Siemens Mobility is a separately managed company of Siemens AG. As a leader in transport solutions for more than 160 years, Siemens Mobility is constantly innovating its portfolio in its core areas of rolling stock, rail automation and electrification, turnkey systems, intelligent traffic systems as well as related services. With digitalization, Siemens Mobility is enabling mobility operators worldwide to make infrastructure intelligent, increase value sustainably over the entire lifecycle, enhance passenger experience and guarantee availability.
Digitalization confronts many enterprises with great challenges and will change the processes immensely within the next years. Also, Siemens Mobility faces these tasks with our help.
We are shaping digitalization – through security
In the digital age, Cybersecurity is a basic prerequisite if companies are going to be able to protect their critical infrastructures and sensitive data and ensure uninterrupted business operations.
Thus, Cybersecurity is a top priority at Siemens Mobility. Our products, systems, and services adequately protect our customers’ data and equipment according to the current state-of-the-art. Yet, we also realize we can’t cover the entire field by ourselves. That’s why, in November 2017, Siemens took the initiative and announced that we would join partners in industry, government, and society at the Munich Security Conference (MSC) to sign a Charter of Trust, publicize it, and encourage its general adoption.
Our vision is that for our society, customers and Siemens, we are the trusted partner in the digital world by providing industry leading Cyber security.
Together we make Cybersecurity real - because it matters.
We are looking for a Team Lead for a small pentest team to work in the central Cybersecurity Team of Siemens Mobility. As valuable member of the Cybersecurity team you lead IT Security assessments on Siemens Mobility IT systems, products, services, factories / depots and software development centers.
During this process you highlight important observations, translate and present technical findings into management information so that they can take effective actions.
Our pentesters are true professionals in terms of thinking outside the box. They explore every possibility when it comes to effective ways of deceiving, circumventing, and weakening IT systems so that they can protect them even more successfully. To this end, they ask questions that have no answers yet and look for gaps where hardly anyone would suspect them. This is crucial for digitalization! Join our team and we will foster your continuing professional development and an exchange with colleagues from all over the world. One thing is certain: your ideas will not be filed away, but almost always find their way into company practice. Worldwide. We make real what matters. This is your new role.
Your tasks will be the following:
- Organize security audits, pentests
- Coordinate the activities of the pentest team
- Present results to management and discuss observations with technical responsible
- Identification of security vulnerabilities
- Executing scans, penetration tests, source code analysis, reverse engineering
- Automating vulnerability assessment and penetration testing using scripting
What are we expecting?
Master’s degree in IT, Computer Science (or related field) or equivalent work
- 5+ years of experience in the field of cyber security
- Solid knowledge of technical and organizational aspects of information security
- Good scripting and programming skills. Experience with languages like Bash, Python, Ruby, Powershell, and C++ / C#
- Experienced with security frameworks NIST, SOX, HIPPA, OWASP
- Experience with using various pentesting tools (BurpSuite, Metasploit, Nessus, SQLmap, etc )
- Understanding of standard network protocols and analysis of computer networks with Wireshark
- Good understanding of intrusion detection and prevention in IT systems, networks and applications backed up by knowledge of theoretical and practical methods, e.g. threat analysis / modeling, penetration test
- You have experience with one or more of the following aspects: application and software security, blue / red teaming, network security, IT operations, penetration testing, etc.
- You have worked in the area of industrial security controls, OT security
- Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus
- Certifications such as GIAC GPEN, GXPN, OSCP, or OSCE are a plus
Personality requirements and skills:
- Ability to clearly communicate and present technical topics to management
- Ability to consult in technical and management-related matters
- Demonstrated affinity to learn about the latest trends in cybersecurity and keep up to date in a continuously challenging environment
- Good analytical and problem-solving skills
- Result oriented and self-motivated
- Collaborative, and must be able to work in a team environment
- You demonstrate an international mindset and are open to working in a diverse team
- Good organizer
- Team-lead experience is a plus
Siemens aboga por la igualdad de oportunidades entre mujeres y hombres, así como en la Diversidad como fuente de creatividad e innovación. Contar con diferentes tipos de talento y de experiencias nos hace ser más competitivos y estar mejor preparados para responder con éxito a las demandas de la Sociedad. Por ello, valoramos a las candidatas y a los candidatos que reflejen la Diversidad que disfrutamos en nuestra Compañía y animamos la cobertura de puestos por mujeres y hombres en ocupaciones que se encuentren subrepresentadas.
Organization: Siemens Mobility
Company: Siemens Rail Automation S.A.U.
Experience Level: Experienced Professional
Job Type: Full-time