Product and Solution Security Expert
Siemens
Job Description
Job ID
Company
Organization
Job Family
Experience Level
Full Time / Part Time
Contract Type
加入西门子,共创明日世界!
西门子数字化工业集团 (Digital Industries, DI) 是工业自动化和数字化领域的创新者。我们通过数字化企业解决方案,将现实世界和数字世界无缝连接,并借助全面的“数字孪生”实现持续的循环优化。同时,我们利用无限数据,赋能无限契机,助力快速确信的决策,为工业企业转型和可持续发展注入加速度
在传感器与通讯业务单元,我们期待产品与解决方案网络安全专家人才可以推动网络安全领域发展。
你将在这些领域发挥影响:
- 及早识别信息处理资产中的风险和漏洞,并制定相应对策。分析现有应用程序和测试程序,与程序员合作从网络安全角度优化这些程序。
- 培训和指导工厂程序员在其应用程序和测试程序中考虑安全性方面。制定并维护工厂的"安全编码"和"安全设计指南"。
- 审查开发和建设过程中创建的文档(如威胁和风险分析结果、需求规范、架构和设计、测试规范、用户文档等),确保产品和解决方案的安全性。
- 开发功能测试程序、生产软件和数据库以及生产自动化实现。根据技术规范定义软件设计;制定软件测试规范和软件文档。设置生产计算机和程序,包括认证和测试。支持研发完成生产样品测试。
- 将本地源代码迁移至code.siemens,创建CI/CD流程,实施mend.io/依赖检查器和SonarQube,确保自动化漏洞管理和代码测试。
- 与本地ISP合作,制定第三方软件或组件的采购、下载等工作指导。与本地ISP共同创建工厂网络安全报告,每月更新以显示进展,并与管理层和GFN CSO沟通。
你需要具备的品质:
- 具有软件开发或软件编程学士等相关学位。
- 具有3年以上软件开发经验,并具备软件安全经验。
- 具备强大的编码能力,在C#、Java等编码实践、工具和语言方面有多年经验。
- 熟悉国际标准如IEC 62443或ISO 27001。
- 至少专精于以下领域之一:架构和设计、安全实施、安全测试、安全项目集成、安全制造、安全服务、网络安全服务、网络安全治理。
- 具有网络安全专家相关工作经验,熟悉传统和敏捷需求管理,具有协调角色经验,善于在项目参与者之间进行调解。
- 英语流利,能与本地和国际合作伙伴及同事交流。
- 有工厂环境工作经验者优先。
你将得到这些收获:
- 丰厚的福利待遇,长期关怀的企业年金计划、灵活配置的商业保险、共同成长的员工股票计划等
- 系统化的职业发展平台,多方面的课程资源与发展工具,从自身优势出发,个性化定制你的成长路径
- 多元包容的企业氛围,和欣赏的人做喜欢的工作
- 带薪享超长15天+年假,还有圣诞假等额外福利
- 多种志愿者和社群活动,为你拓展职业网络,提供跨业务领域的交流机会,找到志同道合的伙伴
- 了解更多:https://new.siemens.com/cn/zh/company/jobs.html
加入西门子,一起共创明日世界!
西门子明确承诺企业的商业活动应着眼于未来,可持续发展是西门子业务不可或缺的组成部分。自2019年以来,我们已将自身运营中产生的碳排放量减少约46%,并设定2030年的二氧化碳减排目标为相比2019年减少90%。在中国,西门子入选了 “2022福布斯中国可持续发展工业企业TOP50” 。
我们由不同背景、国籍、专业知识和思维方式的伙伴组成。在这里,你会获得信任和自由,尽情地发挥所长。在这里,你会找到同伴、导师和行业大咖,与你共同创造和成长。如果你拥有好奇心、突破力、创造力,寻找一个平等的发展机会并充分释放自己的潜能,加入我们,做你自己,和我们共创明日世界!探索更多发展可能。
We empower our people to stay resilient and relevant in a constantly changing world. We're looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you'd make a great addition to our vibrant international team.
For our Digital Industries Siemens Sensors and Communication Ltd. in Da Lian, we are looking for a Product and Solution Security Expert to help us drive cybersecurity solutions within Siemens and beyond. We are a highly motivated team and are excited to get to know you.
You'll make an impact by
- You will identify risks and vulnerabilities in information-processing assets at an early stage and derive countermeasures.
- You will analyze existing applications and test programs and work with the programmers to develop measures to optimize them from a cybersecurity perspective.
- You will train and guide the programmers of the plant to take security aspects into account in their applications and test programs.
- Specify and maintain the plant's "secure coding" and "secure design guidelines".
- Review documents created during the development and construction process (e.g., results of threat and risk analysis, requirement specifications, architecture and design, test specifications, user documentation) with regard to the security of products and solutions.
- Develop function test programs, production software, databases, and production automation solutions. Define software design to agree on the technical specification, as well as software test specifications and software documentation.
- Setup production computers and programs, including qualification and testing. Support R&D to finish production sample testing.
- Migrate local source code to code.siemens, create a CI/CD pipeline, and implement mend.io/dependency checker and SonarQube to ensure automated vulnerability management and code testing.
- Together with the local ISP, create work instructions for purchasing, downloading, etc., third-party software or components.
- Create a cybersecurity report for the factory together with the local ISP, update it monthly to show progress, and communicate with management and GFN CSO.
Your defining qualities
- You have a Bachelor's degree in Software Development or Software Programming.
- You have more than 3 years of experience in software development and have experience with software security.
- Strong coding skills and years of experience in coding practices, tools, and languages such as C#, Java, etc.
- You already have good experience and a confident handling of international standards such as IEC 62443 or ISO 27001.
- You specialize in at least one of the following areas: architecture and design, secure implementation, secure testing, secure project integration, secure manufacturing, secure services, cybersecurity services, cybersecurity governance.
- You already have experience in the activities of a cybersecurity expert, are familiar with classic and agile requirements management, have experience in coordinative roles, and are proficient in mediating between project participants.
- You are fluent in English for contact with local and international partners and colleagues.
- Experience working in a factory environment will be a plus.
You'll benefit from
- Diverse and inclusive culture, doing the work you like with people who appreciate it
- Systematic career development platform, various training courses, and online learning resources for you to help you tailor your growth path based on your strengths
- 15 days+ annual leaves, with additional benefits such as Christmas leave
- Generous benefits package, long-term care corporate annuity plan, flexible allocation of commercial insurance, employee stock sharing matching plan for mutual growth, etc.
- Find more here
Create a better #TomorrowWithUs!
At Siemens, we are human enthusiasts with a diverse set of backgrounds, skills, interests, and needs, united in a unique mission to create a better tomorrow. We believe in a culture of diversity and inclusion, reflecting a society with various backgrounds, nationalities, expertise, and mindsets. Here, you'll find trust and freedom to excel. Here, you'll find peers, mentors, and savvy people, for co-creating and growing. If you have curiosity, breakthroughs, and creativity, looking for an equal opportunity to grow and unleash your full potential, join us, bring your authentic self, and create a better tomorrow with us. Explore more here.