Siemens Mobility is a global powerhouse focusing on the areas of electrification, automation and digitalization. With our long-standing transport expertise and our IT know-how, we are constantly developing new, intelligent mobility solutions that increase availability of infrastructure, optimize throughput and improve passenger experience. It’s in how we electrify, automate and digitalize infrastructure that we’re setting the benchmark for tomorrow’s mobility.
A passion for security.
Our Product and Solution Security Experts are true professionals in terms of thinking outside the box. They explore every possibility when it comes to effective ways of deceiving, circumventing, and weakening IT systems so that they can protect them even more successfully. To this end, they ask questions that have no answers yet and look for gaps where hardly anyone would suspect them. This is crucial for digitalization!
Siemens is looking for a Product and Solutions Security Expert for Customer Projects in the Mobility division. The PSSE will be responsible to support and consult the project teams throughout the project’s life cycle to implement the required product & solution cybersecurity.
The PSSE documents and addresses customer project’s information security, cybersecurity architecture, and systems security engineering requirements throughout the project’s life cycle; performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy; and provides cybersecurity guidance to leadership.
We make real what matters. This is your role.
In general terms, the Product & Solution Security Expert elaborates the customer project specific Information Security Plan, prepares and maintains the Threat and Risk Analysis based on the project specific system architecture, apportions security requirements to subsystems and components, manages and defines security testing and provides specialized support to the project’s team in cybersecurity topics. The PSSE is the main interface to Suppliers, Partners and Customers regarding IT security topics, and follows up on Security Vulnerabilities and Incidents of the System/Project.
• Secure Architecture:
The Product & Solution Security Expert is involved in the architecture and design phase of systems and solutions. The PSSE supports the System and Subsystems Managers during detailed design of Security Controls. He/she is also acting as the interface between Project Management, Engineering and R&D regarding security topics. He/she defines secure design principles. The PSSE supports the development of architecture and design that meet the security requirements and follow the secure design principles. The PSSE supports selection of secure suppliers and technologies and the development of secure configuration standards. In addition, addresses secure integration of Siemens or third-party components, and customer-specific security mechanisms like domain controllers. Moreover, security topics such as IDS, security patch management or Anti-Virus systems must be considered.
• Secure Project Integration
The Product & Solution Security Expert securely builds, and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems with regard to system security. He/she defines and establishes zones and conduits taking physical security concerns into account. The PSSE supports the Installation and Site Manager and provides Security Awareness Training for commissioning, installation, operation and maintenance personnel. He/she prepares and performs security handover of complex systems to customers.
• Security Testing:
The Product & Solution Security Expert is involved in the security testing of systems and solutions. He/she plans the execution of the security testing. During the test, the PSSE supports the verification of security requirements and conducts/supports the penetration tests to identify security vulnerabilities. Moreover, he/she evaluates the effectiveness of defined measures based on threat and risk analysis.
Use your skills and abilities to move the world forward.
• Identifying critical target elements, to include critical target elements for the cyber domain.
• Identifying cyber threats which may jeopardize organization and/or customers’ interests.
• Identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Discerning the protection needs (i.e., security controls) of information systems and networks.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Using risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk.
• Translating operational requirements into protection needs (i.e., security controls).
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization and customers’ cyber objectives.
• Cyber threats and vulnerabilities and how to deal with them.
• Knowledge of organization issues, objectives, and operations in cybersecurity as well as regulations and policy directives governing cyber operations, such as IEC 62443, NIST-800, NIS Directive, and others.
• Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of system engineering, system administration, network and operating system hardening techniques.
• Ability to answer questions in a clear and concise manner.
• English: C1 or equivalent, mandatory.
• Security-related certifications, nice to have.
• Work experience in a similar function required.
• Willingness to travel worldwide when required.
La Diversidad en Siemens es nuestra fuente de creatividad e innovación. Contar con diferentes tipos de talento y de experiencias nos hace ser más competitivos y estar mejor preparados para responder con éxito a las demandas de la Sociedad. Por ello, valoramos a las candidatas y a los candidatos que reflejen la Diversidad que disfrutamos en nuestra Compañía.
Job ID: 91883
Company: Siemens Rail Automation S.A.U.
Experience Level: Experienced Professional
Job Type: Full-time