Offers “Siemens”

Expires soon Siemens

Product & Solution Security Expert (PSSE)

  • Internship
  • Abu Dhabi, UNITED ARAB EMIRATES

Job description

Job Description

The Product & Solution Security Expert (PSSE) supports and consults the project leaders in implementing the required product & solution security (software and hardware) and to support project teams in conducting the corresponding security activities during the development process, project management process and / or services.

The Product & Solution Security Expert needs to be specialized in at least one of six different areas: Secure Architecture & Design, Secure Implementation, Security Testing, Secure Project Integration, Secure Manufacturing or Secure Services.

The Product & Solution Security Expert securely builds and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems regarding system security. He/she defines and establishes zones and conduits taking physical security concerns into account. He/she prepares and performs security handover of complex systems to customers.

Define Regulations & Support Implementation:

·  Support of the project leader during the planning of security relevant activities in the project
·  Support the project leader to build up required competencies for product & solution security within the project team
·  Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
·  Specification and maintenance of secure coding, secure design guidelines
·  Specification and maintenance of configuration and hardening guidelines (e.g. for Siemens products and third party components and manufacturing equipment)
·  Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration
·  Ensure IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration)
·  Review of documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
·  Guide Technological Aspects:
·  Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project
·  Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization
·  Evaluation of third party components regarding product & solution security
·  Clearance of implementation and documentation of security critical components (e.g. cryptographic functions, hidden function, firewall settings)
·  Verification of implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test). This includes recommendation and creation of security testing tools
·  Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers)
·  Identify security vulnerabilities, and to evaluate the effectiveness of remediation measures. This includes recommendation and creation of security testing tools
·  Involvement in the analysis and handling of security vulnerabilities & incidents.
·  Support Communication:
·  Exchange experiences with internal and external product & solution security community and monitor standards and trends
·  Contact person for product management, supply management (e.g. during contract negotiation) for security topics
·  Support for communication with customer (e.g. security-relevant information and available security updates)
·  Represent customer project towards customers security representatives, align with customer's security and risk strategy

Measure & Report:

·  Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates)
·  Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material).

Education and Training:

·  Degree in Computer science or electrical engineering or IT security, certification program Certified Information Systems Security
·  Professional (CISSP) and Certified Secure Software Life cycle Professional (CSSLP) is helpful
·  Is successfully working as solution engineer or security consultant
·  Has minimum 3 years experience in one of the fields of professional experience
·  Has successfully worked as a technical team lead at least for 2 years (development teams)

Organization: Gas and Power

Company: Siemens LLC

Experience Level: Experienced Professional

Job Type: Full-time

Make every future a success.
  • Job directory
  • Business directory