From digitalization to automation, we’re changing the cities you live in and the places you work.
Knowledge for the world of tomorrow.
For our continuous quality culture, we are looking for an experienced Product and Solution Security Officer (PSSO) driving the Product and Solution Security (PSS) program within the development departments of Siemens Smart Infrastructure Grid Software (SI GSW).
The PSSO (R&D) has the responsibility to actively drive product & solution security across our SI GSW products and solutions to ensure the R&D conformity according to the valid IT/Cyber Security standards and Cybersecurity Governance.
The Product & Solution Security Officer will act as “Continuous Security Agent” and will work with all other “Continuous X Agents” of the Agile Program Management Office (APMO) closely together to realize best practises, state-of-the-art as well as innovative approaches at the agile development teams. In order to achieve this, he/she will establish active community of practises, guilds, or other continuous learning approaches.
In this role the PSSO advises the particular R&D & PLM/PM leads as well as the senior management with regard to IT/Cyber security in cooperation with the SI GSW Cybersecurity Officer.
What part will you play?
- Define Regulations & Support Implementation – Drive the definition of an individual PSS strategy with special focus on R&D development teams
- Based on individual implementation policy of the SI GSW product deployments, steer an improvement program to establish and maintain appropriate processes, methods, and tools in the development teams (e.g., integrate threat & risk analysis, security requirements engineering, secure architecture and design, hardening, secure coding, security testing)
- Drive important IT/Cyber Security initiatives (from proof of Concepts (POC) until productive use) together with PSSEs, R&D agile experts, Release Train Engineers as well as agile teams of our SI GSW products, establishing a sustainable PSS solution for our customers
- Guide technological aspects – Ensure & continuously emphasize the importance of the needs to all the relevant stakeholders (i.e., Product Manager, Product Owner, Architects as well as team leads, etc.), that especially for IT/Cyber Security topics there is the need to establish a continuous learning approach in the development teams
- Measure & Report – Track continuously the status of adherence and application of product and solution security standards, processes, and policies as well as the implementation policy by establishing online Health Check dashboards
- Together with relevant stakeholders decide how to handle identified security risks in products and solutions and define risk acceptance criteria together
- Support Communication – Represent together with the assigned PSSE the R&D department in all product & solution security matters
What do you need to make real what matters?
- You have a bachelor’s degree in computer science, information technology or a comparable field of study and have many years of experience in software development & engineering with in-depth knowledge of IT/Cyber Security requirements
- You bring deep Knowledge of IEC 62443, ISO27000, NIST800 or similar and years of experience with IT / Cyber security in product development, solutions design and OT operations
- You are actively committed to ensuring that the necessary expert knowledge is distributed and “lived” within the organization, e.g., by initiating “communities of practices”, creating concrete “blueprints”, i.e., templates and building blocks
- You convince with good knowledge in the areas of agile development and DevOps principles. Terms like pipelines and container technology are not unknown to you and you know the basic principle of such modern technologies
- Furthermore, you score with experience in agile scaling frameworks such as LESS or SAFe
- You work in an international environment of an agile project and development organization (with different cultures and influences) and excel in quality awareness
- You understand how to efficiently collaborate functionally across organizational and project boundaries and can communicate and convey content and risks to different organizational levels (incl. senior management)
- You communicate in business fluent German and English and are able to get to the point in both languages
- Ideally, you have already been involved in the release of larger software projects or have actively participated in the release process. You find it easy to apply a risk assessment and the corresponding risk management afterwards
What we offer.
- 2 to 3 days of mobile working per week as a future global standard
- Attractive remuneration package
- Development opportunities for both personal and professional growth
- 30 leave days and a variety of flexible working models that allow time off for yourself and your family
- Share matching programs to become a shareholder of Siemens AG
- Find more benefits here
Individual benefits are adapted to meet local legal regulations, the requirements of different job profiles, locations, and individual preferences.
Make your mark in our exciting world at Siemens.
As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.
www.siemens.com/careers – if you would like to find out more about jobs & careers at Siemens.
FAQ – if you need further information on the application process.
Organization: Smart Infrastructure
Company: Siemens AG
Experience Level: Experienced Professional
Job Type: Full-time