Find Your Next Job

Siemens Healthineers

Cyber Security Expert

Posted on June 19, 2025

Ka, India
0 - 0 USD (yearly)

Full Time

Tailor Your Resume for this Job

Job Title : Cybersecurity Expert – Product, Platform & Solution Security

Role Summary

The Cybersecurity Expert plays a critical role in protecting the integrity, availability, and confidentiality of medical software and systems by embedding security principles throughout the development lifecycle. As part of the Cybersecurity Center of Competence, the expert collaborates cross-functionally with R&D, product teams, architects, regulatory stakeholders, and external security communities to lead threat analysis, ensure secure design, validate vulnerabilities, and shape the security posture of products and platforms. This role is both technical and consultative, requiring deep knowledge of secure engineering practices, standards, and incident response.

Key Responsibilities

1. Security Consulting & Risk Mitigation

Provide security consultation to product teams to eliminate or mitigate weaknesses in line with industry standards (e.g., IEC 62443, NIST, ISO 27001).
Participate in design and architecture discussions to ensure alignment with secure design principles.
Guide software architects in integrating cyber security requirements into product and solution design.

2. Vulnerability & Threat Management

Perform threat modeling, risk analysis, and attack surface assessments.
Analyze vulnerabilities (internal or third-party), validate remediation measures, and guide patching strategies.
Perform security incident investigations and provide forensics support when required.
Stay updated on new vulnerabilities, threat vectors, and exploits—apply findings to continuously improve product security.

3. Security Engineering & Tooling

Design or extend tools, scripts, or automation frameworks for vulnerability scanning and penetration testing.
Perform or oversee activities such as:
Fuzz testing
Reverse engineering
Code analysis (static/dynamic)
Secure software supply chain checks
Contribute to the integration of automated security tooling into CI/CD pipelines.

4. Secure Development Lifecycle Support

Lead or support security activities throughout the Secure Software Development Lifecycle (SDLC).
Participate in or lead security gate reviews, release readiness assessments, and milestone reviews.
Create and maintain secure coding and design guidelines for developers.
Conduct or support internal security audits and regulatory submissions.

5. Community Development & Training

Conduct security awareness sessions and technical training for R&D teams.
Develop reusable security patterns, checklists, and guidance material.
Collaborate with Cybersecurity Officers, Product Owners, and Architects to ensure cohesive security implementation across programs.
Contribute to internal and external knowledge sharing, security forums, and standardization groups.

Required Qualifications & Skills

Education and Experience : Bachelor’s/Master’s degree in Computer Science, Cybersecurity, or a related field.

5–8 years of experience in IT/software development, with 3+ years focused on cybersecurity.

Technical Expertise

Strong foundation in:

Secure architecture and design
Threat modeling / Security risk analysis
Static and dynamic code analysis
Fuzz testing / Penetration testing
Security tooling and automation (e.g., SonarQube, Burp Suite, Fortify, Checkmarx)
Operating systems and networking fundamentals
DevSecOps pipeline and CI/CD integration basics

Working knowledge of:

HIPAA, HITECH, FDA Pre/Postmarket Cybersecurity Guidance (for medical devices)
Regulatory standards: IEC 62443, ISO 27001, NIST SP 800-53/82/218, CLSI AUTO11-Ax, IEC 80001

Certifications (Preferred)

CISSP – Certified Information Systems Security Professional
CSSLP – Certified Secure Software Lifecycle Professional
OSCP, CEH, or similar ethical hacking certifications

Collaboration & Stakeholders

Internal : Cybersecurity Officers (CYSO), R&D Development & Test teams, Quality/Risk Managers, Project Managers, Product Owners, Architects

External : Standardization bodies, security tool vendors, customer security teams, and external cybersecurity communities

Work Style and Engagement

Must be able to support multiple concurrent projects.
Requires proactive leadership and strong communication with cross-functional teams.
Expected to contribute regularly to internal security initiatives, CoPs (Communities of Practice), and lessons learned.

Tailor Your Resume for this Job

Share with Friends!