SHL Cybersecurity Professional /Security Testing网络安全 SH/BJ

The Cyber Security team enable the local market access and protect the enterprise, drives cyber compliance activities. We engage with portfolio, manufacture facilities and functions on all aspect of cybersecurity in the region. We are responsible for the local implementation of Cybersecurity Management System and the under lying regional directives, procedures, guidelines & standards. Within our organization, you will have the opportunity to be working in a cutting edge technology in a diverse environment across functions, business lines. You will join a community of cybersecurity experts who are all passionate about it!

As Cybersecurity Testing Professional you are primarily conduct security testing for Siemens Healthineers portfolios, support vulnerability scanning required for the Medical Product NMPA submission, Support local R&D team in SAST/SCA. Conduct Penetration testing, cloud security testing/audit base on the priority.

Furthermore, in this role you will be assisting Siemens Healthineers’ portfolios in providing threat intelligence, guidance and support towards remediating the cybersecurity risk. You will be closely work with 3rd-party vendor in a cybersecurity testing engagement.

Duties and Responsibilities:

• Based on the NMPA cybersecurity guideline, engage 3rd-party for an onsite vulnerability scanning activities

• Responsible in obtaining the CCRC qualification

• Support in performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of a medical product or solution.

• Evaluation of third party components regarding product & solution security.

• Verification of implementation regarding security requirements (e.g. as part of system test, acceptance test). This includes recommendation and creation of security testing tools.

• Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.

• Review the quality of a service provided by a 3rd-party vendor, facilitate the 3rd-party pen test engagement for the product R&D team

• Estimate and measure the workload required for each engagement.

• Bachelor’s degree or above, over 2 years' experience and track-record in cybersecurity testing

• Solid knowledge of relevant cybersecurity testing such as SAST/DAST, SCA, vulnerability scanning & etc.

• Familiar with security testing tools and experience leveraging them in a real-life scenario.

• Familiar with pen testing tools such as BurpSuit, NMAP, Kali Linux

• Extensive expertise in analyzing the threats and be ability to identify known exploits

• Expertise in coaching developers, architects and build cybersecurity awareness.

• Proper written and verbal communication skills; Be able to express clearly in both written and spoken English/Mandarin

• Self-motivated and structurally ramp up new technologies;

• Familiar with cloud security benchmark and experience auditing cloud security misconfigurations.

• Basic understanding of the vulnerability management and security operation.

Corporate position  网络信息安全

英语要好，可以跟对接沟通Global团队

location： flexible 上海 或者 北京

协调供应商 有一定频率的出差

渗透测试/安全扫描/信息安全资质

可看跨行业

Our global team:

We are a team of 66,000 highly dedicated employees across more than 70 countries passionately pushing the boundaries of what’s possible in healthcare to help improve people’s lives around the world. We aspire to create better outcomes and experiences for patients no matter where they live or what health issues they are facing. Our portfolio, spanning from in-vitro and in-vivo diagnostics to image-guided therapy and innovative cancer care, is crucial for clinical decision-making and treatment pathways.

Our culture:

We are part of an incredible community of scientists, clinicians, developers, researchers, professionals, and skilled specialists pushing the boundaries of what’s possible, to improve people’s lives around the world. We embrace a culture of inclusivity in which the power and potential of every individual can be unleashed. We spark ideas that lead to positive impact and continued success.

As an equal opportunity employer, we welcome applications from individuals with disabilities.

We care about your data privacy and take compliance with GDPR as well as other data protection legislation seriously. For this reason, we ask you not to send us your CV or resume by email. We ask instead that you create a profile in our talent community where you can upload your CV. Setting up a profile lets us know you are interested in career opportunities with us and makes it easy for us to send you an alert when relevant positions become open.

To all recruitment agencies: Siemens Healthineers does not accept agency resumes. Please do not forward resumes to our jobs alias, employees, or any other company location. Siemens Healthineers is not responsible for any fees related to unsolicited resumes.