Product Safety And Security Engineer

Year    Pune, Maharashtra, India
Siemens
1051 Current Jobs Openings
Apply Now

Job Description




Responsibilities Support project development teams to incorporate appropriate security practices across the development lifecycle (from product / solution concept to release).
  • Risk Management & Compliance - Review documents produced during the development and engineering process (e.g., threat and risk analysis results, requirements specs, arch & design specs, test specs, user documentation) regarding PSS.
  • Threat & Risk Analysis -Identify security weaknesses and vulnerabilities in the product, solution, or service offering, analyze the threats that might exploit these weaknesses or vulnerabilities, and evaluate the resulting risks. Organize & facilitate threat & risk analysis workshops in accordance with organizational processes (including periodic triggering of workshops based on changes to the product and/or changes to the attack surface).
  • Security Requirements - Specify and maintain security requirements for the project. Support for meeting international and regional security standards (e.g., ISA/IEC 62443,) and regional regulations (e.g., GDPR).
  • Secure Architecture - Apply expert knowledge in secure architecture practices (including secure communication & infrastructure security) to analyze & design secure network topologies and evaluate appropriate security products (e.g., VPN gateways, WAF, Malware protection).
  • Secure Suppliers & Components - Evaluate third-party suppliers & components regarding PSS and providing clearance of implementation and documentation of security critical components (e.g., cryptographic functions, hidden functions, firewall settings).
  • Secure Development - Perform code analysis to identify security vulnerabilities and check compliance with secure coding guidelines.
  • Security Testing - Perform verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test). This includes recommendation and creation of security testing tools. Support validation (e.g., friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g., to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.
  • Vulnerability Management - Support project teams to analyze vulnerabilities for their risk, prioritize and suitably mitigate risks to the products
  • Incident Management - Support Product CERT incident handling teams (no direct responsibility)
  • Guidance & Expertise Enhancement - Develop & maintain procedures, guidelines & support tools for projects. Guide development teams in secure web application development, secure software development processes and DevSecOps. Conduct security training and development of training material. Support the development of the PSS community within the organization, with experience exchange internally and externally.
Required Skills And Experience
  • BE/BTech/MTech/MCA in Electronics/Instrumentation/Computer Science.
  • Overall experience of at least 6+ years in Information technology.
  • At least 4 years? experience in defining security controls & measures.
  • Active IT security certifications [IEC 62443(preferred), ISO 27001, CISSP, CSSLP, CEH or equivalent].
  • Up-to-date knowledge on the threat landscape, including capabilities of attackers, available attacker tools, and typical security weaknesses & vulnerabilities.
  • Excellent understanding (conceptual and implementation) of Asset Management incl., Passive & Active Asset Detection and Asset Vulnerability Association.
  • Experience designing and developing secure web applications. Awareness of best practices such as OWASP Web Application Security Standard and OWASP Top-10.
  • Experience in scripting (e.g., python, bash, shell scripts) and ready to learn new technologies.
  • Knowledge on securing containers (esp. Debian based distributions).
  • Experience of benchmarks (e.g., CIS-Security benchmarks and Microsoft security baselines).
  • Knowledge in remote access, malware prevention system, IDS/IPS.
  • Experience in Nessus, NMAP, burp etc.
  • Knowledge of PKI and certificate-based authentication.
  • Knowledge of IIOT and digitalization solutions
  • Excellent communication and influencing skills.

Beware of fraud agents! do not pay money to get a job

MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD3076524
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Pune, Maharashtra, India
  • Education
    Not mentioned
  • Experience
    Year
 
 
Jobs by Function
Popular Job Skills
Popular Industries
Popular Cities
Jobseekers
Employers
Home | About Us | Terms & Conditions | Privacy Policy | Help and FAQ | Contact Us
All rights reserved © 2024.