Product Security Engineer

In your role as Product Security Engineer (m/f/d) you will be responsible for integrating and maintaining robust security practices within the product development process, ensuring that security risks are managed effectively and that products are resilient against potential threats.

This role plays a critical operational role in the implementation and execution of the Product Security Program across the global product portfolio, including active, nonactive, and digital products. The function supports the Product Security Officer by applying cybersecurity principles in day-to-day development activities, coordinating post market assessments, documenting risks, and ensuring the application of defined processes and controls in alignment with regulatory requirements and internal standards.

You will work closely with engineering, design quality, regulatory, and post-market teams to help embed security by design, support vulnerability handling, and contribute to continuous improvement of the product security framework.

Your tasks

• Provide hands-on security engineering support across the Water Systems product family, including embedded controllers, IoT components, and connected digital services
• Partner with R&D to integrate cybersecurity controls early in the development lifecycle, including, but not limited to secure boot, encrypted communication, and access control mechanisms
• Perform security design reviews, support code-level mitigation efforts, and contribute to validation of security features for WTS products and related platforms
• Serve as the technical point of contact for security topics related to WTS products, connectivity modules, and system interfaces
• Contribute to the operational execution of the Product Security Program within the assigned portfolio, ensuring alignment with internal frameworks and regulatory requirements (e.g., FDA, MDR, IEC 81001-5-1)
• Support vulnerability handling and coordinated disclosure processes, including triage, remediation tracking, and external communication preparation
• Participate in post-market surveillance of cybersecurity issues, including analysis of incidents and integration of lessons learned into the development process
• Maintain product-specific cybersecurity documentation, metrics, and audit-ready records
• Develop and maintain cybersecurity plans (e.g., Cybersecurity Management Plan) throughout the product lifecycle
• Perform or support threat modeling, attack surface analysis, and cybersecurity risk assessments in accordance with regulatory expectations and internal documentation
• Assist in defining risk mitigations and evaluating residual risks to support design decisions and regulatory justifications
• Contribute security input to product roadmaps, change impact assessments, and submission dossiers
• Participation in medical device cybersecurity events/conferences

Your profile

• Successfully completed bachelor’s or master’s degree in computer science, information technology or similar field of specialization
• Minimum 5 years of professional experience in IT Security, cybersecurity (e.g. embedded systems, risk management, regulatory requirements) with in-depth knowledge of enabling technologies and technical solutions in the field of cybersecurity
• Ideally experience in R&D in medical devices or other industries with international exposure and heavy regulated environments (e.g.: medical, automotive, d&s, nautical, avionics)
• Knowledge of relevant cybersecurity regulations and guidelines (FDA pre-market and post-market guidance, section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0)
• Knowledge of R&D related processes and methodologies (e.g. cybersecurity, product risk management, etc.)
• Experience in embedded systems development is an advantage
• Knowledge of relevant software quality regulations and guidelines such as IEC 62403, IEC 82304 is an advantage
• Knowledge of cybersecurity relevant tools (e.g. Microsoft Threat Modelling Tool, Binary Analysis Tools, Static code analyzers, system hardening tools, Kali Linux)
• Knowledge of software testing and software development tools
• Knowledge of medical device field and application
• High engagement on achieving the targets and on the objectives of the position, proactive and solution-oriented approach towards problems, ability to work cross functional with all levels of employees
• Fluent in English in written and spoken; German language is a plus