Cybersecurity Professional

Job description, responsibilities and duties

Position Overview
The successful candidate for this position will be responsible for engaging development organizations in the implementation of the Siemens Healthineers cybersecurity program for medical devices and related products, solutions, and services. Based on learnings from working with the organizations, the candidate will leverage their cybersecurity expertise to develop and deploy work products that strengthen the Siemens Healthineers cybersecurity program.

Responsibilities

Engaging development teams on implementing cybersecurity throughout the development lifecycle
• Recommending best practices for implementing cybersecurity
• Facilitating threat modeling

Strengthen the Siemens Healthineers cybersecurity program
• Assessing development teams for process assurance
• Reviewing source code to ensure proper implementation of security controls
• Supporting audit teams with cybersecurity expertise
• Developing guidance that enables the development teams
• Developing and delivering cybersecurity training modules to internal teams
• Developing special topic presentations to be delivered internally
• Travel approximately 15%, including international travel

Required Knowledge, Skills, Education, and Experience
• Solid understanding of the elements of a secure development lifecycle, such as threat modeling, secure architecture and design patterns, application of security tools (e.g. what is the purpose of security tool types (SAST, SCA, DAST, Vulnerability Scanning, fuzzing), and security testing
• Solid understanding of implementation of security controls at all levels: secure coding, integration of security devices (e.g. firewalls), endpoint security (e.g. allow-listing)
• Solid understanding of automation in the software delivery pipeline and the integration of security testing tools
• Software development experience to enable implementation reviews of security controls
• Interpretation of identified security vulnerabilities to properly advise product teams for remediations
• Strong writing and presentation skills
• Solid virtual teaming experience (Microsoft Office 365 and Teams)
• Undergraduate or graduate degree in a related field

Preferred Knowledge/Skills, Education, and Experience
• Experience with technical security concepts including recognized certifications
• Experience with secure development lifecycle processes
• Understanding of medical device cybersecurity
• 3 to 5 years of cybersecurity experience

Required education, skills and personality requirements

Required education
University education (Bachelor's degree)
University education (Master's degree)
Postgraduate (Doctorate)

Language skills

We offer

• Variable and Christmas bonus
• Hybrid type of work – combination of telework and work from office
• Flexible Working Hours
• Bridge days – free extra paid leave 6 days per year
• 3 sick days per year (no doctor’s permit needed)
• In case of sickness 100% salary reimbursement 20 days/ year, this includes max. 10 days/ year for of family care
• Additional pension plan
• 300 EUR for regeneration of work force via cafeteria system
• Wellbeing program – Psychological, Legal and Financial Councelling
• Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)
• Retention program (work anniversary, life anniversary, employee loans)
• Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
• Adjustable standing desk as a standard
• Participation on world famous IT conferences like Microsoft IGNITE for best employees
• Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)