Looking for a chance to create a positive impact on our society?
Siemens Cybersecurity Defense is a global organization within Siemens consisting of regionally aligned teams across Germany, Portugal, Spain, United States, Mexico, and China. The mission of the organization is to proactively identify anomalies, respond and remediate Cybersecurity issues related to IT infrastructure, Operational Technology (OT), and products of Siemens.
Siemens CERT is a team of dedicated Security Engineers with the mission to secure Siemens’s infrastructure worldwide. The team is responsible for coordinating the response to Cyber Security incidents within Siemens. Siemens CERT monitors the current Cyber Threat Landscape for Siemens and assesses its potential impact to the enterprise, conducts forensic investigations and assesses the security of (mobile) applications. Based on that know-how and the latest technological trends, it consults with the IT departments in Siemens to improve enterprise IT Security globally.
As Senior Cyber Threat Intelligence Expert (f/m/d) you will:
- Provide intelligence to support decision making process concerning emergent and current threats targeting Siemens by developing processes and procedures to gather, identify, analyze, and distribute tailored intelligence products.
- Collaborate with Incident Response team, translating raw sensor data, reports, and other intelligence feeds into actionable intelligence to drive proactive measures and appropriately prioritize response activities.
- IT security incidents in a geographically distributed environment, orchestrating the interaction among all relevant technical and non-technical stakeholders during all phases of the incident.
- Help improving Siemens CERT internal playbooks and toolset by contributing with improvement ideas about processes, functionalities, and new features.
- Collect, organize, analyze, and refine information about known and emerging cyber security threats, including novel tactics, techniques, and procedures (TTPs) used by attackers to potentially target Siemens’ business or customers.
- Support the awareness activities by monitoring for and reporting relevant news in the cyber security space in the form of news articles on the Siemens CERT News Portal, for which you will also provide a Siemens-tailored risk assessment.
- Research on the latest trends in malware and advanced attacks.
- Leverage internal and external resources to enrich relevant information to deliver contextualized intel to acting teams in a timely manner.
- Contribute to every step of the IoC lifecycle within the Siemens CERT Threat Intelligence Platform (e.g. organizing input sources and feeds, manually crafting new indicators, tuning the strategies in place to label and organize relevant intel, etc.)
- Monitor Siemens’ public exposure to detect signs of sensitive disclosure, exposed credentials, and targeted hacker groups activities
- Provide tailored intelligence briefings to Cybersecurity colleagues and to other Security and IT areas.
To make a difference, you must have:
- Significant technical system expertise (e.g. gathered from being an IT Administrator) with relevant exposure and expertise in IT Security, in several of the following technologies: Linux and Windows operating systems, web-technologies (encryption, HTTP, REST), networking, cloud environments
- Working knowledge of technical and organizational aspects of information security, e.g. regarding detection of and reaction to intrusion attempts / attacks in IT applications, systems, and networks.
- Expert knowledge of fundamental Threat Intelligence concepts (terminology, tools, processes, etc.). Experience with formal aspects of Threat Intelligence (e.g. ACH, analytical biases, etc.) is a plus.
- Experience with common threat intelligence models, tools, sources, and feeds.
- Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.
- Significant experience conducting intelligence analysis, including social network analysis, targeting, technical analysis, attribution etc.
- Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic.
- Understanding of technical and human aspects of cyber threats and security.
- Deep and current knowledge of most common OSINT tools and techniques, including social network monitoring and dark web networks (TOR, I2P, etc.).
- Experience tracking threat actors or comparable types of cyber investigations.
- Basic knowledge of relevant laws, regulations, policies, and ethics related to cybersecurity and privacy topics. Advanced knowledge of regional (e.g. GDPR) or sector-specific (e.g. HIPAA) laws and regulations is a plus.
- Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain, Diamond model or MITRE ATT&CK.
- Familiarity with Incident Handling-related topics.
- Application Security Risks (e.g., OWASP Top 10 list).
- Expert knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Experience with Malware analysis, sandboxes, and reverse engineering tools.
- Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq).
- Bachelor degree in STEM studies (required). A Master degree (or higher academic title) in computer science or cyber security topics is highly desirable but might be traded-off for relevant experience.
- At least 5 years of relevant work experience in at least one of the following areas: Cyber security operations, Incident Response, IT Forensics.
- At least 3 years of working experience in the area of Cyber Threat Intelligence.
- Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GCTI, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.
- Negotiation skills and ability to set and track priorities and deadlines.
- Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
- Able to structure complex problems and find practicable solutions to those.
- Team player but also able to work on an individual basis.
- Self-learning and curiosity to keep pace with ever-evolving cybersecurity developments are highly appreciated.
- Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.
- Ability to interact with both technical experts and non-technical staff in exceptional situations to ensure correct actions are taken and communication partners collaborate
- Ability to present and explain complex technical topics to both management and technical experts
- Ability to work in a self-guided and result-oriented fashion with the clear desire to become an acknowledged technical expert in your own area of expertise
Company: Siemens, S.A. de C.V.
Experience Level: Experienced Professional
Job Type: Full-time