The Product and Solution Security Expert(PSSE) supports and consults with the project teams (in engineering, solutions, or service) to ensure the cybersecurity of products, solutions, or services. Through various applications of design methodologies, software tools, and penetration tests, the security expert ensures the security integrity throughout the entire lifecycle of the project.
The PSSE is an integral part of the R&D organization with a focus on the cybersecurity of products, solutions, and services. Core tasks of the PSSE span product development, solutions implementation, and supporting the development and delivery of secure services including:
- Conduct Project Assessments to determine the security risk and associated security resources required
- Conduct Threat and Risk Analysis to identify security weaknesses associated with a project
- Identify security threat scenarios in which a security weakness could be exploited
- Analyze the resulting security risks to determine which threats are most significant
- Document results and follow up with appropriate risk mitigation measures
- Conduct security testing of product, solution, or service to ensure security requirements are met
- Support the incident response process
- Work with IT organization to identify and resolve security weakness related to project development environment
With increasing experience, the PSSE position will encompass all elements of secure project development and additionally, the design and maintenance of secure IT infrastructure for project operations.
This position is part of the Factory Automation Business Segment in the Digital Industries Division of Siemens and it is located in Johnson City, TN – other options may be considered depending on the candidate’s skills and qualifications.
The position will report to the Director of Engineering, SIMATIC R&D within the Factory Automation Business Segment, as an individual contributor. The PSSE will work closely with the Product Solutions and Security Officer, PSSE’s in related product families, software/hardware developers, and other IT experts.
The PSSE is responsible for carrying out all activities involved with securing Siemens products, solutions, and services from cyberattacks. This is done using a combination of knowledge, process, and tools which improve the security robustness of our projects applied throughout their entire lifecycle. The PSSE will work with several stakeholders in this mission including project managers, developers, integration and system test, product management, and IT. Key responsibilities include:
- Support project teams in conducting security activities required by secure development lifecycle process during the development of products, solutions, or supporting services.
- Support project teams in applying the appropriate product & solution security tools.
- Support the duplication and analysis of product-related security incidents, incident response process, and initiation / implementation of corrective actions
- Review various product development artifacts (e.g., specifications and documentation) to ensure product & solution security requirements are included.
- Track and drive resolution of IT security issues within development, solutions, or service teams
- Perform code analysis, code scanning, communications robustness testing, and penetration testing activities to identify security vulnerabilities prior to release.
- Understand the secure coding, secure design, and hardening guidelines, communicate the information to others, and support implementation as required.
- Communicate security topics, provide training, and raise general awareness to increase the security know-how within the business (e.g., via presentations, cross-training, emails).
- Responsible to support multiple projects, across multiple Business Units at the same time
Required Knowledge/Skills, Education, and Experience
- Bachelors Degree in Computer Science (Cybersecurity)
- 0 – 2 years’ experience in a software development or security engineering field
- Travel required with the position is about 20%
- Intermediate knowledge of programming and scripting languages including (e.g., C++, C#, Python, PowerShell, etc.)
- General knowledge of communications protocols, OSI model, TCP/IP
- General knowledge of network architecture, routing, and switching
- Understands virtualization technologies
- Demonstrates good interpersonal, communication, and teamwork skills
- Ability to work independently, a self-starter
Preferred Knowledge/Skills, Education, and Experience
- Master’s Degree in Computer Science (Cybersecurity)
- 2-5 years of experience in software development or security engineering field
- Knowledge of industrial controls systems (e.g., PLC, Engineering Programming Tools, HMIs)
- Familiar with version control, SDLC, Agile development process, DevOps
- General understanding of cloud service models, offerings, and security models
- Knowledge of ISO 27001, NIST Cybersecurity Framework, and/or other security standards.
- Network and Security certifications
Organization: Digital Industries
Company: Siemens Industry, Inc.
Experience Level: Experienced Professional
Job Type: Full-time
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.
EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.
Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.
California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here.