Product Solution and Security Expert

Foundational Technology Development Europe Turkey Simulation is a Software R&D Group in Ankara. This group brings together the fields of utility network planning, simulation, analysis, and network model management with the PSS Product Suite (PSS power system simulation and modeling software). Grid Simulations is a focus area which mainly employs new ways throughout the different fields of application in order to build proficient software solutions and products. To accomplish the mission of the group, the candidate will perform as a Product Solution and Security Expert.

We are seeking an experienced software development engineer to develop software solutions.

What are my responsibilities?

Product & Solution Security Consultancy:

1. Provide technical expertise on Product and Solution Security (PSS) to R&D, DevOps, SRE, and Architecture teams following our Siemens SFeRA guidance framework.
2. Collaborate with the agile team to identify and analyze potential security threats, vulnerabilities, and risks throughout the product development lifecycle, and develop and implement comprehensive threat models to proactively mitigate security risks.
3. Specialize in different areas such as Secure Architecture and Design, Cloud Security, Secure Project Integration, Security Testing, and Secure Implementation.
4. Responsible for consulting on and conception of solution modules for the secure design of applications, products, and solutions in the environment of grid software.
5. Actively drive research and development in the broad area of cyber security, e.g., secure architectures, web security, cloud computing security, IoT, identity and access management, certificate management, digital signatures, embedded systems.
6. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical partners.
7. Foster a security-aware culture within the development teams and across the organization by conducting security training and awareness programs.

Security Implementation:

1. Support project leaders in integrating security into product development processes.
2. Guide project teams in performing security activities such as threat and risk analysis, penetration testing, and compliance assessments.
3. Implement requirements from the PSS Guide into respective services and ensure alignment with organizational standards.
4. Provide guidance on secure coding practices and remediation of identified vulnerabilities.
5. Perform security code reviews and analyze vulnerabilities during different SDLC phases.

Cloud and Application Security:

1. Review and secure configurations, applications, and data across AWS and Azure cloud platforms, Kubernetes, Containers, and Docker environments.
2. Conduct container scanning, runtime scanning, static code analysis, and manage vulnerability and malware scanning tools.

Governance and Compliance:

1. Support compliance implementation with ISO CRA, NIS2, and other standards.
2. Collaborate with internal teams to ensure the implementation and reporting of required security controls.
3. Ensure security requirements as defined in the SFeRA framework are included in the design, development, testing, and deployment stages of software projects.
4. Conduct threat modeling and risk assessments to identify potential security issues early in the development process.

DevSecOps and Automation:

1. Consult for DevSecOps CI/CD pipelines with tools like GitLab, SonarQube, and Artifactory.
2. Automate alerting, monitoring, and security workflows using appropriate tools and integrations.

Continuous Monitoring and Incident Handling:

1. Monitor and evaluate the effectiveness of security measures continuously.
2. Support in managing and resolving security incidents effectively.
3. Assist in the development and implementation of incident response plans and procedures.
4. Participate in security incident investigations and provide expertise in resolving security breaches.

What do I need to qualify for this job?

Required Qualifications:

• B.S. and/or M.S. degree in Computer Science or Computer Engineering (or similar fields).
• Minimum 5 years’ experience in complex software development projects.
• Experience with cloud security in development and/or operation of Amazon AWS and Microsoft Azure.
• In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten).
• Proficient in application & data security, ISMS controls, secure coding practices, threat and risk analysis, penetration testing, vulnerability management, and DevSecOps tools (SonarQube, GitLab, Artifactory).
• Proficiency in programming languages such as Java, C#, Python.

Preferable Additional skills/experiences (i.e., is a plus):

• Understanding of DevSecOps practices and integration of security into CI/CD pipelines.
• Good knowledge in security technologies (e.g., JWT, OAuth, OIDC, mTLS).
• Familiarity with relevant IETF standards (e.g., X.509 PKI, digital signatures, IAM).
• Proficient in software architectures and cyber security, preferably with a focus on IAM.
• Several years of experience in related cloud technologies (AWS / Azure cloud platforms, Kubernetes, Containers, Docker).
• Relevant certifications such as CISSP, CCSP, CEH, OSCP.

Desired Soft skills:

• Excellent communication of complex issues and interpersonal communication.
• Excellent problem-solving and analytical skills.
• Strong self-organization and ability to work independently.
• Collaborative, self-motivated, customer-focused, positive attitude.
• Committed to quality-oriented, tidy, and well-documented business delivery.
• Eager to learn new technologies and tools.
• Able to facilitate collaboration between Global and Local teams.
• Comfortable interpreting and understanding initially unfamiliar concepts.
• Develop and apply methodologies to meet customer needs.

What else do I need to know?

• Fluent command of English is a must; German is a plus.
• No restrictions for travelling abroad temporarily.

#LI-HYBRID

What we offer

1. Speak up Culture
2. Respectful Workplace
3. Being part of a global work environment
4. Attractive remuneration package
5. Excellent recognition tools providing spot awards
6. Learning & Development opportunities for both personal and professional growth
7. Leave days for parents and a variety of flexible working models
8. Creche allowance for mothers
9. Share matching programs to become a shareholder of Siemens AG
10. Remote working and living flexibility only for relevant positions
11. Find more benefits here

Individual benefits are adapted to meet local legal regulations, the requirements of different job profiles, locations, and individual preferences.

“At Siemens we are always challenging ourselves to build a better future. We need the most innovative and diverse Digital Minds to develop tomorrow‘s reality. Find out more about the Digital world of Siemens here: www.siemens.com/careers/digitalminds”

As Siemens we believe physical barriers are not related to potential. Only the potential matters to us. Therefore, we look forward to receiving applications of candidates with physical barriers and chronic illnesses.

Siemens is dedicated to quality, equality, and valuing diversity and we welcome applications that reflect the diversity of the communities within which we work.

We are looking forward to receiving your online application. Please ensure you complete all areas of the application form to the best of your ability as we will use the data to review your suitability for the role.

Please find more information from our website:

https://new.siemens.com/tr/tr.html

Contact
If you need more information please don't hesitate to contact us.
+90 216 459 20 00

https://new.siemens.com/tr/tr/genel/iletisim.html

insanorganizasyon.tr@siemens.com

www.instagram.com/siemensturkiye

https://m.youtube.com/user/Siemens

http://www.twitter.com/siemensturkiye

http://www.facebook.com/siemensturkiye