Siemens Energy
Application Security Specialist (f/m/d)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Siemens Energy
Siemens Energy AG is a German energy technology company that specializes in sustainable energy solutions. With a presence in over 90 countries and around 100,000 employees, the company focuses on power generation, transmission, renewables, grid technology, storage, and industrial electrification. Siemens Energy has its roots in 1847 and became an independent entity in 2020 after spinning off from Siemens AG. The company offers a comprehensive range of technologies for the energy value chain. This includes gas and steam turbines for efficient electricity generation, HVDC systems for long-distance power transmission, and wind turbines through Siemens Gamesa. Siemens Energy also provides solutions for energy storage, hydrogen technologies, and the decarbonization of industrial processes. With a commitment to minimizing carbon emissions and enhancing efficiency, Siemens Energy plays a significant role in supporting the global energy transition.
Security at Siemens Energy
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Siemens Energy's AppSec philosophy emphasizes embedding security throughout the development lifecycle, integrating security controls and tooling into the workflow, and efficiently identifying and remediating vulnerabilities. Their mission involves a team of security experts for incident response, combining deep OT know-how with cutting-edge technology. The company is accountable for securing its business operations, products, data, and assets, with a focus on identifying cyber vulnerabilities and protecting all systems. A stated goal is that vulnerabilities are identified early and remediated efficiently, with critical vulnerabilities handled before exploit by automating identification. However, an explicit, centralized AppSec charter or published Application Security Policy is not publicly available.”
Security Team
Dr. Judith Wunschik serves as the Chief Cybersecurity Officer & Global Head of Cybersecurity, and is "Accountable for securing Siemens Energy's business operations, products, data, and assets."No public, verbatim statement was found regarding whether AppSec is centralized or embedded, or its direct reporting chain. The team size estimate is not publicly available. As of, there is 1 active AppSec job posting for an "Application Security Specialist (f/m/d)"(Job ID 281015). Common skill patterns from this posting include "Experience with security assessment tools such as Burp Suite, OWASP ZAP, SAST/SCA platforms"and "Proficiency in at least one major programming language (e.g., C++, Python, Java, Node.js, Go)."There is no public org chart or team-size statement, and no AppSec leadership beyond the global Chief Cybersecurity Officer with an explicit AppSec remit.
Key Initiatives
- Siemens Energy has a Security Champions Program, as evidenced by the quote "Contribute to initiatives such as security champions programs."Their "Shift Left"practices include efforts to "embed security throughout the development lifecycle"and to "Integrate and optimize automated security testing tools (SAST, SCA, DAST, container scanning) within the CI/CD pipeline."The vulnerability management process involves intake to "Identify, analyze, and track vulnerabilities,"with a goal that "Vulnerabilities are identified early and remediated efficiently."They have also "Handled critical vulnerabilities before exploit by automating identification."Secure SDLC artifacts include performing "security assessments for web, mobile, and API applications, including code reviews, threat modeling"and developing "secure coding guidelines, security standards, and architectural patterns."Recent initiatives (last 6 months) include updates to company cybersecurity pages ( /) describing capabilities like "Our team of security experts for incident response"and combining "deep OT know-how with cutting-edge technology,"as well as an active job posting for an Application Security Specialist .
- No public announcements of new company-wide AppSec programs or published SLA/MTTR targets for remediation were found.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.