The Cloud Security Architect understands the Siemens Information Security and drives the adherence for the cloud. In the role of Product Owner for Cloud Security & Governance, he is the responsible stakeholder for the definition and implementation of the cloud security concepts. He ensures that all security measures are taken care and audited on a regular basis.
Task and Responsibilities:
- Understand Siemens information security requirements and drive adherence for cloud workloads on AWS and Azure Clouds.
- Implement cloud security solutions using native AWS or Azure cloud services, as well as 3rd party cloud security services.
- Guides internal customers on cloud security practices and helps implement security in cloud workloads.
- Work closely with information security teams and stakeholders in Siemens Healthineers to drive cloud security.
- Evaluate new security technologies, solutions & managed security services to help secure cloud environments.
- Implement a tool driven and highly automated approach to deliver our key security management processes by exploiting investment in existing tooling (e.g. ServiceNow, etc.) and / or identify new tooling.
- Respond to and, when appropriate, resolve or escalate security incidents
- Report unresolved security exposures, misuse of resources and noncompliance situations using defined escalation processes.
- Assist and train team members in the use of cloud security tools and the resolution of security issues.
- Develop and maintain documentation for security systems and procedures.
- Collaborate within organization to build secure IaaS, PaaS & SaaS environments for AWS and Azure.
- Actively involve in cloud environment threat hunting using manual and automated tools.
- Implement security utilities and tools for internal use that enable you and your colleagues to operate at high speed and wide scale.
- Implement cloud security solutions to enable production security operations (SOC).
- Deploy compliance solutions for large-scale cloud environments using container and microservice technologies.
- Craft and evangelize secure cloud platform & product requirements.
- Communicate security risks and solutions to business partners, platform & product teams.
- Embrace a culture of continuous service improvement and service excellence.
- Stay current on security industry trend.
- Define and implement cloud governance processes in collaboration with cloud service managers.
- Drive cost optimization with cloud solution architects and cloud customers.
- Overall 10+ years experience in Technology with extensive experience in cloud solutions (AWS and Azure)
- Extensive experience in cloud based DDoS protection services
- Knowledge of network based, system level, and application layer attacks and mitigation methods
- Experience with the implementation of security solutions in an enterprise cloud based environment
- Experience with a broad range of security technologies including, SAST, DLP, IDS/IPS, IAM, Certificate Management
- Intermediate knowledge of AWS and expert knowledge of Azure security strategies and tools
- Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
- Ability to clearly and effectively communicate concerns, issues to other teams
- Experience in developing, documenting, and maintaining security procedures
- Bachelor's Degree in Computer Science or related field or equivalent experience
- AWS and/or Azure certification along with other security certifications such as CISSP, SSCP is a plus
- The candidate will apply their experience building reliable, scalable, secure data driven process automation for managing compliance
Competences and Behaviors:
- Highly self-motivated with the ability to identify areas of focus and tackle new challenges with or without direction
- Must be able to communicate effectively and build solid relationships with individuals at all levels, in multiple geographies and business functions
- Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams
- Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders
- Excellent oral and written communication skills and exceptional interpersonal skills
- Demonstrated ability to work under pressure
- Ability to work within a dynamic and fast paced international environment
- Ability to build rapport with other team members and relevant teams
- Very good communications, presentation and negotiations skills
- Technically innovative, able to express technical and non-technical concepts in clear verbal and written English
- Very good written skills to document complex concepts in a comprehensive, yet readable manner
- Encourages people to be open and share their views
- Considers a range of options that meet the needs of all stakeholders
- Ability to use own initiative to solve technical problems
- Delivery Focused
- Takes responsibility for projects and strategic initiatives
- Demonstrate clear and measurable results through the development of KPIs, goals and milestones
- Ambitious and competitive
- Drive innovation and best practice
- Strive for standardization and simplification in all aspects of work
- Able to balance the needs of the business against the desire for the best solution possible
Soft skill SLF Requirements
- Business Results Orientation (0)
- Strategic Innovative Orientation (0)
- Leadership (+)
- Collaboration & Customer Orientation (++)
- Change Management (+)
- Intercultural Sensitivity (+)
- Value Orientation (++)
- Team Development (++)
- Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality
- Ability to use initiative when needed
- Excellent communication skills (both written and verbal)
- Quick learner and efficient ability to get into new technologies and architectures
• MSDN license for each developer with prepaid access to AZURE
• Free access to PLURALSIGHT – the WBT platform
• Team building program - 2 days adventure offsite meeting for all employees every year, Christmas party, extra budget for team building events
• Participation on world famous IT conferences like Microsoft IGNITE for best employees
• Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)
• Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
• Health program (contracted wellness providers, sport centers, salary reimbursement in case of illness)
• Retention program (work anniversary, life anniversary, additional pension plan, employee loans)
• Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)
Organization: Information Technology
Company: Siemens Healthcare s.r.o.
Experience Level: Experienced Professional
Job Type: Full-time