We are looking for a highly skilled and analytical thinking technical Cybersecurity Policy professional. The main mission of this role is to develop, implement, and maintain technical policies to harden IT systems against potential security threats. The ideal candidate will have a strong background in cybersecurity, system administration, and risk management, with a focus on reducing the attack surface of IT systems and ensuring compliance with the Siemens Cybersecurity Policy Framework and industry standards.What will be your role?Creation and Management of Technical Policies:Develop and maintain security policies, procedures, and guidelines related to systems hardening for various IT and OT systems, including servers, workstations, network devices, and applications.Maintain detailed documentation of hardening measures, configurations, and security changes.Ensure that all hardening activities comply with regulatory requirements and Siemens' Cybersecurity Policy Framework.Collaborate with IT professionals, security teams, and business representative to ensure hardening measures are aligned with Siemens needs.Implementation and Audit:Support automation of the implementation of technical hardening policies (improve existing methodology, create scripts)Support creation of scan policies to proof that systems comply to technical hardening guides (e.g. by scripts).Consulting Support:Provide training and guidance to IT staff on security best practices and hardening techniques.Monitoring and Incident Response:Collaborate with incident response teams to mitigate the impact of security incidents and prevent future occurrences.Your skills and qualifications:Master's degree or similar in information security.Good knowledge of Security Content Automation Protocol (SCAP), Open Vulnerability and Assessment Language (OVAL), and Extensible Configuration Checklist Description Format (XCCDF).Experience in using version control systems, e.g. git.Good knowledge of JSON, YAML, and Markdown.Good knowledge to create scripts for configuring IT systems for at least one of the following technologies: Ansible playbooks and modules, Linux (Bash scripts, Ansible), Databases (Oracle, MS SQL Server), Basic knowledge of PythonExperience in systems hardening, cybersecurity, and IT risk management.Knowledge of security frameworks and standards such as NIST, CIS, ISO 27001, and PCI DSS.Experience in security assessment tools and techniques, including vulnerability scanning and penetration testing.Understanding of operating systems (Windows, Linux, Unix), network protocols, and security technologies.Excellent problem-solving skills and the ability to work independently and as part of a team.Relevant certifications such as CISSP, CISM, CEH, or similar are highly desirable.Ability to identify and mitigate potential security threats and vulnerabilities.Strong analytical and critical thinking skills.Excellent communication and documentation abilities.Ability to stay updated with the latest security trends and technologies.English fluent proficiency both written and spoken, German is a plusMust excel working in team-oriented roles that rely on ability to collaborate with others.Do you want to know more about Cybersecurity at Siemens? www.siemens.com/cybersecuritySiemens is committed to equal opportunities for people of all genders, as well as diversity as a source of creativity and innovation. Having different types of talent and experiences makes us more competitive and better prepared to successfully respond to the demands of our society. We value candidates who reflect the Diversity we enjoy in our Company.
#J-18808-Ljbffr
