Product Solution and Security Expert

Foundational Technology Development Europe Turkey Simulation is a Software R&D Group in Ankara. This group brings together the fields of utility network planning, simulation, analysis and network model management with the PSS® Product Suite (PSS® power system simulation and modeling software). Grid Simulations a focus area which mainly employ new ways throughout the different fields of application in order to build proficient software solutions and products. To accomplish the mission of the group, the candidate will perform Product Solution and Security Expert.

We are the catalyst for the industrial world’s digital transformation. 

For more than 35 years, ground breaking technologies and business models engineered and developed by Siemens Turkey R&D department contributes to the global success of Siemens. 

Our R&D activities focused on the fields of electrification, automation and digitalization, provides end-to-end support to our global customers on their unique digital transformation journey. 

We aim to increase our strength on solution and product development with world class SW development experts, with the vision to be the digitalization partner for our global customers. 

We need game changers like you, to bring the next level of smart manufacturing and infrastructure from mere concept to reality, develop tomorrow’s smart cities, and address the most critical digitalization challenges across a comprehensive range of industries.

We are seeking an experienced software development engineer to develop software solutions.

What are my responsibilities?

Product & Solution Security Consultancy:

Provide technical expertise on Product and Solution Security (PSS) to R&D, DevOps, SRE, and Architecture teams following our Siemens SFeRA guidance framework

Collaborate with the agile team to identify and analyze potential security threats, vulnerabilities, and risks throughout the product development lifecycle, and develop and implement comprehensive threat models to proactively mitigate security risks and ensure the overall security posture of the product.

Specialize in different areas such as Secure Architecture and Design, Cloud Security, Secure Project Integration, Security Testing, and Secure Implementation.

Responsible for consulting on and conception of solution modules for the secure design of applications, products, and solutions in the environment of grid software

Actively drive research and development in the broad area of cyber security, e.g., secure architectures, web security, cloud computing security, IoT, identity and access management, certificate management, digital signatures, embedded systems to be on top of current developments

Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical partners.

Foster a security-aware culture within the development teams and across the organization by conducting security training and awareness programs for development teams.

Security Implementation:

Support project leaders in integrating security into product development processes.

Guide project teams in performing security activities such as threat and risk analysis, penetration testing, and compliance assessments.

Implement requirements from the PSS Guide into respective services and ensure alignment with organizational standards.

Provide guidance on secure coding practices and remediation of identified vulnerabilities and perform security code reviews and analyze vulnerabilities during different SDLC phases.

Cloud and Application Security:

Review and secure configurations, applications and data across AWS and Azure cloud platforms, Kubernetes, Containers, and Docker environments.

Conduct container scanning, runtime scanning, static code analysis, and manage vulnerability and malware scanning tools.

Governance and Compliance:

Support compliance implementation with ISO CRA, NIS2 and other standards.

Collaborate with internal teams to ensure the implementation and reporting of required security controls and to integrate security practices throughout the (SDLC).

Ensure security requirements as defined in the SFeRA framework are included in the design, development, testing, and deployment stages of software projects.

Conduct threat modelling and risk assessments to identify potential security issues early in the development process.

DevSecOps and Automation:

Consult for DevSecOps CI/CD pipelines with tools like GitLab, SonarQube, and Artifactory.

Automate alerting, monitoring, and security workflows using appropriate tools and integrations.

Continuous Monitoring and Incident Handling:

Monitor and evaluate the effectiveness of security measures continuously.

Support in managing and resolving security incidents effectively.

Assist in the development and implementation of incident response plans and procedures.

Participate in security incident investigations and provide expertise in resolving security breaches.

What do I need to qualify for this job?

Required Qualifications:

• B.S. and/or M.S. degree in Computer Science or Computer Engineering (or similar fields),
• Minimum 5 years’ experience in complex software development projects,
• You are experienced with cloud security in development and/or operation of Amazon AWS and Microsoft Azure
• In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten).
• You are proficient in application & data security, ISMS controls, secure coding practices, threat and risk analysis, penetration testing, vulnerability management, and DevSecOps tools (SonarQube, GitLab, Artifactory) and have hands-on experience with secrets management, container registry, and runtime security solutions.
• Proficiency in programming languages such as Java, C#, Python.

Preferable Additional skills/experiences (i.e. is a plus):

• Understanding of DevSecOps practices and integration of security into CI/CD pipelines.
• You have good knowledge in security technologies (for e.g., JWT, OAuth, OIDC and mTLS)
• You are familiar with relevant IETF standards (for e.g., X.509 PKI, digital signatures, IAM)
• Additionally, you are proficient and have knowledge in the area of software architectures and cyber security, preferably with a focus on IAM, e.g., Identity Federation, SSO (OAuth 2.0, OpenID Connect, SAML), securing service to service communication (service mesh / SPIFFE), access management and authorization (RBAC/ABAC/…), or related topics in the field critical infrastructure
• You have several years of experience in related cloud technologies (AWS / Azure cloud platforms, Kubernetes, Containers, and Docker
• Some relevant certificates such as CISSP, CCSP, CEH, OSCP etc.

Desired Soft skills:

• Excellent target group-oriented communication of complex issues and interpersonal communication,
• Excellent problem solving and analytical skills,
• Strong self-organization including ability to work independently and manage time effectively,
• Teammate with highly collaborative, self-motivated, customer focused, positive and upbeat attitude,
• Committed to quality oriented, tidy and well documented business delivery,
• Eager to learn new technologies, tools and Energy domain know-how,
• Able to facilitate the collaboration between Global and Local teams,
• Comfortable interpreting and understanding initially unfamiliar concepts,
• Develop and apply methodologies to meet customer needs.

What else do I need to know?

• Fluent command of English is a must, German is a plus.
• No restrictions for travelling abroad temporarily.

#LI-HYBRID

What we offer

1. Speak up Culture
2. Respectful Workplace
3. Being part of a global work environment
4. Attractive remuneration package
5. Excellent recognition tools providing spot awards
6. Learning & Development opportunities for both personal and professional growth 
7. Leave days for parents and a variety of flexible working models that allow time off for yourself and your family 
8. Creche allowance for mothers
9. Share matching programs to become a shareholder of Siemens AG
10. Remote working and remote  living flexibility only for relevant positions
11. Find more benefits here

Individual benefits are adapted to meet local legal regulations, the requirements of different job profiles, locations, and individual preferences. 

“At Siemens we are always challenging ourselves to build a better future. We need the most innovative and diverse Digital Minds to develop tomorrow‘s reality. Find out more about the Digital world of Siemens here: www.siemens.com/careers/digitalminds”

As Siemens we believe physical barriers are not related to potential. Only the potential matters to us. Therefore, we look forward to receive applications of candidates with physical barriers and chronic illnesses. We support healthy relationships between candidates with barriers and their colleagues because we believe we can create differences together.

Siemens is dedicated to quality, equality, and valuating diversity and we welcome applications that reflect the diversity of the communities within which we work.

We are looking forward to receiving your online application. Please ensure you complete all areas of the application form to the best of you ability as we will use the data to review your suitability to the role.

Please find more information from our web site: 

https://new.siemens.com/tr/tr.html

Contact
If you need more information please don't hesitate to contact us.
+90 216 459 20 00

https://new.siemens.com/tr/tr/genel/iletisim.html

insanorganizasyon.tr@siemens.com

www.instagram.com/siemensturkiye

https://m.youtube.com/user/Siemens

http://www.twitter.com/siemensturkiye

http://www.facebook.com/siemensturkiye