Product and Solution Security Expert and Cybersecurity Analyst – Smart Buildings – Remote

>>THIS IS A REMOTE POSITION THAT CAN BE LOCATED ANYWHERE IN THE U.S.<<

Here at Siemens, we take pride in enabling sustainable progress through technology. We do this through empowering customers by combining the real and digital worlds. Improving how we live, work, and move today and for the next generation! We know that the only way a business thrives is if our people are thriving. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you?

Our Smart Buildings help to create efficient, safe, adaptable, and responsible environments. Our aim isn’t just about improving buildings; it’s about creating perfect places that improve people’s lives.

Transform the everyday with us!

Product and Solution Security Experts and Cybersecurity Analyst help make the products, solutions, and services offered to Siemens’ customers secure while working to mitigate risk to Siemens and our customers by implementing standards-aligned cybersecurity solutions across the Siemens organization.

• This role supports the Siemens Smart Infrastructure Buildings U.S. business and reports to the Product and Solution Security Officer (PSSO).
• In this role you will be a key cybersecurity expert and coordinate with a wide range of stakeholders to secure the products, solutions, and services Siemens delivers to its customers while improving the security posture of the Siemens Smart Infrastructure Buildings organization.

As a Product and Solution Security Expert and Cybersecurity Analyst you will:

• Develop, implement, and maintain organizational policies and processes to implement security controls and improve the posture of the organization while supporting the execution of business activities and priorities.
• Develop, implement, and monitor cybersecurity improvement initiatives such as process optimization, process documentation, tool testing and implementation, and training development.
• Analyze and report on cybersecurity-related market requirements including government regulations and executive orders, industry standards, and customer requirements.
• Respond to cybersecurity incidents and events including performing forensic reviews, incident remediation, communication coordination, and post-incident posture improvements.
• Analyze contractual and legal requirements including, reviewing customer and supplier contracts, providing interpretation and guidance to business stakeholders, and coordinating with legal counsel.
• Manage supply-chain security assessments, including coordinating with procurement and business stakeholders, gathering assessment information, assessing supplier posture, updating analysis and tracking tools, and manage supplier posture improvement implementation.
• Develop and implement special projects and initiatives to resolve specific cybersecurity challenges faced by Siemens Smart Infrastructure Buildings.
• Analyze business practices and priorities including, collaboration with organizational stakeholders and propose new processes to implement enterprise security requirements.
• Develop and maintain security maturity data, reporting, and awareness processes.
• Implement and maintain Product and Solution Security practices across teams to ensure secure development, design, and maintenance of Siemens Products, Solutions, and Services including execution of risk classifications, assessments, threat and risk analysis, and mitigation implementation.
• Support sales and operational activities including supporting customer calls, developing presentations, coordinating with customer security stakeholders, supporting solution deployments, and troubleshooting issues.
• Manage implementation of enterprise risk management activities including, risk classification, system security plan development, mitigation implementation, and posture monitoring.
• Develop and support customer security programs including analyzing customer requirements, coordinating with third-party professional services providers, writing customer policies/documentation, and managing security program activities.
• Support the development and delivery of cybersecurity services such as standards-based gap assessments, vulnerability reporting, and intrusion detection/response.
• Support implementing hardening mitigations and related settings for servers, workstations, applications, systems, and devices.
• Support answering cybersecurity questionnaires and assessments related to Siemens’ products, solutions, and/or services.
• Support security-related certification processes including ISO 2700x, IEC 62443, and SOC II
• Work independently to drive organizational change, take responsibility, and constantly strive to advocate for improving security across all aspects of the organization.
• Support the development of applications and tools to automate and streamline security-related processes and activities including solutions built on Microsoft PowerPlatform (PowerApp, PowerAutomate, PowerBI) and similar low-code platforms.

You will make an impact with these qualifications:

Basic Qualifications:

• 3-4+ years of experience in a cybersecurity-related field, including experience with common cybersecurity operational activities such as incident management, vulnerability management, and threat and risk management.
• 2-3+ years of experience in process improvement and documentation.
• 2-3+ years of experience working with standards-based assessments, system security plans, and related documentation
• 2-3+ years of experience with common cybersecurity technologies including, but not limited to; firewalls, IDS/IPS, HIDS/HIPS, EDR, vulnerability scanners, and SIEM.
• 1-2+ years of work experience designing, implementing, and/or maintaining solutions composed of multiple technical systems, IT/network components, and cybersecurity controls.
• 1-2+ years of experience collaborating with others across teams and organizational groups with a focus on working well with individuals and groups from diverse backgrounds, and with varying levels of technical proficiency.
• 1-2+ years of experience with designing best-practice cybersecurity architectures including, but not limited to; trust boundary and segmentation design, DMZ designation, network tap and traffic collection.
• Strong verbal and written English language communication skills, including proficiency in technical writing and documentation.
• Advanced level experience and ability working with Microsoft Office products including Excel, Word, and PowerPoint.
• Desire to learn new skills and technologies and ability to apply past experiences to new situations to quickly understand and work with unfamiliar technologies.
• Familiarity with common cybersecurity standards and best practices, such as NIST SP 800-53, CIS Controls, ISO/IEC 2700x, and the NIST Cybersecurity Framework.
• Familiarity with the process of obtaining cybersecurity certifications against common standards and understanding of required technical activities to support certification.
• Willingness and ability to attend cybersecurity-related training and educational events.
• Willingness and ability to attain cybersecurity-related technical and/or process certifications.
• Familiarity with common cybersecurity requirements and practices of the U.S. federal government, such as Executive Order 14028 and the Risk Management Framework (RMF).
• Travel: up to 30% travel required in the U.S. and Canada.
• Legally authorized to work in the United States on a continual and permanent basis without company sponsorship

Preferred Qualifications:

• Strong capability to develop and maintain Microsoft PowerPlatform applications and tools (PowerApp, PowerAutomate, PowerBI, etc.)
• Relevant cybersecurity and/or technology certifications and/or training
• Familiarity with Microsoft Office, including advanced knowledge of Excel, PowerPoint, and Word
• Familiarity with common Cybersecurity and IT design and execution tools such as Visio, Iris Intangi, and project management software
• Experience in a customer service role and ability to effectively communicate technical topics to non-technical audiences.

You’ll benefit from: 

• Siemens offers a variety of health and wellness benefits to our employees. Details regarding our benefits can be found here: https://www.benefitsquickstart.com/siemens/index.html
• The pay range for this position is $112,490 – $192,840 and the annual incentive target is 10% of the base salary. The actual wage offered may be lower or higher depending on budget and candidate experience, knowledge, skills, qualifications and premium geographic location.