Siemens

Autres

★★★★ Avis

Découvrir
ce recruteur

Product & solution security expert (psse) H/F

11 mai Yvelines, Vélizy-Villacoublay CDI

Premier groupe européen de haute technologie, Siemens est présent en France depuis plus de 160 ans.
Anticipant les grandes tendances de notre société que sont l'augmentation de la population, l'urbanisation croissante et la nécessaire protection de l'environnement, nous donnons la priorité à l'innovation dans l'industrie, l'énergie et la santé.

Responsibility:
PSSE is involved in several domains as secure project integration, secure architecture and design, security testing and secure services.
PSSE can support multiple projects at the same time and should occupy the function for the main part of is defined working time. The PSSE reports to the Project / Functional Lead and the Product & Solution Security Officer.
 Secure Project Integration
The Product & Solution Security Expert securely builds and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems with regard to system security. He/she defines and establishes zones and conduits taking physical security concerns into account. He/she prepares and performs security handover of complex systems to customers.
Secure Architecture and Design
The Product & Solution Security Expert f is primarily involved in the architecture and design phase of products, systems and solutions. He/she is also acting as the interface between product management and development.
He/she defines secure design principles. The PSSE supports the development of architecture and design that meet the security requirements and follow the secure design principles. The PSSE supports selection of secure suppliers and technologies and the development of  secure configuration standards. In addition it is important to address secure integration of Siemens or third party components, and customer-specific security mechanisms like domain controllers. Moreover, security topics such as IDS, security patch management or Anti-Virus systems have to be considered.
Secure Services
The Product & Solution Security Expert supports service managers to securely develop and operate any service type (esp. Field Services and Software Services). He/she ensures that security is adequately reflected in skills, processes and technologies (tools, platforms) used for service delivery. He/she continuosly monitors and evaluates the effectiveness of the security measures and supports in incident handling.  He/she is responsible for implementation of the requirements of the PSS Guide into the respective service.
Security Testing
The Product & Solution Security Expert  is primarily involved in the testing of products, systems and solutions. During the test, the PSSE supports the verification of security requirements and conducts penetration tests to identify security vulnerabilities. Moreover, he/she evaluates the effectiveness of defined measures based on threat and risk analysis.
Define Regulations & Support Implementation:
- Support of the project leader during the planning of security relevant activities in the project
- Support the project leader to build up required competencies for product & solution security within the project team 
- Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
- Specification and maintenance of secure coding, secure design guidelines.
- Specification and maintenance of configuration and hardening guidelines (e.g. for Siemens products and third party components and manufacturing equipment). 
- Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration
IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration). 
- Review of documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
Guide Technological Aspects:
- Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project.
- Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization (may be subcontracted but PSSE has to supervise in this case).
- Evaluation of third party components regarding product & solution security. 
- Clearance of implementation and documentation of security critical components (e.g. cryptographic functions, hidden function, firewall settings)  
- Verification of implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test).
This includes recommendation and creation of security testing tools. 
- Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.  
- Involvement in the analysis and handling of security vulnerabilities & incidents.
Support Communication:
- Exchange experiences with internal and external product & solution security community and monitor standards and trends.
- Contact person for product management, supply management (e.g. during contract negotiation) for security topics. Support for communication with customer (e.g. security-relevant information and available security updates).
- Represent customer project towards customers security representatives, align with customer's security and risk strategy.
Measure & Report:
- Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates).
- Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material)
External / Internal Contacts :
> internal: Security Network, (Chief) Product & Solution Security Officer, Product / Solution Security Experts within the own and other business units, Requirements Engineer, Project Manager, Developer,Testmanager, Product Manager, System
Architect, Manufacturing, CISO
> external: Security Community, External companies (collaboration, standardization), Customer's security representatives
Experience:
> Business Cycle Experience:   PSSE may work in any business cycle      
> Business Type Experience:    PSSE may work in any business type      
> Organizational Experience:    Division? Cluster / Country      
> International Experience:      "International Exposure,Has worked and lived abroad: optional.
                                                  Has cooperated in international teams: Recommended"
Education and Training :
> Degree in Computer science or electrical engineering or IT security, certification program Certified Information Systems
Security Professional (CISSP) and Certified Secure Software Life cycle Professional (CSSLP) is helpful      
> Is successfully working as solution engineer or security consultant      
> Has minimum 3 years experience in one of the fields of professional experience      
> Has successfully worked as a technical team lead at least for 2 years (development teams)
> Is completly fluent in French and English
Requisition ID: 292470
Organization: Building Technologies
Career Level: Experienced Professional
Full time only

The Product & Solution Security Expert (PSSE) supports and consults the project leaders and regional experts in implementing the required product & security (software and hardware)  in conducting the corresponding security activities during the development process, project management process and / or services.
Areas of Responsibility:
PSSE is involved in several domains as secure project integration, secure architecture and design, security testing and secure services.
PSSE can support multiple projects at the same time and should occupy the function for the main part of is defined working time. The PSSE reports to the Project / Functional Lead and the Product & Solution Security Officer.
 Secure Project Integration
The Product & Solution Security Expert securely builds and structures complex customer project solutions based on components and solution elements from Siemens or 3rd party production. She / he defines, supervises and tests the components/ subsystems with regard to system security. He/she defines and establishes zones and conduits taking physical security concerns into account. He/she prepares and performs security handover of complex systems to customers.
Secure Architecture and Design
The Product & Solution Security Expert f is primarily involved in the architecture and design phase of products, systems and solutions. He/she is also acting as the interface between product management and development.
He/she defines secure design principles. The PSSE supports the development of architecture and design that meet the security requirements and follow the secure design principles. The PSSE supports selection of secure suppliers and technologies and the development of  secure configuration standards. In addition it is important to address secure integration of Siemens or third party components, and customer-specific security mechanisms like domain controllers. Moreover, security topics such as IDS, security patch management or Anti-Virus systems have to be considered.
Secure Services
The Product & Solution Security Expert supports service managers to securely develop and operate any service type (esp. Field Services and Software Services). He/she ensures that security is adequately reflected in skills, processes and technologies (tools, platforms) used for service delivery. He/she continuosly monitors and evaluates the effectiveness of the security measures and supports in incident handling.  He/she is responsible for implementation of the requirements of the PSS Guide into the respective service.
Security Testing
The Product & Solution Security Expert  is primarily involved in the testing of products, systems and solutions. During the test, the PSSE supports the verification of security requirements and conducts penetration tests to identify security vulnerabilities. Moreover, he/she evaluates the effectiveness of defined measures based on threat and risk analysis.
Define Regulations & Support Implementation:
- Support of the project leader during the planning of security relevant activities in the project
- Support the project leader to build up required competencies for product & solution security within the project team 
- Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
- Specification and maintenance of secure coding, secure design guidelines.
- Specification and maintenance of configuration and hardening guidelines (e.g. for Siemens products and third party components and manufacturing equipment). 
- Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration
IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration). 
- Review of documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
Guide Technological Aspects:
- Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project.
- Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization (may be subcontracted but PSSE has to supervise in this case).
- Evaluation of third party components regarding product & solution security. 
- Clearance of implementation and documentation of security critical components (e.g. cryptographic functions, hidden function, firewall settings)  
- Verification of implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test).
This includes recommendation and creation of security testing tools. 
- Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.  
- Involvement in the analysis and handling of security vulnerabilities & incidents.
Support Communication:
- Exchange experiences with internal and external product & solution security community and monitor standards and trends.
-