Keyresponsibilities: As aSenior Application Security Engineer, you will contribute as a team memberresponsible for the security of various Electronic Design Automation products,including cloud-based applications, enterprise client-server applications, and on-premisesnative code applications. This person works closely with our developer teamsand is vital in ensuring that every step of the software development andoperation lifecycle (SDLC) follows security best practices. You will beresponsible for active involvement in development, advocating secure codingprinciples, and guiding the testing of applications against securityrisks/parameters before release.
As a Sr.Security Engineer, you will work with the team to: Develop software solutions to implement reusable securitycontrols within our products. Develop and promote security testing standards andtechniques throughout the development organization. Provide subject-matter expert (SME) level input on securecoding, architecture, and automation.
Proactively hardenthe security posture of the organization's products. Specify, implement, and execute internal processes andtools to assess and further develop the maturity of development teams in theareas of: Threat and Risk Analysis Security Requirements identification and fulfillment Static analysis (SAST), dynamic analysis (DAST), andSoftware Component Analysis (SCA) 3rd party component selection and management Vulnerabilitymanagement Collaborate with other security professionals acrossmultiple organizations and multiple geographies in broad security initiatives. MinimumQualifications: BA or BS degree in CS, Systems Analysis, or a related field,from an accredited institution.
Minimum of 10+ years of experience distributed acrossmultiple of the following competencies: Design and development of cloud security architectures experience Security aspects of on-premises native code applications experience Security architecture of client-server-based enterpriseapplications experience Threat modeling and risk analysis experience Vulnerability assessment and management experience Integration of security tools (SAST/DAST/SCA) into the SDLCprocess and CI/CD pipelines experience Software Supply Chain security through CI/CD systems,including Software Bill of Materials experience Application penetration testing experience Red team / blue team attack and defense experience Containerization technologies and modern microservicedesign principles experience Automation of internal development processes experience Prior software development experience in C/C++ or Java.Experience with extensive understanding of the AWS architecture and thesecurity facilities within it. Excellent communication and presentation skills to lead andcoach junior Security Engineers to improve their skills and effectiveness experience People skills - able to work collaboratively with seniorengineers to raise their awareness of security issues within their products. Word skills - communicating effectively in short form(email), long-form (design documents), and interaction/presentation.
Training skills - To lead and coach junior securityengineers to improve their skills and effectiveness and to contribute tobuilding a training program. PreferredQualifications: Familiarity with secure development methodologies such asOWASP SAMM, Microsoft Secure SDLC Familiarity with standardization and compliancerequirements such as ISO 27001, SOC2, Executive Order 14028, EU CRA, and NIST800 standards Collaboration with and direction of external vendors ofsecurity services such as penetration testing and configuration analysis Experience working with a commercial-grade code base in acollaborative organization. Strong understanding of network and web protocols Experience with cloud architectures other than AWS (Azure,GCP, VMWare) Relational and NoSQL database design competency Familiarity with Electronic Design Automation products andsolutions JavaScript/TypeScript/React, Python, and similar languages The salary range for this position is $145,700 to $262,300,and this role is eligible to earn incentive compensation.
The compensation isbased on the successful candidate's work location and additional factors,including job-related skills, experience, and relevanteducation/training. Siemens offers a variety of health and wellnessbenefits to employees. Details regarding our benefits can be found here: www.benefitsquickstart.com.
In addition, thisposition is eligible for time off by Company policies, including paid sickleave, paid parental leave, PTO (for non-exempt employees), or non-accruedflexible vacation (for exempt employees). #LI-EDA #LI-REMOTE #LI-FS1 Equal Employment Opportunity Statement Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.
EEO is the Law Applicants and employees are protected under Federal law from discrimination. To learn more, Click here. Pay Transparency Non-Discrimination Provision Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision.
To learn more, Click here. California Privacy Notice California residents have the right to receive additional notices about their personal information. To learn more, click here.