PSSE -- Product & Solution Security Validation
If you really want to make a difference – make it with us
The Digital Industry Division offers a comprehensive portfolio of seamlessly integrated hardware, software, and technology-based services to support manufacturing companies worldwide in enhancing the flexibility and efficiency of their manufacturing processes and reducing the time to market of their products – be it the automotive or aerospace industry, mechanical engineering, or other interesting sectors.
Your mission in new role:
The PSSE (Product & Solution Security Expert) for Security Test is primarily involved in the verification phase of products.
You work together with R&D team, to enhance product & solution security locally in a business organization.
You are responsible for security test strategy and coordinate the system test team to identify security vulnerabilities. Also support security related processes during product development while cooperating with the PSSO (Product & Solution Security Officer) closely.
Your new role – Challenging and future oriented
Support and consult the project leaders in validating the required product & solution security (software and hardware).
Support the planning of Security validation for different industry products (e.g., PLC, IPC, HMI), support the verification of security requirements and conduct penetration tests to identify security vulnerabilities. During the test, evaluates the effectiveness of defined measures based on threat and risk analysis.
Report to the Project / Functional Lead and the Product & Solution Security Officer.
Study State-of-Art security test tool and methodology, help system test team to build the knowledge and capability on general security feature verification.
Execute penetration test and low-level security test with hardware attack, such as glitch attack, Device DMA attack, SPI bus or I2C bus hijack, JTAG debugger and so on.
Support project teams in conducting the corresponding security activities during the development process, project management process and / or services.
Can support multiple projects at the same time and should occupy the function for the main part in defined working time.
Your Qualifications – solid and appropriate
1. Helpful:
Degree in computer science, IT security, electronics, or related fields.
Certification program Certified Information Systems Security Professional (CISSP) or Certified Secure Software Lifecycle Professional (CSSLP) is plus.
2. Expected:
Have at least 2 years of up-to-date practical experience with Product & Solution Security related testing technologies. Knows the details of security-related technologies, methods, and tools. Able to consult and coach colleagues with respect to security testing topics.
Broad experience in security. Being able to estimate security threats and risks.
Familiar with the mechanism of security technology in product, like secure boot, secure update, Trust Zone, Intel TXT, Intel SGX.
Familiar with frequently used cryptographic algorithm such as Symmetric encryption (AES/DES), Asymmetric encryption (RSA/ECC), Digital signature etc.
Programming knowledge with C and Python.
Able to conduct penetration testing at device and system level.
Experienced with security testing tool such as chipsec to conduct low level security testing on device.
3. Recommended:
Good logic analysis and strong ownership. Good communication skill and interculture competence.
Experience with security test with hardware level.
Fluent in English (oral and written).
Organization: Digital Industries
Company: Siemens Ltd., China
Experience Level: Experienced Professional
Full / Part time: Full-time