Intern: Cybersecurity Posture Assessments (6+ months)

Description:

Siemens is looking for an intern to support R&D in thedevelopment of tools and methods to support testing of certain aspects of thecybersecurity posture of systems, networks, and applications. The internshipwill advance the understanding and capabilities of Siemens to conductassessments about the quality of the cyber defense ecosystem, and adds theperspective of supporting internal cybersecurity risk assessments that resultin actionable guidance about security requirements to meet mandatory minimumstandards on security protection. This role is perfect for someone who ispassionate about cybersecurity, policies & processes, and protecting largecompany networks in a real-world, impactful project.

As part of a dynamic team, you will collaborate closely withother interns and project leads, offering your expertise in cybersecurity riskassessment and management while gaining invaluable experience in acutting-edge, technological environment. Your contributions will not only drivethe project towards success but also shape the future of assessing and managingoperational risk at Siemens. We are looking for someone who is ready to take onchallenges, learn rapidly, and make a significant mark in the field of buildingsecurity automation.

This internship is offered as an on-site internship in ouroffice in Princeton, NJ, USA. It is not offered as a remote position.Siemens benefits for interns include: competitive salary, relocation andhousing assistance, as well as additional allowances.

What are my responsibilities?

• While being mentored by an experienced team member andcollaborating with him / her, the role includes to:
• Understand and support risk assessments in a corporateenvironment (IT and OT) that help asset owners determine protectionrequirements and derive protection goals and activities (including technical /configuration requirements) to operate within the security mandates of a largecorporate network.
• Understand the topic of Breach & Attack Simulation as amethod to assess the quality and coverage of cyber defense tool chains andteams.Develop approaches to automate (parts of) attack chains for use inindustrial environments. Align approaches to existing cybersecurity frameworkssuch as MITRE ATT&CK for ICS.
• Implement selected approaches in the context of a lab-basedindustrial scenario and evaluate results based on a meaningful metric.
• Summarize results and create actionable guidelines that use theresults to assess risk of other networks and IT/OT environments, in order toguide application owners to properly reduce and manage risk.
• If time allows, investigate the integration of approaches andresults into supporting the Zero Trust paradigm.
• Create technical reports and present your results.

Basic Skills:

• B.S. required, preferably pursuing a M.Sc. in computer science,cybersecurity, or related subject
• Experience in the field of security risk management, ideally inthe context of compliance to complex guidelines, e.g., as used in a corporateenvironment, requiredProficiency in software development to work independently,preferably in scripting languages required
• Excellent knowledge of English (spoken and written)

Preferred Skills:

• Capability and interest in quick prototyping
• Strong collaboration skills and ability to thrive in afast-paced environment, willingness to take ownership of your project tasks andresults and to suggest improvements where possible.

May consider sponsorship of short-term J-1 visa students (6-12months), depending upon program requirements.

The pay range for thisposition is $22 - $40 per hour. The actual wage offered may be lower or higherdepending on budget and candidate experience, knowledge, skills,qualifications, and premium geographic location.

Successful candidates must be able to work with controlledtechnology in accordance with US Export Control Law. US Export Control laws andapplicable regulations govern the distribution of strategically importanttechnology, services and information to foreign nationals and foreigncountries. Siemens may require candidates under consideration for employmentopportunities to submit information regarding citizenship status to allow theorganization to comply with specific US Export Control laws and regulations.Additional information on the US Export Control laws & regulations can befound onhttps://www.bis.doc.gov/index.php/policy-guidance/deemed-exports/deemed-exports-faqs

What do we offer?

Our team is part of Siemens Technology (T), which is Siemens’central Research & Development department. The team is composed ofconsultants, innovators, engineers, and researchers that unite a passion aboutcybersecurity and securing our customers’ assets and networks - in domains suchas control systems used in energy utilities that are part of the nation’scritical infrastructure, smart factories, building automation systems,intelligent transportation systems, healthcare, and innovative new products andsolutions developed by Siemens. Our close contact to all our business units inSiemens provides the opportunity to contribute to and gain experience in realindustrial applications.

Our research team is located in beautiful Princeton, NJ, auniversity town packed with exceptional international talent that provides aunique feel of this true cultural gem in the state. The town has plenty ofactivities to offer, but for those looking for more, at just about 1h drive wehave NYC or Philadelphia. We have the best public schools in the country andall of the above glued together by a very active and welcoming community.

As Siemens’ central Research & Development department, weembrace this community. Our core mission is to support our Siemens businessunits as a central knowledge hub for all cybersecurity capabilities globally.We research and develop new and innovative solutions, based on much-needed deeptechnical expertise, and our network with internal and external experts andacademia. This allows us to invent new solutions and approaches, as well as,verify their feasibility in the “real world” together with the productdevelopment teams of our business units – creating a stimulating setup forquick innovation cycles and rapid prototyping.

As an intern in our team, you have the opportunity toexperience a professional industrial research team and learn about the uniquechallenges and opportunities of a career in industrial cybersecurity. Wesupport business units in testing and securing our customers’ assets andnetworks - in domains such as control systems used in energy utilities that arepart of the nation’s critical infrastructure, smart factories, buildingautomation systems, intelligent transportation systems, healthcare, and innovativenew products and solutions developed by Siemens. Our close contact with all ourbusiness units in Siemens provides the opportunity to contribute to and gainexperience in real industrial applications.