Incident Response Specialist / Cybersecurity operations (f/m/d)

Job Description

Do you want to help create the future of healthcare? Siemens Healthineers is a place for people who dedicate their energy and passion to this greater cause. It reflects their pioneering spirit combined with our long history of engineering in the ever-evolving healthcare industry. 

We offer you a flexible and dynamic environment where you have the space to stretch beyond your comfort zone in order to grow personally and professionally. You are also entitled to work from home up to 80% of your time! Sound interesting? 

Then come in and join our team as Incident Response Specialist! (Modelo híbrido teletrabajo - Posibilidad 80% remoto)

Your mission and responsibilities:

As Incident Response Specialist you will join the CSIRT team at Siemens Healthineers, managing Cybersecurity Incidents, providing the necessary technical expertise to contain and remediate them, and driving the continuous improvement of the Incident Response Process.

Task and responsibilities: 

The position will bring a mix of the following tasks and responsibilities:
  • Triage the security events that are escalated by our SOC team.
  • Coordinate and lead Incident Response (IR) taskforces and provide technical expertise, working with different business functions such as IT Operations, HR, Legal, Data Privacy, Corporate Communications and Product Security.
  • Derive immediate mitigation measures for containment, eradication and recovery of cybersecurity incidents and keep track of its implementation progress during incident response task forces.
  • Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
  • Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
  • Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
  • Collect forensic artifacts, analyze, reverse engineer, and document findings on malicious payloads so that indicators of compromise and information about threats origin and intents are properly disseminated and acted upon. 
  • Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring root-cause is properly clarified. Communicate findings and possible improvement measures in an actionable way.
  • Organize lessons learned sessions after the incidents in order to support in the improvement of the current security posture of the company.
  • Collaborate with the rest of the CSIRT team in the creation of IR playbooks.
  • Collaborate with other CSIRT and CERT teams in Incident Response when multiple companies are impacted.


The ideal candidate should bring a mix of expertise in (a subset of) the following areas: 
  • Computer networking concepts and protocols, and network security methodologies.
  • Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of log data and network traffic.
  • Host/network access control mechanisms (e.g., access control list, capabilities lists). 
  • System administration, network, and operating system hardening techniques.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Incident response and handling methodologies.
  • Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  • Network traffic and packet-level analysis.
  • System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Experience doing forensic analysis of both Linux and Windows systems.
  • Experience with Malware analysis, sandboxes, reverse engineering, and tools such as Radare2, OllyDbg, and Hex-Rays IDA Pro.
  • Experience with operating system security controls on common platforms such as Linux, Windows.
  • Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq).
  • Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain or MITRE ATT&CK.
  • Cloud service models and how those models can limit incident response.
  • Application Security Risks (e.g., Open Web Application Security Project Top 10 list).

  • STEM studies are highly desirable but might be traded-off for relevant experience.
  • 5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
  • Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.

Being part of our team: 
Our global team: Siemens Healthineers is a leading global medical technology company. 55,000 dedicated colleagues in over 70 countries are driven to shape the future of healthcare. An estimated 5 million patients across the globe benefit every day from our innovative technologies and services in the areas of diagnostic and therapeutic imaging, laboratory diagnostics and molecular medicine, as well as digital health and enterprise services.
Curious about our culture? Our culture embraces different perspectives, open debate, and the will to challenge convention. Change is a constant aspect of our work. We aspire to lead the change in our industry rather than just react to it. That’s why we invite you to take on new challenges, test your ideas, and celebrate success.

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.

Organization: Siemens Healthineers


Experience Level: Mid-level Professional

Full / Part time: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?