As part of the Intellectual Property Protection Operations (IPP OPS)/Cybersecurity team, you will help to secure the IP and other digital assets of the Digital Industries Software (DI SW) division of Siemens.  You will join a cyber-focused team that handles the holistic landscape of protecting a software development business.

As a Senior Cybersecurity Analyst, you will

• Investigate and follow through on IT security incidents in a geographically distributed environment, considering all relevant technical and non-technical stakeholders during all phases of the incident.
• Analyze reports about potential / suspected incidents, collect and analyze technical incident information and log data, investigate, generate reports, and ensure progress on incident tickets.
• Investigate SIEM alerts/events for relevance, severity, and impact and escalate incidents for further investigation or remediation.
• Provide input and guidance for developing and updating runbooks and detection rules.

• At least 5+ years of relevant work experience in at least one of the following areas: Cybersecurity operations, Incident Response, Threat Intelligence, Threat Hunting and Digital Forensics.
• Technical system expertise (e.g., gathered from being an IT Administrator) with relevant exposure and expertise in IT Security, in several of the following technologies: Linux and Windows operating systems, web-technologies (encryption, HTTP, REST), networking, cloud environments.
• Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic.
• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.
• Experience securing public cloud and SaaS offerings (AWS, Google, Azure)
• Experience in the following technologies - SIEMs, WAFs, IDS/IPS, anti-malware, EDR, SOAR, secure cloud access, vulnerability scanning platforms, DLP, private cloud, and open-source security frameworks.
• Experience in campaign monitoring and actor profiling of threat actors or groups with a direct or indirect impact to the Siemens DISW brand and/or broader industry.
• Experience presenting analytic conclusions and research to both technical and non-technical audience through briefings, emails, etc.
• Experience with Contributing to risk assessments and mitigation strategies for identified threats.
• Programming and scripting skills would ideally include one or more of the following: C#, Python, Ruby, PowerShell or Bash.
• Experience with correlating events to the MITRE framework and the Cyber Kill Chain
• Familiarity with automation and CI/CD pipeline using various tools like GitHub, Bitbucket, etc.
• Understanding / proficiency in applications, containerization, APIs, web services
• Experience in conducting forensics investigations on Windows or Linux operating systems.
• Vulnerability Handling / Management
• Open Stack, Kubernetes, or other grid computing technologies.
• DEVOPS or DEVSECOPS experience for creating the tools our team uses.
• Configuration Management in Ansible, Puppet, PowerShell, or MS Endpoint Configuration Manager.
• Data analytics and reporting tools: R, NumPy, MS Power BI, Tableau
• Experience with common ticketing systems

• B.S. or equivalent degree, focused on cybersecurity, or equivalent knowledge.
• 5+ years’ experience in IT security operations.
• Ability to work both independently as well as in a global team setting.
• Outstanding analytical, problem solving, and planning skills.
• Strong attention to detail.
• Creative thinking and innovation skills to bring new approaches to the team.
• Excitement to learn and a curious mindset.
• Business level English.
• Knowledge of the intelligence cycle and cyber threat intelligence-relevant frameworks (e.g. cyber kill chain, diamond model, pyramid of pain, MITRE ATT&CK, etc.).
• Understanding of the tactics, techniques, and procedures (TTPs) employed by relevant cyber threat groups, which are tracked by various vendors.
• Results oriented with an ability to self-start, work independently, and address multiple competing priorities.
• Strong analytic and problem-solving skills with the ability to interpret large volumes of data.
• Relevant Industry Certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), AWS, CompTIA Security+ CISSP, CISA, CISM, are desirable.

The salary range for this position is $95,800 to $172,400 and this role is eligible to earn incentive compensation. The actual compensation offered is based on the successful candidate’s work location as well as additional factors, including job-related skills, experience, and relevant education/training.  Siemens offers a variety of health and wellness benefits to employees. Details regarding our benefits can be found here: www.benefitsquickstart.com. In addition, this position is eligible for time off in accordance with Company policies, including paid sick leave, paid parental leave, PTO (for non-exempt employees) or non-accrued flexible vacation (for exempt employees).