The Cloud Security Architect should understand the Siemens Information Security and drive the adherence for the cloud. He should be the responsible stakeholder for the implementation of the cloud security concepts. He should make sure that all security measures are taken care and audited on a regular basis.
Task and Responsibilities:
· Understand Siemens information security requirements and drive adherence for cloud workloads.
· Implement cloud security solutions using native Azure cloud services, as well as 3rd party cloud security services.
· Guides internal customers on cloud security practices and help implement security in cloud workloads.
· Work with information security teams and stakeholders in Siemens Healthineers to drive cloud security.
· Evaluate new security solutions & managed security services to help secure cloud environments, mostly Azure and AWS.
· Implement a tools driven and highly automated approach to deliver our key security management processes by exploiting investment in existing tooling (e.g. ServiceNow, etc.) and / or identify new tooling.
· Respond to and, when appropriate, resolve or escalate security incidents
· Report unresolved security exposures, misuse of resources and noncompliance situations using defined escalation processes.
· Assist and train team members in the use of cloud security tools and the resolution of security issues
· Develop and maintain documentation for security systems and procedures
· Collaborate within organization to build secure IaaS, PaaS & SaaS environments for Azure.
· Actively involve in cloud environment threat hunting using manual and automated tools
· Build working relationships with Siemens Healthineers and business teams
· Implement security utilities and tools for internal use that enable you and your colleagues to operate at high speed and wide scale.
· Evaluate security technologies for cloud environments in order to implement controls in the most streamlined and integrated manner
· Implement cloud security solutions to enable production security operations (SOC)
· Deploy compliance solutions for large-scale cloud environments using container and microservice technologies
· Craft and evangelize secure cloud platform & product requirements
· Communicate security risks and solutions to business partners, platform & product teams
· Embrace a culture of continuous service improvement and service excellence
· Stay current on security industry trend
· Overall 10+ years experience in Technology with extensive experience in cloud solutions (Azure)
· Extensive experience in cloud based DDoS protection services
· Knowledge of network based, system level, and application layer attacks and mitigation methods
· Experience with the implementation of security solutions in an enterprise cloud based environment
· Experience with a broad range of security technologies including, SAST, DLP, IDS/IPS, IAM, Certificate Management
· Knowledge of Azure security strategies and tools
· Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
· Ability to clearly and effectively communicate concerns, issues to other teams
· Experience in developing, documenting, and maintaining security procedures
· Bachelor's Degree in Computer Science or related field or equivalent experience.
· Azure certification along with other security certifications such as CISSP, SSCP is a plus
· The candidate will apply their experience building reliable, scalable, secure data driven process automation for managing compliance
Competences and Behaviors:
· Highly self-motivated with the ability to identify areas of focus and tackle new challenges with or without direction.
· Must be able to communicate effectively and build solid relationships with individuals at all levels, in multiple geographies and business functions.
· Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;
· Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders
· Excellent oral and written communication skills and exceptional interpersonal skills.
· Demonstrated ability to work under pressure.
· Ability to work within a dynamic and fast paced international environment
· Ability to build rapport with other team members and relevant teams
· Very good communications, presentation and negotiations skills
· Technically innovative, able to express technical and non-technical concepts in clear verbal and written English
· Very good written skills to document complex concepts in a comprehensive, yet readable manner
· Encourages people to be open and share their views
· Considers a range of options that meet the needs of all stakeholders
· Ability to use own initiative to solve technical problems
· Delivery Focused
· Takes responsibility for projects and strategic initiatives
· Demonstrate clear and measurable results through the development of KPIs, goals and milestones
· Ambitious and competitive
· Drive innovation and best practice
· Strive for standardization and simplification in all aspects of work
· Able to balance the needs of the business against the desire for the best solution possible
Soft skill SLF Requirements:
· Business Results Orientation (0)
· Strategic Innovative Orientation (0)
· Leadership (+)
· Collaboration & Customer Orientation (++)
· Change Management (0)
· Intercultural Sensitivity (+)
· Value Orientation (+)
· Team Development (++)
· Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality
· Ability to use initiative when needed
· Excellent communication skills (both written and verbal)
· Quick learner and efficient ability to get into new technologies and architectures
• Adjustable standing desk as a standard
• MSDN license for each developer with prepaid access to AZURE
• Free access to PLURALSIGHT – the WBT platform
• Team building program - 2 days adventure offsite meeting for all employees every year, Christmas party, extra budget for team building events
• Participation on world famous IT conferences like Microsoft IGNITE for best employees
• Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)
• Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
• Health program (contracted wellness providers, sport centers, salary reimbursement in case of illness)
• Retention program (work anniversary, life anniversary, additional pension plan, employee loans)
• Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)
Organization: Siemens Healthineers
Company: Siemens Healthcare s.r.o.
Experience Level: Experienced Professional
Job Type: Full-time