Incident Response Specialist / Cybersecurity operations (f/m/d)

Do you want to help create the future of healthcare? Siemens Healthineers is a place for people who dedicate their energy and passion to this greater cause. It reflects their pioneering spirit combined with our long history of engineering in the ever-evolving healthcare industry.

We offer you a flexible and dynamic environment where you have the space to stretch beyond your comfort zone in order to grow personally and professionally. Sound interesting?

Then come in and join our team asIncident Response Specialist / Cybersecurity Operations

The Incident Response Specialist has technical and coordination responsibilities for managing Cybersecurity Incidents at Siemens Healthineers. In this function you support the definition and improvement of processes and procedures for Incident Detection, provide the technical expertise to address demands of the Respond and Recover phases of Incident Response, and you drive the continuous improvement phase of the Incident Response Process.

Tasks and Responsibilities

• Assess, triage, and prioritize security-relevant events from logging and monitoring systems.
• Coordinate and lead Incident Response taskforces and provide technical expertise, working with different business functions such as IT Operations, HR, Legal, Data Privacy, Corporate Communications and Product Security.
• Document and track cybersecurity incidents through their entire lifecycle, from initial detection, triage, response to final resolution and improvements.
• Derive immediate mitigation measures for containment, eradication, and recovery of cybersecurity incident and keep track of its implementation progress during incident response task forces.
• Consume threat intelligence to detect, triage and remediate malware, threats and adversarial activity.
• Develop and carry out regular threat hunting (proactive) activities, making sure learnings are properly documented and propagated to neighboring teams and functions.
• Leverage threat hunting to create and maintain Situational Awareness for related company functions such IT operations, security architects, or service providers.
• Perform analysis of different log files and data sources to identify adversarial activity and anomalies.
• Assess newly arising vulnerabilities and Tactics, Techniques and Procedures (TTPs) to define defensive measures to detect and disrupt adversarial actions. Coordinate with neighboring functions to ensure those measures are turned into actionable changes.
• Collect forensic artifacts, analyze, reverse engineer, and document findings on malicious payloads so that indicators of compromise and information about threats origin and intents are properly disseminated and acted upon.
• Use industry standards to produce and disseminate our own Threat Intelligence to our internal counterparts and external partners.
• Consider business aspects to support an adequate triage and prioritization of cybersecurity incidents, whilst ensuring root-cause are properly clarified. Communicate findings and possible improvement measures in an actionable way.
• Operate and drive continuous improvement to SOC playbooks to protect company personnel, businesses, and assets.
• Document and communicate abstracts and consolidated incident-related findings and trends to support security architecture and security awareness functions.
• Understand and employ defense-in-depth principles and practices to create and maintain defense mechanisms.
• Qualifications
• Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas:
• Computer networking concepts and protocols, and network security methodologies
• Risk management processes and methods for assessing and mitigating risk
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles.
• Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of log data and network traffic.
• Host/network access control mechanisms (e.g., access control list, capabilities lists).
• System administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Incident categories, incident responses, and timelines for responses.
• Incident response and handling methodologies.
• Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Network traffic and packet-level analysis.
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Experience with Malware analysis, sandboxes, reverse engineering, and tools such as Radare2, OllyDbg, and Hex-Rays IDA Pro.
• Experience with operating system security controls on common platforms such as Linux, Windows.
• Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq)
• Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain or MITRE ATT&CK
• Cloud service models and how those models can limit incident response.
• Application Security Risks (e.g. Open Web Application Security Project Top 10 list).

Additionally

• STEM studies are highly desirable but might be traded-off for relevant experience.
• 5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuable.
• Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable.

Personality Traits

• Negotiation skills and ability to set and track priorities and deadlines.
• Able to work on a very tight schedule, while keeping track of tasks progress and deadlines.
• Able to structure complex problems and find practicable solutions to those.
• Team player but also able to work on an individual basis.
• Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated.
• Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise.

Being part of our team:

Siemens Healthineers is a leading global medical technology company. More than 48,000 dedicated colleagues in over 70 countries are driven to shape the future of healthcare. An estimated 5 million patients across the globe benefit every day from our innovative technologies and services in the areas of diagnostic and therapeutic imaging, laboratory diagnostics and molecular medicine, as well as digital health and enterprise services.

Curious about our culture?

Our culture embraces different perspectives, open debate and the will to challenge convention. Change is a constant aspect of our work. We aspire to lead the change in our industry rather than just react to it. That’s why we invite you to take on new challenges, test your ideas and celebrate success.

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.