Incident Response Specialist US

Job Description

Now’s our time to inspire the future of healthcare together.

Siemens Healthineers is a leading global medical technology company with over 170 years of experience and 18,000 patents. More than 60,000 dedicated colleagues in over 70 countries are driven to shape the future of healthcare. We stand with our customers around the world to support them in delivering high quality care to their patients. An estimated 5 million patients across the globe benefit every day from our innovative technologies and services in the areas of diagnostic and therapeutic imaging, laboratory diagnostics and molecular medicine, as well as digital health and enterprise services. This is what truly matters to us.

Join our team now at Siemens Healthineers as an Incident Response Specialist / Cybersecurity Operations.

This is a role well suited to an ambitious professional, looking for the next step in their career. As an Incident Response Specialist, you will be responsible for:

  • Assess, triage, and prioritize security-relevant events from logging and monitoring systems.
  • Coordinate and lead Incident Response taskforces and provide technical expertise, working with different business functions such as IT Operations, HR, Legal, Data Privacy, Corporate Communications and Product Security.
  • Derive immediate mitigation measures for containment, eradication, and recovery of cybersecurity incident and keep track of its implementation progress during incident response task forces.
  • Develop and carry out regular threat hunting (proactive) activities, making sure learnings are properly documented and propagated to neighboring teams and functions.
  • Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
  • Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
  • Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
  • Collect forensic artifacts, analyze, reverse engineer, and document findings on malicious payloads so that indicators of compromise and information about threats origin and intents are properly disseminated and acted upon.
  • Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring root-cause are properly clarified. Communicate findings and possible improvement measures in an actionable way.
  • Operate and drive continuous improvement to SOC playbooks to protect company personnel, businesses, and assets.
  • Document and communicate abstracts and consolidated incident-related findings and trends to support security architecture and security awareness functions.
  • Understand and employ defense-in-depth principles and practices to create and maintain defense mechanisms.

This position may suit you best if you are familiar with what is below, and would like to do develop your career with Healthineers:

  • Computer networking concepts and protocols, and network security methodologies.
  • Risk management processes and methods for assessing and mitigating risk.
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles.
  • Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of log data and network traffic.
  • Host/network access control mechanisms (e.g., access control list, capabilities lists).
  • System administration, network, and operating system hardening techniques.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Incident categories, incident responses, and timelines for responses.
  • Incident response and handling methodologies.
  • Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  • Network traffic and packet-level analysis.
  • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Experience with Malware analysis, sandboxes, reverse engineering, and tools such as Radare2, OllyDbg, and Hex-Rays IDA Pro.
  • Experience with operating system security controls on common platforms such as Linux, Windows.
  • Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq).
  • Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain or MITRE ATT&CK.
  • Cloud service models and how those models can limit incident response.
  • Application Security Risks (e.g. Open Web Application Security Project Top 10 list).


  • STEM studies are highly desirable but might be traded-off for relevant experience.
  • 5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
  • Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.

Required skills to have for the success of this role:

  • Negotiation skills and ability to set and track priorities and deadlines.
  • Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
  • Able to structure complex problems and find practicable solutions to those.
  • Team player but also able to work on an individual basis.
  • Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
  • Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.

Siemens Healthineers has recently announced the next steps in our continued commitment to prioritize colleague health, comply with customer/business partner requirements, and help preserve our business continuity.  Going forward, please be aware that Siemens Healthineers requires full COVID-19 vaccination for all new hires by their start date.

(Note: Accommodations may be requested for certain medical or religious reasons)

At Siemens Healthineers, we value those who dedicate their energy and passion to a greater cause. Our people make us unique as an employer in the med-tech industry. What unites and motivates our global team is the inspiration of our common purpose:  To innovate for healthcare, building on our remarkable legacy of pioneering ideas that translate into even better healthcare products and services. We recognize that taking ownership of our work allows both us and the company to grow. We offer you a flexible and dynamic environment and the space to move beyond your comfort zone to grow both personally and professionally.

If you want to join us in transforming the way healthcare is delivered, visit our career site at

If you wish to find out more about the specific before applying, please visit:

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.


Organization: Siemens Healthineers

Company: Siemens Medical Solutions USA, Inc.

Experience Level: Experienced Professional

Job Type: Full-time

Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.

EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.

Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.

California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here.

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?