Product & Solution Security Expert (PSSE)
Internship Abu Dhabi, UNITED ARAB EMIRATES
Job description
Job Description
The Product & Solution Security Expert (PSSE) supports and consults the project leaders in implementing the required product & solution security (software and hardware) and to support project teams in conducting the corresponding security activities during the development process, project management process and / or services.
The Product & Solution Security Expert needs to be specialized in at least one of six different areas: Secure Architecture & Design, Secure Implementation, Security Testing, Secure Project Integration, Secure Manufacturing or Secure Services.
The Product & Solution Security Expert securely builds and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems regarding system security. He/she defines and establishes zones and conduits taking physical security concerns into account. He/she prepares and performs security handover of complex systems to customers.
Define Regulations & Support Implementation:
· Support of the project leader during the planning of security relevant activities in the project
· Support the project leader to build up required competencies for product & solution security within the project team
· Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
· Specification and maintenance of secure coding, secure design guidelines
· Specification and maintenance of configuration and hardening guidelines (e.g. for Siemens products and third party components and manufacturing equipment)
· Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration
· Ensure IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration)
· Review of documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
· Guide Technological Aspects:
· Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project
· Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization
· Evaluation of third party components regarding product & solution security
· Clearance of implementation and documentation of security critical components (e.g. cryptographic functions, hidden function, firewall settings)
· Verification of implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test). This includes recommendation and creation of security testing tools
· Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers)
· Identify security vulnerabilities, and to evaluate the effectiveness of remediation measures. This includes recommendation and creation of security testing tools
· Involvement in the analysis and handling of security vulnerabilities & incidents.
· Support Communication:
· Exchange experiences with internal and external product & solution security community and monitor standards and trends
· Contact person for product management, supply management (e.g. during contract negotiation) for security topics
· Support for communication with customer (e.g. security-relevant information and available security updates)
· Represent customer project towards customers security representatives, align with customer's security and risk strategy
Measure & Report:
· Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates)
· Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material).
Education and Training:
· Degree in Computer science or electrical engineering or IT security, certification program Certified Information Systems Security
· Professional (CISSP) and Certified Secure Software Life cycle Professional (CSSLP) is helpful
· Is successfully working as solution engineer or security consultant
· Has minimum 3 years experience in one of the fields of professional experience
· Has successfully worked as a technical team lead at least for 2 years (development teams)
Organization: Gas and Power
Company: Siemens LLC
Experience Level: Experienced Professional
Job Type: Full-time