Product & Solution Security Officer
Role details
Job location
Tech stack
Job description
personal development that you can tailor to your interests Since each of over 300,000 team members feels that other benefits are particularly important, and we cannot list our entire benefit portfolio here, you can find more information here. The individual benefits are subject to regulatory, contractual, or corporate conditions. You'll make an impact by - Providing expert guidance to the team of Product & Solution Security Experts and working closely with them to shape the security strategy for our products and solutions- Advising product management, development teams, and architects across all phases of the product lifecycle - from concept to maintenance -on security requirements, best practices, and Security by Design- Defining and implementing security concepts, analyzing and assessing security risks, and deriving appropriate measures to mitigate them- Ensuring compliance with relevant
Requirements
security standards, policies, and regulatory requirements (e.g., IEC 62443, ISO 27001, CRA, GDPR)- Conducting security reviews, threat analyses, and risk assessments, supporting penetration testing and vulnerability scans, and coordinating the remediation of identified vulnerabilities- Supporting the handling of security incidents and vulnerability reports and coordinating communication with internal and external stakeholders- Designing and leading training sessions and workshops on product security, while promoting a sustainable security awareness culture within development teams- Creating and maintaining security documentation, policies, and processes, building a network with internal and external security experts, and regularly reporting on the security status to management Y****our success is grounded in - Education: We look forward to getting to know you if you have successfully completed a degree in computer science, IT security, electrical engineering, or a comparable field- Experience & Skills: - Extensive professional experience in the field of IT and cybersecurity, ideally complemented by deep subject-matter expertise in product security, embedded systems, or OT security - Profound knowledge of security architectures, cryptographic concepts and mechanisms, as well as common attack vectors, exploitation techniques, and threat scenarios - Extensive hands-on experience with established security tools and technologies, particularly SAST, DAST, and fuzzing, as well as ideally additional approaches for automated security validation and testing - Strong expertise in the development of secure software solutions, applying recognized secure coding principles and security-by-design development practices - Very good knowledge of relevant standards, frameworks, and regulatory requirements in the fields of information security, product security, and industrial cybersecurity, ideally including IEC 62443, NIST, or comparable frameworks - Demonstrated experience in performing threat analyses, vulnerability assessments, and risk evaluations, particularly using established methodologies such as STRIDE, DREAD, or comparable approaches - Solid understanding of agile development methodologies and collaborative ways of working, as well as experience operating effectively in cross-functional and interdisciplinary development environments - Relevant certifications such as CISSP, CISM, CSSLP, GSEC, or comparable qualifications are considered a strong asset - Ways of working: - Strong communication and presentation skills to convey complex security topics clearly- Analytical thinking as well as a structured and solution-oriented approach- High sense of responsibility, initiative, and team orientation - Languages: You impress us with very good English skills, both written and spoken. Good German skills are an advantage You are much more than your qualifications, and we
