IT Security Design Engineer

Our Engineering Cybersecurity Specialists are true professionals in terms of thinking outside the box. They explore every possibility when it comes to effective ways of deceiving, circumventing, and weakening IT systems so that they can protect them even more successfully. To this end, they ask questions that have no answers yet and look for gaps where hardly anyone would suspect them. This is crucial for digitalization Join our team and we will foster your continuing professional development and an exchange with colleagues from all over the world. So you may specialize or develop your knowledge as a generalist. One thing is certain: your ideas will not be filed away, but almost always find their way into company practice. Worldwide.

Siemens is looking for cybersecurity specialists for the Engineering Department within the Mobility division. The Engineering Cybersecurity Specialist will be responsible to support and consult the project teams throughout the project’s life cycle to implement the required cybersecurity measures.

The Engineering Cybersecurity Specialist documents and addresses customer project’s information security, cybersecurity architecture, and systems security engineering requirements throughout the project’s life cycle; performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy; and provides cybersecurity guidance to leadership.

**What are my job responsibilities?**

In general terms, the Engineering Cybersecurity Specialist elaborates the customer project specific Information Security Plan, prepares and maintains the Threat and Risk Analysis based on the project specific system architecture, apportions security requirements to subsystems and components, manages and defines security testing and provides specialized support to the project’s team in cybersecurity topics. The Engineering Cybersecurity Specialist is the main interface to Suppliers, Partners and Customers regarding IT security topics, and follows up on Security Vulnerabilities and Incidents of the System/Project.

Secure Architecture:

- The Engineering Cybersecurity Specialist is involved in the architecture and design phase of systems and solutions, and supports the System and Subsystems Managers during detailed design of Security Controls. He/she is also acting as the interface between Project Management, Engineering and R&D regarding security topics. He/she defines secure design principles. The Engineering Cybersecurity Specialist supports the development of architecture and design that meet the security requirements and follow the secure design principles. He/she supports selection of secure suppliers and technologies and the development of secure configuration standards. In addition, addresses secure integration of Siemens or third-party components, and customer-specific security mechanisms like domain controllers. Moreover, security topics such as IDS, security patch management or Anti-Virus systems must be considered.

Secure Project Integration
- The Engineering Cybersecurity Specialist securely builds, and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems with regard to system security. He/she defines and establishes zones and conduits taking physical security concerns into account. The Engineering Cybersecurity Specialist supports the Installation and Site Manager and provides Security Awareness Training for commissioning, installation, operation and maintenance personnel. He/she prepares and performs security handover of complex systems to customers.

Security Testing:

- The Engineering Cybersecurity Specialist is involved in the security testing of systems and solutions. He/she plans the execution of the security testing. During the test, he/she supports the verification of security requirements and conducts/supports the penetration tests to identify security vulnerabilities. Moreover, he/she evaluates the effectiveness of defined measures based on threat and risk analysis.

**Use your skills and abilities to move the world forward.**
- Identifying critical target elements, to include critical target elements for the cyber domain.
- Identifying cyber threats which may jeopardize organization and/or customers’ interests.
- Identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
- Discerning the protection needs (i.e., security controls) of information systems and networks.
- Using risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk.
- Translating operational requirements into protection needs (i.e., security controls).
- Cyber threats and vulnerabilities and how to deal with them.
- Knowledge of orga