Senior Product Security Engineer (m/f/d)

We are looking for an experienced and talented Senior Product Security Engineer (m/f/d) to join our team. This individual will help build and enhance our Product & Solution Security (PSS) program. As a senior Product Security Engineer for our medical devices, cloud-based software, and connected solutions, you will be responsible for integrating security into the product lifecycle, ensuring regulatory compliance, and driving a security-first culture.

This is a senior technical role, reporting to the Head of Product and Solution Security, working cross-functionally with R&D, GBUs, Quality Assurance and Regulatory Affairs (QARA), Legal, Sales, IT, and engineering teams within the CTO organization. You will lead secure design reviews, threat modeling, technical code reviews, and the implementation of DevSecOps best practices, tools, and processes.

Senior Product Security Engineer (m/f/d)

Your responsibilities

· Define and maintain secure design patterns, standards, and reference architectures for all products and solutions.

· Lead threat modeling, security risk assessments, and secure architecture validation across multiple product lines.

· Perform security assessments of code, configurations, and components of complex solutions involving multiple products.

· Embed security into system and software design in collaboration with product management, engineering teams, and QARA.

· Implement and manage security tools and automation in CI/CD pipelines, driving shift-left practices.

· Develop and refine security engineering and architecture standards.

· Design and advise on technical and administrative security countermeasures to manage risk across our products and solutions.

· Ensure product security compliance with FDA, ISO 13485, IEC 62304, HIPAA, GDPR, and IEC 81001-5-1.

· Support regulatory pre-market and post-market cybersecurity compliance (e.g., FDA 510k submissions).

· Define and monitor KPIs and KRIs to track security posture improvements and incident response across our product portfolio.

· Act as a trusted advisor across product teams in the CTO organization and set standards for vulnerability remediation and secure coding.

· Drive the automation of security testing and compliance validation practices.

· Actively participate in architecture governance boards and cross-functional security initiatives.

· Promote a culture of security awareness across the organization.

· Mentor junior and mid-level engineers on secure design, engineering, and coding practices.

Requirements and Qualifications

Education:

· Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.

Years and Type of Experience:

· 8+ years of experience in cybersecurity, product security, software and hardware security, and cloud security. Experience in the medical device or healthcare industry is a strong plus.

· Industry recognized certifications like CISSP, CSSLP, CCSP, OSCP, or OSCE is a strong plus.

Key Skills, Knowledge & Capabilities:

· Proven ability to influence product roadmaps and collaborate effectively with cross-functional teams.

· Strong project management skills, ensuring security initiatives are tracked, measured, and continuously improved.

· Deep knowledge of Secure SDLC (SSDLC) and Secure Product Development Frameworks (SPDF).

· Proven experience implementing secure SDLC practices, DevSecOps and collaborating with engineering teams.

· Proficiency with SAST, DAST, SCA, and CI/CD pipeline integration.

· Strong understanding of secure coding, testing practices, and security automation techniques.

· Knowledge of software, IoT, firmware, and hardware security.

· Experience with cloud security platforms (AWS, Azure, GCP, Alibaba).

· Solid grasp of cryptography, API security, and data protection.

· Experience with threat modeling methodologies (e.g., STRIDE, DREAD, PASTA).

#LI-AS2