Siemens Mobility is a separately managed company of Siemens. As a leader in transport solutions for more than 160 years, Siemens Mobility is constantly innovating its portfolio in its core areas of rolling stock, rail automation and electrification, turnkey systems, intelligent traffic systems as well as related services. With digitalization, Siemens Mobility is enabling mobility operators worldwide to make infrastructure intelligent, increase value sustainably over the entire lifecycle, enhance passenger experience and guarantee availability. In fiscal year 2019, which ended on September 30, 2019, the former Siemens Mobility Division posted revenue of €8.9 billion and had around 36,800 employees worldwide.
Our Engineering Cybersecurity Specialists are true professionals in terms of thinking outside the box. They explore every possibility when it comes to effective ways of deceiving, circumventing, and weakening IT systems so that they can protect them even more successfully. To this end, they ask questions that have no answers yet and look for gaps where hardly anyone would suspect them. This is crucial for digitalization! Join our team and we will foster your continuing professional development and an exchange with colleagues from all over the world. So you may specialize or develop your knowledge as a generalist. One thing is certain: your ideas will not be filed away, but almost always find their way into company practice. Worldwide.
Siemens is looking for cybersecurity specialists for the Engineering Department within the Mobility division. The Engineering Cybersecurity Specialist will be responsible to support and consult the project teams throughout the project’s life cycle to implement the required cybersecurity measures.
The Engineering Cybersecurity Specialist documents and addresses customer project’s information security, cybersecurity architecture, and systems security engineering requirements throughout the project’s life cycle; performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy; and provides cybersecurity guidance to leadership.
We make real what matters. This is your role.
In general terms, the Engineering Cybersecurity Specialist elaborates the customer project specific Information Security Plan, prepares and maintains the Threat and Risk Analysis based on the project specific system architecture, apportions security requirements to subsystems and components, manages and defines security testing and provides specialized support to the project’s team in cybersecurity topics. The Engineering Cybersecurity Specialist is the main interface to Suppliers, Partners and Customers regarding IT security topics, and follows up on Security Vulnerabilities and Incidents of the System/Project.
• Secure Architecture:
The Engineering Cybersecurity Specialist is involved in the architecture and design phase of systems and solutions, and supports the System and Subsystems Managers during detailed design of Security Controls. He/she is also acting as the interface between Project Management, Engineering and R&D regarding security topics. He/she defines secure design principles. The Engineering Cybersecurity Specialist supports the development of architecture and design that meet the security requirements and follow the secure design principles. He/she supports selection of secure suppliers and technologies and the development of secure configuration standards. In addition, addresses secure integration of Siemens or third-party components, and customer-specific security mechanisms like domain controllers. Moreover, security topics such as IDS, security patch management or Anti-Virus systems must be considered.
• Secure Project Integration
The Engineering Cybersecurity Specialist securely builds, and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems with regard to system security. He/she defines and establishes zones and conduits taking physical security concerns into account. The Engineering Cybersecurity Specialist supports the Installation and Site Manager and provides Security Awareness Training for commissioning, installation, operation and maintenance personnel. He/she prepares and performs security handover of complex systems to customers.
• Security Testing:
The Engineering Cybersecurity Specialist is involved in the security testing of systems and solutions. He/she plans the execution of the security testing. During the test, he/she supports the verification of security requirements and conducts/supports the penetration tests to identify security vulnerabilities. Moreover, he/she evaluates the effectiveness of defined measures based on threat and risk analysis.
Use your skills and abilities to move the world forward.
• Identifying critical target elements, to include critical target elements for the cyber domain.
• Identifying cyber threats which may jeopardize organization and/or customers’ interests.
• Identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Discerning the protection needs (i.e., security controls) of information systems and networks.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Using risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk.
• Translating operational requirements into protection needs (i.e., security controls).
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization and customers’ cyber objectives.
• Cyber threats and vulnerabilities and how to deal with them.
• Knowledge of organization issues, objectives, and operations in cybersecurity as well as regulations and policy directives governing cyber operations, such as IEC 62443, NIST-800, NIS Directive, and others.
• Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of system engineering, system administration, network and operating system hardening techniques.
• Ability to answer questions in a clear and concise manner.
• English: C1 or equivalent, mandatory.
• German: B1 or equivalent, nice to have.
• Security-related certifications, nice to have.
• You have more than 3 years of relevant work experience in a similar function.
• Willingness to travel worldwide when required.