Product & Solution Security Expert (Psse) - Bengaluru, India - Siemens
Description
Role:
Product & Solution Security Expert (PSSE)**:
The world never stands still. And new challenges arise every day.
With a passion for questioning things, for supplying ideas, and intelligently driving things forward we are helping society move towards a more intelligent future.
Be it with technologies that reduce carbon emissions in cities or hyperintelligent robots. This is how we are able, to tackle the most important projects and push them forward together. Help us shape the future.
With our innovative and integrated technology we support our customers in continuously improving the reliability, safety, and efficiency of products, processes and plants.
Can you help us shape the future? We're looking for dedicated people with the skills and vision to build a better tomorrow.
Join team and help us create the technology that will transform entire industries, cities and even countries.Change the future with
The Product & Solution Security Expert (PSSE) for Secure Implementation provides technical consultation to OT product development teams to enable implementation of the required product & solution security.
development/testing on the Linux and Windows environments. The PSSE will function as an expert consultant as part of the PSS CoE, supporting multiple project teams.
Support project development teams to incorporate appropriate security practices across the development lifecycle (from product / solution concept to release).
Risk Management & Compliance, review documents produced during the development and engineering process (e.g., threat and risk analysis results, requirements specs, arch & design specs, test specs, user documentation) regarding PSS.
Threat & Risk Analysis, identify security weaknesses and vulnerabilities in the product, solution, or service offering, analyze the threats that might exploit these weaknesses or vulnerabilities, and evaluate the resulting risks.
Organize & facilitate threat & risk analysis workshops in accordance with organizational processes (including periodic triggering of workshops based on changes to the product and/or changes to the attack surface).
Evaluate third-party components regarding PSS and providing clearance of implementation and documentation of security critical components (e.g., cryptographic functions, hidden functions, firewall settings).
Perform verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test). This includes recommendation and creation of security testing tools.
Support validation (e.g., friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g., to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures).
Support project teams to analyze vulnerabilities for their risk, prioritize and suitably mitigate risks to the products
Support Product CERT incident handling teams (no direct responsibility)
Expertise enhancement, coaching & guiding
Develop & maintain procedures, guidelines & support tools for projects.
Conduct security training and development of training material.
Support the development of the PSS community within the organization, with experience exchange internally and externally.
Demonstrating security concepts by doing PoCs.
Interfacing with Product Management to support in creation of security requirements in product backlog.
What you need to make real what matters
We need a graduate - BE/BTech/MTech/MCA in Electronics/Instrumentation/Computer Science.
Overall experience of at least 10 years in Information technology/Software development.
At least 5 years' experience in defining security controls & measures for IACS/SCADA.
Active IT security certifications (CISSP, CSSLP or equivalent).
Up-to-date knowledge on the threat landscape, including capabilities of attackers, available attacker tools, and typical security weaknesses & vulnerabilities.
Excellent understanding (conceptual and implementation) of Asset Management incl., Passive & Active Asset Detection and Asset Vulnerability Association.
Excellent understanding (conceptual and implementation) of Anomaly Detection (Host & Network) and configuration/implementation/operation of SIEM solutions.
Experience in programming (C, C++, Java, Spring, JavaScript) in Linux & Windows and scripting (e.g., bash scripts) and ready to learn new technologies (e.g., Go).
More jobs from Siemens
-
Executive Bidding
Gurgaon, India - 1 week ago
-
Scm -procurement - Services
Thane District, Maharashtra, India - 6 days ago
-
Team Architect
Bengaluru, India - 2 weeks ago
-
SD Order Cost Controller
Goa, India - 1 week ago
-
Business Administration
Pune, India - 2 weeks ago
-
Process Associate
Bengaluru, India - 2 weeks ago