Blue Team AD/AzureAD Specialist / Cybersecurity Operations (f/m/d)

Job Description

Do you want to help create the future of healthcare? Siemens Healthineers is a place for people who dedicate their energy and passion to this greater cause. It reflects their pioneering spirit combined with our long history of engineering in the ever-evolving healthcare industry.

We offer you a flexible and dynamic environment where you have the space to stretch beyond your comfort zone in order to grow personally and professionally. Sound interesting?

Then come in and join our team as Blue Team AD/AzureAD Specialist / Cybersecurity Operations

In our holistic view of Cybersecurity Operations, the Blue Team does not only detect and react to attacks but also strives to continuously improve the Cybersecurity posture and maturity of our organization. Blue Teamers are natural problem solvers and are personally satisfied with every step towards improvement.

In this function you support the continuous improvement of the defensive security (but also in a certain extent organizational and processual aspects) of the organization cybersecurity maturity levels. You are responsible for addressing findings from audits, pentests or cybersecurity incidents and turn those into actionable measures towards the sustainable improvement. Likewise, you also have the freedom to employ your technical abilities to find weaknesses on your own and propose the most-suitable measure to set issues straight.

Tasks and Responsibilities

The position will bring a mix of the following tasks and responsibilities

  • Coordinate the remediation of audit, pentest or red team findings developing a close collaboration with the respective teams and ensuring that the solutions are designed to be sustainable and scalable.
  • Coordinate and participate in Red Team-Blue Team exercises and derive learnings that turn into improvement of our defenses.
  • Proactive responsibility to ensure feedback from security architects, developers and operations teams to the suggested measures are properly incorporated in our architectures, control frameworks and incident response process.
  • Root cause analysis of findings and security issues to identify and remediate the problem on the source, as well as extending the scope of the finding to identify any other similar case.
  • Standardize data source and data quality by creating standard configuration profiles and support partner teams in implementing those.
  • Derive trends and insights from data sources, turn those into insights and knowledge to improve defense mechanisms and security architecture of systems and networks.
  • Perform self-assessments, tests and configuration checks on the Active Directory, servers, endpoints and perimeter security as a source of findings that will require a remediation plan.
  • Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
  • Develop and carry out proactive threat hunting activities, making sure that learnings are properly delivered and implemented to neighboring teams and functions.
  • Leverage threat hunting and security assessments to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
  • Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
  • Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring that root causes are properly clarified and addressed. Communicate findings and possible improvement measures in an actionable way.
  • Understand and employ defense-in-depth principles and practices to create and maintain protection mechanisms.


Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas:

  • Systems administration, network, and operating system hardening techniques.
  • Active Directory and Azure AD operation and security knowledge, as well as IAM and Privileged Identity Management.
  • Computer networking concepts and protocols, and network security methodologies.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Risk management processes and methods for assessing and mitigating risk.
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles.
  • Threat models (cyber kill chain, diamond model) and incident categorization systems, as well as ATT&CK knowledge.
  • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Experience with operating system security controls on common platforms such as Windows endpoints, Windows servers, Linux.
  • Experience in Cloud environments and securing Cloud infrastructure.
  • Experience with scripting languages (e.g., PowerShell, Python) and using APIs.


  • STEM studies are highly desirable but might be traded-off for relevant experience.
  • 3+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
  • Relevant Industry Certifications such as SANS/GIAC (e.g. GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM as well as vendor-related certifications (e.g. MCSE, AZ-500) are desirable.
  • Expected time travelling abroad 0-25%.

Personality Traits

  • Able to build long-lasting working relationships across different business areas and IT departments and foster technical collaboration and exchange.
  • Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
  • Able to structure complex problems and find practicable solutions to those.
  • Team player but also able to work on an individual basis.
  • Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
  • Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.

Being part of our team:

Our global team: Siemens Healthineers is a leading global medical technology company. 50,000 dedicated colleagues in over 70 countries are driven to shape the future of healthcare. An estimated 5 million patients across the globe benefit every day from our innovative technologies and services in the areas of diagnostic and therapeutic imaging, laboratory diagnostics and molecular medicine, as well as digital health and enterprise services.

Curious about our culture? Our culture embraces different perspectives, open debate, and the will to challenge convention. Change is a constant aspect of our work. We aspire to lead the change in our industry rather than just react to it. That’s why we invite you to take on new challenges, test your ideas, and celebrate success.

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.

Organization: Siemens Healthineers


Experience Level: Mid-level Professional

Job Type: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?