9 months ago
Siemens Rail Automation is a primary supplier to the rail industry of safety critical railway control systems. Our systems are responsible for the safe and reliable movement of passenger and freight trains in both mainline and metro applications, providing the critical national transport infrastructure. Computer and radio based control systems are at the heart of our technology that provides automatic safety control across the distributed railway network.
This role is for a Principal Systems Engineer with Product & Solution Security Expertise, capable of technically specifying, leading and consulting on Cyber Security related activities within various Project Delivery System Engineering (PDSE) projects. The Principal System Engineer will play a lead role across the whole SE lifecycle, including: Customer Requirements Management, Security Threat and Risk Assessment, System and Sub-system Architectural Design, specification of Product Requirements, development of Test Strategies and Project Integration. The Principal System Engineer shall be expected to engage across the whole System Engineering lifecycle, working within a System Engineering team, with a focus on Cyber Security aspects.
The jobholder will be capable of building and maintain strong communication links with Global R&D, Local R&D, the Project Delivery Engineering Teams and the client (as necessary), and will be responsible for interpreting and influencing their development and delivery strategies with respect to Cyber Security. Principal System Engineers are expected to fully engage with their stakeholder population during all phases of the SE lifecycle.
Success in the role will be measured primarily by the on-time within budget delivery of allocated tasks as agreed with the Systems Engineering Team Lead/Manager, and successful deployment of systems that subsequently meet their cyber security protection goals and objectives. Principal System Engineers are expected to plan their own work within their overall agreed targets and advise in the capture of metrics.
This role will help play a major part in delivering the safe and secured signalling and control systems that the business demands.
What are my responsibilities?
Principal Systems Engineers with Product & Solution Security Expertise, are expected to provide technical leadership, particularly in their specialism, for their allocated tasks. The role includes responsibilities for the following system engineering activities as assigned by the Systems Engineering Team Lead:
* Support during the planning of security relevant activities in the project
* Support to build up required competencies for product & solution security within the project team
* Coaching of project teams during product & solution development
* Specification and maintenance of secure design guidelines
* Specification and maintenance of configuration and hardening guidelines
* Support the definition of secure manufacturing principles and support the development of secure manufacturing IT infrastructure
* Review of artefacts produced during the development and engineering process regarding product & solution security
* Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project
* Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organisation
* Evaluation of third party components regarding product & solution security
* Clearance of implementation and documentation of security critical components (e.g. cryptographic functions, hidden function, firewall settings)
* Verification of implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test)
* Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfils security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures)
* Involvement in the analysis and handling of security vulnerabilities & incidents
* Exchange experiences with internal and external product & solution security community and monitor standards and trends
* Contact person for product management, supply management (e.g. during contract negotiation) for security topics. Support for communication with customer (e.g. security-relevant information and available security updates)
* Represent customer project towards customers security representatives, align with customer's security and risk strategy
* Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates)
* Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to management, integration in awareness material)
What do I need to qualify for this job?
* Educated to degree level (or equivalent) in an engineering, scientific or numerate discipline (essential)
* Preferably have achieved Chartered Engineer status (essential)
* Certified Information Systems Security Professional (CISSP), certified Secure Software Lifecycle Professional (CSSLP), or CESG Certified Professional (CCP) (essential)
* Experience in providing technical leadership in demanding engineering environments (essential)
* Knowledge of the systems engineering life-cycle, cost awareness and awareness of processes involved in other engineering disciplines (essential)
* Experience of working to industry quality and safety standards (essential)
* Excellent verbal and written communication skills (essential)
* Motivated, dependable and self-reliant (essential)
* Understanding and practical experience of applying IEC 62443 standard series (essential)
* A demonstrable broad experience of railway technologies and their application
The Siemens Mobility Division with approximately 3,500 employees, focuses on sustainable technologies for metropolitan areas and their infrastructures. Its offering includes products, systems and solutions for intelligent traffic management, rail-bound transportation, smart grids, energy efficient buildings, and safety and security. The Division comprises the divisions Rail Systems, Rail Automation, Traffic Solutions, and Rail Electrification.
Requisition ID: 238009
Career Level: not defined
Full time only