Product Security Expert

The Product Security Expert (f/m/d) plays a critical operational role in the implementation and execution of the Product Security Program across the global product portfolio, including active, nonactive, and digital devices. The function supports the Product Security Officer by applying cybersecurity principles in day-to-day development activities, coordinating post market assessments, documenting risks, and ensuring the application of defined processes and controls in alignment with regulatory requirements and internal standards.

The function works closely with engineering, design quality, regulatory, and post-market teams to help embed security by design, support vulnerability handling, and contribute to continuous improvement of the product security framework.

Your tasks

Execution of the Product Security Program

• Maintain and continuously update the Cybersecurity Risk Register for all products in the portfolio
• Execute the Post-Market Surveillance process for cybersecurity, including analysis of security-related complaints, incidents, and vulnerabilities
• Operate the Coordinated Vulnerability Disclosure and Incident Response process, including triage, coordination, tracking, and documentation.
• Act as the primary coordinator for product-related cybersecurity activities, working closely with R&D and system engineering teams to ensure secure product development
• Contribute to the development and rollout of cybersecurity-related policies, SOPs, and guidelines, ensuring alignment with the overall QMS and evolving regulatory requirements

Product-Level Security Planning

• Define and maintain Cybersecurity Management Plans and Security Verification Plans for CE products throughout the development lifecycle
• Support Security Risk Management activities, including threat and risk analysis, countermeasure definition, and evaluation of residual cybersecurity risks
• Support the preparation of risk/benefit assessments for cybersecurity risks to enable informed decision-making and documentation
• Collaborate in product roadmap planning, contributing cybersecurity input and supporting alignment with the state of the art in security technologies and practices

Your profile

• Successfully completed bachelor’s or master’s degree in computer science, information technology or similar field
• At least 5 years of professional experience in IT Security, cybersecurity (e.g. embedded systems, risk management, regulatory requirements) with in-depth knowledge of enabling technologies and technical solutions in the field of cybersecurity
• Experience in R&D in medical devices or other industries with international exposure
• Solid knowledge of the whole development cycle for products from regulated industries
• Knowledge of relevant cybersecurity regulations and guidelines such as (FDA pre-market and post-market guidance, Section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0)
• Relevant cybersecurity certifications are an advantage
• Knowledge of cybersecurity relevant tools (e.g. Microsoft Threat Modelling Tool, BlackDuck Binary Analysis Tool, Kali Linux)
• High engagement on achieving the targets and on the objectives of the position, proactive and solution-oriented approach towards problems, ability to work cross functional with all levels of employees
• Good and professional relationship to and communication with international colleagues and superiors
• Fluent English, in written and spoken, German language is a plus