Cybersecurity Researcher: Industrial Vulnerability Management Here’s the right opportunity for You! We are looking for a Cybersecurity Expert to join our research team in Princeton, NJ! In this role, you will focus on Vulnerability Management for industrial assets and environments. A key focus of our research in industrial vulnerability management is to support our Business Units to create revenue streams in this topic. Hence, this is not a position focusing on protecting our own assets and networks, but a research role with clear focus in support of the business. The right person will have a strong background in industrial Vulnerability Management, general Cybersecurity, ideally Cyber Defense (attack detection, vulnerability management, and incident response with an industrial focus) and Security Testing, and an excellent overview about existing tools and technology to support vulnerability detection, handling, and general security monitoring (especially SIEM tools), as well as a solid understanding of operations technology (OT), ideally in the energy or industrial control space. Your Role In this role, you will: • Support vulnerability management for industrial assets and environments by designing solutions and services that Siemens BUs can use to create revenue streams from external customers. This includes processes using existing products and solutions at Siemens, as well as products available on the market outside of Siemens. You will envision and design new features and capabilities, e.g., to support vulnerability detection in industrial environments (including asset management and SBOM), supporting new network paradigms such as Zero Trust, increasing the degree of automation in vulnerability management, e.g., via integration into DevOps software development processes, among other areas. • Support customer projects in the area of OT cyber defense with defining, designing, and integrations proper use of Cyber Threat Intelligence capabilities. • Develop concepts and transfer research results into Siemens products to improve Siemens products’ Cyber Defense readiness (e.g., ensuring actionable logging happens, incident response / active defense orchestration is possible, etc). • Support Cyber Threat Management by supporting the PSS mandated Risk Management activities such as Threat & Risk Assessments, and enabling transfer of internal approaches into portfolio elements and offerings for Siemens Business Units. • Support the development of Managed Detection and Response (MDR) capabilities as Siemens offerings, including improving detection approaches and strategies up to developing and maintaining incident response playbooks and analyst trainings. • Develop showcases for our Living Lab Cybersecurity Analytics, to explain value of research results to potential collaboration partners within and outside of Siemens. • Support business development for the team by exploring customer demand, business opportunities, and collaboration potential with and for Siemens Business Units for BMC projects, as well as joint research projects with external entities (e.g., for government funded research projects). • Support research and consulting projects in the areas of cyber defense, monitoring and attack detection, and security testing, including software / PoC development, potentially supported by interns. • Publish and present novel ideas and techniques at selected journals and conferences. The Candidate Qualified candidates will have: • 5+ years of hands-on experience in vulnerability management in/for industrial environments, including incident response • M.Sc. in Computer Science, Information Security, Mathematics, or another relevant field required • Proven track record in cybersecurity research (e.g., through publications, talks, or other activities) required • Technical and hands-on knowledge & experience in current attack methods, cyber defense approaches and tools (including threat hunting), as well as cyber threat intelligence preferred • Ability to understand, find, verify, and explain security vulnerabilities, as well as their impact on industrial environments. Review and ensure the secure configuration of OS and network devices. • Certifications such as CISSP, CISM, CEH, and SANS GIAC certifications (such as GCDA, GCTI) are a plus • Proficiency in a scripting language like Python, PowerShell, LUA, or Bash. • High work ethics and sense of ownership for the delivered results • Excellent communication skills in English required • Willingness to travel, up to 20% (domestic/international) What do we offer? Our team is part of Siemens Technology (T), which is Siemens’ central Research & Development department. The team is composed of consultants, innovators, engineers, and researchers that unite a passion about cybersecurity and securing our customers’ assets and networks - in domains such as control systems used in energy utilities that are part of the nation’s critical infrastructure, smart factories, building automation systems, intelligent transportation systems, healthcare, and innovative new products and solutions developed by Siemens. Our close contact to all our business units in Siemens provides the opportunity to contribute to and gain experience in real industrial applications. Our research team is located in beautiful Princeton, NJ, a university town packed with exceptional international talent that provides a unique feel of this true cultural gem in the state. The town has plenty of activities to offer, but for those looking for more, at just about 1h drive we have NYC or Philadelphia. We have the best public schools in the country and all of the above glued together by a very active and welcoming community. We also offer generous remote working options and flexible workdays, unlimited PTO, as well as robust health and wellness benefits to promote healthy living and support the best lifestyle for you and your family. As Siemens’ central Research & Development department, we embrace this community. Our core mission is to support our Siemens business units as a central knowledge hub for all cybersecurity capabilities globally. We research and develop new and innovative solutions, based on much-needed deep technical expertise, and our network with internal and external experts and academia. This allows us to invent new solutions and approaches, and verify their feasibility in the “real world” together with the product development teams of our business units – creating a stimulating setup for quick innovation cycles and rapid prototyping. The role of Cybersecurity Researcher within Siemens offers you the opportunity to support the transition of research results into industrial products, and to break & fix industrial assets to ensure security. We are not focused on executing project after project – our role is to understand customer and business unit pain points and problems, and devise innovative solutions to improve effectiveness, efficiency, coverage, and reduce risk of testing in industrial environments. Being researchers, our employees are encouraged to be active members of the national and global cybersecurity community, which includes visiting relevant conferences, publishing results, and engaging with academia, national labs, and other partners in joint research projects. We support employees’ growth with a continuous paid training plan, and enable career growth within our team, as well as into the larger Siemens company. Join Us We are more than employees; we are actively helping to make people’s lives a little better every day. Would you like to be a part of that? Then join us. We offer you a high level of practical relevance as well as an opportunity to individually contribute your knowledge and your visions around the world. Whether you’re helping to develop products for the operating units or working in interdisciplinary projects for the business areas: At Siemens Technology you’ll be working in the heart of Siemens’ technological research together with the best. Successful candidate must be able to work with controlled technology in accordance with US Export Control Law. US Export Control laws and applicable regulations govern the distribution of strategically important technology, services and information to foreign nationals and foreign countries. Siemens may require candidates under consideration for employment opportunities to submit information regarding citizenship status to allow the organization to comply with specific US Export Control laws and regulations. Additional information on the US Export Control laws & regulations can be found on http://www.bis.doc.gov/index.php/policy-guidance/deemed-exports/deemed-exports-faqs?view=category&id=33# Equal Employment Opportunity Statement Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law. EEO is the Law Applicants and employees are protected under Federal law from discrimination. To learn more, Click here. Pay Transparency Non-Discrimination Provision Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here. California Privacy Notice California residents have the right to receive additional notices about their personal information. To learn more, click here. #LI-JS Organization: Technology Company: Siemens Corporation Experience Level: Mid-level Professional Full / Part time: Full-time Equal Employment Opportunity Statement Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law. EEO is the Law Applicants and employees are protected under Federal law from discrimination. To learn more, Click here. Pay Transparency Non-Discrimination Provision Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here. California Privacy Notice California residents have the right to receive additional notices about their personal information. To learn more, click here.