Product & Solution Security Officer

In the role of Product & Solution Security Officer (f/m/d) (PSSO), you will play a key role in ensuring the security of our products and solutions throughout their entire lifecycle. Acting as the central point of contact for all security-related topics, you will be driving key initiatives to implement our security strategy and thereby making a significant contribution to protecting our customers, their data, and our technologies., * Providing expert guidance to the team of Product & Solution Security Experts and working closely with them to shape the security strategy for our products and solutions

• Advising product management, development teams, and architects across all phases of the product lifecycle - from concept to maintenance -on security requirements, best practices, and Security by Design
• Defining and implementing security concepts, analyzing and assessing security risks, and deriving appropriate measures to mitigate them
• Ensuring compliance with relevant security standards, policies, and regulatory requirements (e.g., IEC 62443, ISO 27001, CRA, GDPR)
• Conducting security reviews, threat analyses, and risk assessments, supporting penetration testing and vulnerability scans, and coordinating the remediation of identified vulnerabilities
• Supporting the handling of security incidents and vulnerability reports and coordinating communication with internal and external stakeholders
• Designing and leading training sessions and workshops on product security, while promoting a sustainable security awareness culture within development teams
• Creating and maintaining security documentation, policies, and processes, building a network with internal and external security experts, and regularly reporting on the security status to management

• Education: We look forward to getting to know you if you have successfully completed a degree in computer science, IT security, electrical engineering, or a comparable field, + Extensive professional experience in the field of IT and cybersecurity, ideally complemented by deep subject-matter expertise in product security, embedded systems, or OT security

• Profound knowledge of security architectures, cryptographic concepts and mechanisms, as well as common attack vectors, exploitation techniques, and threat scenarios
• Extensive hands-on experience with established security tools and technologies, particularly SAST, DAST, and fuzzing, as well as ideally additional approaches for automated security validation and testing
• Strong expertise in the development of secure software solutions, applying recognized secure coding principles and security-by-design development practices
• Very good knowledge of relevant standards, frameworks, and regulatory requirements in the fields of information security, product security, and industrial cybersecurity, ideally including IEC 62443, NIST, or comparable frameworks
• Demonstrated experience in performing threat analyses, vulnerability assessments, and risk evaluations, particularly using established methodologies such as STRIDE, DREAD, or comparable approaches
• Solid understanding of agile development methodologies and collaborative ways of working, as well as experience operating effectively in cross-functional and interdisciplinary development environments
• Relevant certifications such as CISSP, CISM, CSSLP, GSEC, or comparable qualifications are considered a strong asset

• Ways of working:

• Strong communication and presentation skills to convey complex security topics clearly
• Analytical thinking as well as a structured and solution-oriented approach
• High sense of responsibility, initiative, and team orientation

• Languages: You impress us with very good English skills, both written and spoken. Good German skills are an advantage

• An attractive remuneration package
• Access to Siemens share plans
• 30 days of paid vacation and a variety of flexible work schedules that allow time off for you and your family
• Flexible training opportunities for both your professional and personal development that you can tailor to your interests

Since each of over 300,000 team members feels that other benefits are particularly important, and we cannot list our entire benefit portfolio here, you can find more information here.

The individual benefits are subject to regulatory, contractual, or corporate conditions.

As a leading technology company, we are shaping the future of industry and infrastructure. Within our DI PA DCP NET department, we are developing innovative solutions for network infrastructure and the associated security technologies in both software and hardware., You are much more than your qualifications, and we believe in the potential of every single candidate. We look forward to getting to know you! At Siemens, we believe that feeling valued and included is the foundation for doing great work. That's why we aim to create an inclusive workplace where everyone feels a sense of belonging, and where individual perspectives and experiences are celebrated. Our commitment to fairness and respect extends to every applicant. As an equal opportunity employer, we welcome applications from individuals of all backgrounds and particularly encourage applications from persons with disabilities.