Siemens Digital Industries Software is a leading provider of solutions for the design, simulation, and manufacture of products across many different industries. Formula 1 cars, skyscrapers, ships, space exploration vehicles, and many of the objects we see in our daily lives are being conceived and manufactured using our Product Lifecycle Management (PLM) software.
Role Overview:
As a Product and Solution Security Expert (PSSE) or Cyber & Information Cloud Security Expert, you will play a critical role in ensuring the security of products, solutions, and cloud-based services. You will collaborate with cross-functional teams to design, implement, and manage comprehensive security measures across development, operations, and architecture phases. This role demands expertise in cloud platforms, secure coding practices, threat analysis, and compliance standards, with a focus on driving DevSecOps and enhancing organizational security postures.
Key Responsibilities:
- Product & Solution Security Consulting:
- Provide technical expertise on Product and Solution Security (PSS) to R&D, DevOps, SRE, and Architecture teams.
- Specialize in one or more areas, including Secure Architecture and Design, Cloud Security, Secure Project Integration, Security Testing, and Secure Implementation.
- Security Implementation:
- Support project leaders in integrating security into product development processes.
- Guide project teams in performing security activities such as threat and risk analysis, penetration testing, and compliance assessments.
- Implement requirements from the PSS Guide into respective services and ensure alignment with organizational standards.
- Cloud and Application Security:
- Secure applications and data across AWS and Azure cloud platforms, Kubernetes, Containers, and Docker environments.
- Conduct container scanning, runtime scanning, static code analysis, and manage vulnerability and malware scanning tools.
- Governance and Compliance:
- Drive compliance with ISO 27001, SOC2, NIST-CSF, OWASP SAMM, and other standards.
- Collaborate with internal teams to ensure the implementation and reporting of required security controls.
- DevSecOps and Automation:
- Build and manage DevSecOps CI/CD pipelines with tools like GitLab, SonarQube, and Artifactory.
- Automate alerting, monitoring, and security workflows using appropriate tools and integrations.
- Continuous Monitoring and Incident Handling:
- Monitor and evaluate the effectiveness of security measures continuously.
- Support in managing and resolving security incidents effectively.
Requirements:
·8-10 years of relevant experience
- Platforms & Stacks:
- AWS / Azure cloud platforms, Kubernetes, Containers, and Docker.
- Tools & Technologies:
- Application & data security, ISMS controls, secure coding practices, threat and risk analysis, penetration testing, vulnerability management, and DevSecOps tools (SonarQube, GitLab, Artifactory).
- Hands-on experience with secrets management, container registry, and runtime security solutions.
- Programming Languages:
- Proficiency in Java, Python, and Shell scripting.
- Tools for Collaboration and Reporting:
- JIRA, Confluence, MS Office 365, and other project management tools.
Preferred Qualifications:
- Familiarity with compliance standards like ISO 27017, ISO 27018, IEC 62443, EU-CRA, and EO-14028.
- Strong knowledge of security frameworks and governance, including QMS, MLPS, and data privacy norms.
- Experience in creating KPI and metric reports for functional leads and security officers.
Key Attributes:
- Strong analytical and problem-solving skills.
- Ability to work collaboratively across development, operations, and security teams.
- Excellent communication and documentation skills to convey security requirements and solutions effectively.
This is an opportunity to take ownership of security measures in a dynamic and innovative environment, ensuring the delivery of secure and robust cloud-based solutions. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
We are SiemensA collection of over 377,000 minds building the future, one day at a time in over 200 countries. We're dedicated to equality, and we welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and creativity and help us shape tomorrow! We offer a comprehensive reward package which includes a competitive basic salary, bonus scheme, generous holiday allowance, pension, and private healthcare.
Siemens Software. Transform the every day.
#LI-PLM
#LI-Hybrid
#LI -TJ1
