 2016/2013)
- Databases (preferably MS SQL)
- Web Server (preferably Microsoft or Apache)
- Excellent proficiency in Python
- Proficiency in mark-up languages
- Basic knowledge in Version Control Systems (preferably Git)
- Prior training in Secure Coding a plus
- Experience in DevSecOps a significant plus
- Excellent working knowledge of technical and organizational aspects of information security, e.g., regarding detection of and reaction to intrusion attempts / attacks in IT applications, systems, and networks.
- Ability to present and explain complex technical topics to both management and technical experts
- Ability to work in a self-guided and result-oriented fashion with the clear desire to become an acknowledged technical expert in your own area of expertise
Requisition ID: 281127
Organization: Corporate Technology
Career Level: Mid-level Professional
Full time only