Cybersecurity Operations - Vulnerability Management Specialist

Job description, responsibilities and duties

The Vulnerability Management Specialist will be responsible for supporting and maintaining processes related to the lifecycle of IT and OT vulnerabilities. The Vulnerability Management Specialist has coordination responsibilities for monitoring and supporting remediation and mitigation of vulnerabilities at Siemens Healthineers.

Tasks and Responsibilities:
The position will bring a mix of the following tasks and responsibilities:
• Drive the continuous improvement of the vulnerability management process
• Assist users and customers with remediation of findings/vulnerabilities
• Work in close collaboration with stakeholders and other groups related to vulnerability and patch management processes
• Process, analyze, interpret and prepare reports from security scans
• Participate in Vulnerability Management Taskforces with various stakeholders such as team leads, IT and Security representatives from various country and business units to present, address and discuss required measures and activities
• Support of the incident handling process by preparing and providing data from vulnerability management / vulnerability scanning
• Support in improving the data quality of asset management repositories
• Support the improvement and further development of our reporting tools and platforms

Qualifications:
Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas:
• Technical cybersecurity skills to understand the processes and procedures being carried out
• Experience in IT infrastructure, Active Directory, Patch and Vulnerability Management processes
• Computer networking concepts and protocols, and network security methodologies
• System administration, network, and operating system hardening techniques
• Experience with operating system security controls on common platforms such as Linux and Windows
• Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API
• Basic knowledge of Cloud and IoT/OT environments
• Experience with Asset Management/Inventory systems

Additionally:
• 4+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable
• Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable

Personality Traits:
• Communication skills to speak with confidence and ownership mindset to different international stakeholders, e. g. service providers, internal customers & IT groups
• Negotiation skills and ability to set and track priorities and deadlines.
• Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
• Team player but also able to work on an individual basis.
• Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
• Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.

Soft Skills SLF Requirements:
• Collaboration & Customer Orientation (++)
• Change Management (+)
• Intercultural Sensitivity (+)
• Team Development (+)
• Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality (++)
• Ability to use initiative when needed (self-motivation and proactive attitude) (++)
• Excellent communication skills (both written and verbal) in English (++)
• Quick learner and aptitude to get into new technologies and architectures (++)

Required education, skills and personality requirements

Required education
University education (Bachelor's degree)
University education (Master's degree)

Language skills

We offer

• Adjustable standing desk as a standard
• MSDN license for each developer with prepaid access to AZURE
• Free access to PLURALSIGHT – the WBT platform
• Team building program - 2 days adventure offsite meeting for all employees every year, Christmas party, extra budget for team building events
• Participation on world famous IT conferences like Microsoft IGNITE for best employees
• Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)
• Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
• Health program (contracted wellness providers, sport centers, salary reimbursement in case of illness)
• Retention program (work anniversary, life anniversary, additional pension plan, employee loans)
• Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)