Back

Blue Team Specialist / Cybersecurity operations (m/f/d)

Job Description


Do you want to help create the future of healthcare? Siemens Healthineers is a place for people who dedicate their energy and passion to this greater cause. It reflects their pioneering spirit combined with our long history of engineering in the ever-evolving healthcare industry.

We offer you a flexible and dynamic environment where you have the space to stretch beyond your comfort zone in order to grow personally and professionally. Sound interesting?

Then come in and join our team as Blue Team Specialist!


Overview
In our holistic view of Cybersecurity Operations, the Blue Team does not only detect and react to attacks but also strives to continuously improve the Cybersecurity posture and maturity of our organization. Blue Teamers are natural problem solvers and are personally satisfied with every step towards improvement.

In this function you support the continuous improvement of the defensive security (but also in a certain extent organizational and processual aspects) of the organization cybersecurity maturity levels. You are responsible for addressing findings from audits, pentests or cybersecurity incidents and turn those into actionable measures towards the sustainable improvement. Likewise, you also have the freedom to employ your technical abilities to find weaknesses on your own and propose the most-suitable measure to set issues straight.

Tasks and Responsibilities

The position will bring a mix of the following tasks and responsibilities
  • Coordinate the remediation of audit, pentest or red team findings developing a close collaboration with the respective teams and ensuring that the solutions are designed to be sustainable and scalable. 
  • Coordinate and participate in Red Team-Blue Team exercises and derive learnings that turn into improvement of our defenses.
  • Proactive responsibility to ensure feedback from security architects, developers and operations teams to the suggested measures are properly incorporated in our architectures, control frameworks and incident response process.
  • Analyze currently existing security data sources and derive patterns and use-cases for the detection of incident or anomalies.
  • Expand detection coverage by including new data sources or by making recommendations on how to increase the value for incident detection and response
  • Standardize data source and data quality by creating standard configuration profiles and support partner teams in implementing those
  • Derive trends and insights from data sources, turn those into insights and knowledge to improve defense mechanisms and security architecture of systems and networks.
  • Develop and carry out proactive threat hunting activities, making sure that learnings are properly delivered and implemented to neighboring teams and functions.
  • Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
  • Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
  • Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
  • Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring that root causes are properly clarified and addressed. Communicate findings and possible improvement measures in an actionable way.
  • Understand and employ defense-in-depth principles and practices to create and maintain protection mechanisms.

Qualifications
  • Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas: 
  • Computer networking concepts and protocols, and network security methodologies
  • Risk management processes and methods for assessing and mitigating risk.
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles.
  • Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate malware and threats based on threat intelligence as well as on analysis of log data and network traffic.
  • System administration, network, and operating system hardening techniques.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Incident categories, incident responses, and timelines for responses.
  • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Experience with operating system security controls on common platforms such as Linux, Windows.
  • Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq)
  • Cloud service models and how those models can limit incident response.
Additionally
  • STEM studies are highly desirable but might be traded-off for relevant experience.
  • 3+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
  • Relevant Industry Certifications such as SANS/GIAC (e.g. GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM as well as vendor-related certifications are desirable.
  • Expected time travelling abroad 0-25%. 
Personality Traits
  • Able to build long-lasting working relationships across different business areas and IT departments and foster technical collaboration and exchange.
  • Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
  • Able to structure complex problems and find practicable solutions to those.
  • Team player but also able to work on an individual basis.
  • Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
  • Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.
Soft Skills Requirements
  • Strategic Innovative Orientation (+)
  • Leadership (+)
  • Collaboration & Customer Orientation (++)
  • Intercultural Sensitivity (+)
  • Team Development (+)
  • Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality (+)
  • Ability to use initiative when needed (self-motivation and proactive attitude) (++)
  • Excellent communication skills (both written and verbal) in English (++)
  • Quick learner and aptitude to get into new technologies and architectures (++)

Being part of our team:

Siemens Healthineers is a leading global medical technology company. More than 48,000 dedicated colleagues in over 70 countries are driven to shape the future of healthcare. An estimated 5 million patients across the globe benefit every day from our innovative technologies and services in the areas of diagnostic and therapeutic imaging, laboratory diagnostics and molecular medicine, as well as digital health and enterprise services.

Curious about our culture?

Our culture embraces different perspectives, open debate and the will to challenge convention. Change is a constant aspect of our work. We aspire to lead the change in our industry rather than just react to it. That’s why we invite you to take on new challenges, test your ideas and celebrate success.

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.




Organization: Siemens Healthineers

Company: SIEMENS HEALTHCARE, S.L.U.

Experience Level: Experienced Professional

Job Type: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?