..The Product & Solution Security Expert (PSSE) provides technical consultation to product development teams to enable implementation of the required product & solution security. PSSEs must be specialized in at least one of the six different areas : Secure Architecture & Design, Secure Implementation, Security Testing, Secure Project Integration, Secure Manufacturing or Secure Service.
Support project teams in conducting the corresponding security activities during the development process, project management process and services and in product and solution release.
Drive in incident response teams, incident escalation
Drive in threat and risk analysis workshops
Provide expertise and support in security tools to product teams
Conduct product and solution security training and development of training material.
Develop and maintain guidelines and guidance for product development teams.
Stay up-to-date on the latest security threats/technologies.
Support the development of the PSS community within the organization, with experience exchange internally and externally.
PSSE can support multiple projects at the same time and should occupy the function for the main part of defined working time.
Review of documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project.
Evaluation of third party components regarding product & solution security.
Clearance of implementation and documentation of security critical components (e.g.
cryptographic functions, hidden function, firewall settings)
Selection of secure manufacturing and assembly equipment suppliers and technologies
Perform code analysis to identify security vulnerabilities and check compliance with secure coding guidelines. This includes recommendation and creation of static code analysis tools.
Verification of implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test). This includes recommendation and creation of security testing tools.
Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.
Contact person for product management, supply management (e.g. during contract
negotiation) for security topics. Support for communication with customer (e.g. security-relevant information and available security updates).
Organization: Digital Industries
Company: Siemens Healthcare Private Limited
Experience Level: Experienced Professional
Job Type: Full-time