Back

Product and Solution Security Professional

Job Description

Looking for challenging role? If you really want to make a difference - make it with us

Meeting the need for smart mobility solutions

We’re making the lives of people who travel easier and more enjoyable while constantly developing new, intelligent mobility solutions.

Your new role – challenging and future-oriented

·         Needs to be specialized in at least one/two of different areas: Secure Architecture & Design, Threat & Risk Analysis, Secure Project Integration and Security Testing.

·         PSSE will be primarily involved in the secure architecture and design, defines secure design principles, supports selection of secure suppliers and technologies and the development of secure configuration standards and security topics such as IDS, security patch management or Anti-Virus systems must be considered. Also, as part of project integration- defines, supervises, and tests the components/ subsystems with regards to system security, defines and establishes zones and conduits taking physical security concerns into account and prepares and performs security handover of complex systems to customers. For Security Testing, primarily involve and/or support testing of systems and solutions, supports the verification of security requirements and evaluates the effectiveness of defined measures based on threat and risk analysis against the test results.

·         Supports and consults the project leaders in implementing the required product & solution security

·         Supports project teams in conducting the corresponding security activities during the project execution process and / or services.

·         Can support multiple projects at the same time and should occupy the function for the main part of is defined working time.

·         Reports to the Project / Functional Lead and the Product & Solution Security Officer.

·         Support the project leader to build up required competencies for product & solution security and coaching of project teams

·         Specification and maintenance of secure coding, secure design guidelines, configuration, and hardening guidelines (e.g., for Siemens products and third-party components and manufacturing equipment).  

·         Synchronize adequately with Information Security organization to ensure architecture and design, and integration Rail IT-infrastructure is sufficiently secure.

·         Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP, ISO27000, CENELEC, NIST, SANS) in the project.

·         Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization.

·         Evaluation of third-party components regarding product & solution security.  

·         Clearance of implementation and documentation of security critical components (e.g., cryptographic functions, hidden function, firewall settings)

·         Verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test). This includes recommendation and creation of security testing tools.  

·         Validation (e.g., friendly hacking, penetration testing) to ensure that implementation fulfills security expectations

·         Involvement in the analysis and handling of security vulnerabilities & incidents.

·         Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g., update of guidelines, reporting to PSSOs, integration in awareness material).

We don’t need superheroes, just super minds

·       Recommended: Has cooperated in international teams

·       Optional: Has worked and lived abroad. 

·       Is successfully working as solution engineer or security consultant      

·       Has minimum 3 years’ experience in one of the fields of professional experience      

·       Has successfully worked as a technical team lead at least for 2 years (development teams)

·       Must have good understanding of Railway domain

·       Experience in railway engineering (preferably railway signaling technology (CBTC etc.)

·       Degree in Computer science or electrical engineering or IT security, certification program Certified Information Systems Security Professional (CISSP) and Certified Secure Software Life Cycle Professional (CSSLP) is helpful.

We’ve got quite a lot to offer. How about you?

This role is based in Pune. You’ll also get to visit other locations in India and beyond, so you’ll need to go where this journey takes you. In return, you’ll get the chance to work with teams impacting entire cities, countries – and the shape of things to come.

We’re Siemens. A collection of over 379,000 minds building the future, one day at a time in over 200 countries. We're dedicated to equality and we welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit and business need. Bring your curiosity and imagination, and help us shape tomorrow.

Find out more about Mobility at: https://new.siemens.com/in/en/products/mobility.html and about Siemens careers at: www.siemens.com/careers


Organization: Siemens Mobility

Company: Siemens Technology and Services Private Limited

Experience Level: Mid-level Professional

Job Type: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?