Siemens

Role Summary

As a Cyber Security Engineer, you will be responsible for ensuring the security of software and hardware products across their development lifecycle. You will work collaboratively with product teams, architects, developers, and regulatory stakeholders to identify vulnerabilities, implement secure development practices, and ensure compliance with industry standards and cybersecurity regulations. The role combines hands-on technical assessment (such as penetration testing, static/dynamic analysis) with strategic activities such as threat modeling, risk analysis, and security governance.

Key Responsibilities

1. Security Analysis & Testing Identify and analyze security vulnerabilities in applications and systems using:

• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Penetration Testing (manual and automated)
• Reverse Engineering (as needed)
• Open-source component scans and SBOM generation
• Automate vulnerability assessment and penetration testing where applicable.
• Provide technical recommendations for mitigating identified risks.

2. Secure Development Lifecycle Support

• Collaborate with development and product teams to integrate security throughout the SDLC.
• Support threat modeling, attack surface analysis, and security risk assessments.
• Contribute to secure architecture and design decisions.
• Define, review, and improve security-related acceptance criteria and Definition of Done.

3. Governance, Risk, and Compliance

• Support product and solution release processes with a security lens.
• Ensure compliance with relevant cybersecurity standards and regulations including:
• ISO/IEC 27001, IEC 62443, NIST SP 800 series, FDA pre/postmarket guidance, HIPAA/HITECH, IEC 81001-5-1, etc.
• Perform or support security reviews and documentation for audits, regulatory submissions, and customer queries.

4. Security Awareness and Enablement

• Develop and deliver security training, awareness programs, and workshops for developers and project stakeholders.
• Create and maintain security guidelines, patterns, and reusable components.
• Serve as a point of contact for security-related questions during development and support phases.

5. Incident and Risk Management

• Participate in security incident analysis and support incident response efforts.
• Assist in root cause analysis and post-incident improvements.
• Monitor vulnerability databases and threat intelligence sources for emerging risks.

6. Collaboration & Continuous Improvement

• Collaborate with Product Owners, Architects, Project Leads, and Regulatory Affairs.
• Collect and share security-related lessons learned.
• Participate in internal and external security communities and contribute to security maturity efforts.

Skills and Qualifications

Required:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Engineering, or a related field.
• Strong knowledge in application and system-level security.
• Hands-on experience with tools such as Burp Suite, OWASP ZAP, Checkmarx, SonarQube, Snyk, Fortify, etc.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, CVSS, and secure coding practices.
• Scripting experience in Python, Bash, PowerShell, etc., for automation.

Preferred:

• Experience in the healthcare domain or regulated environments.
• Familiarity with standards such as IEC 62443, ISO 27001, NIST, FDA guidance for cybersecurity.
• Experience with DevSecOps, CI/CD security integration, and software supply chain security.
• Security certifications such as:
• CISSP, CSSLP, OSCP, CEH, GWAPT, or Certified AppSec/Network Practitioner