Senior Product Security Engineer (m / w / d)

To strengthen our Quality- / Security team at Darmstadt, we are looking for you as a

Senior Product Security Engineer in Technology Governance and Compliance (m / w / d)

We are seeking a Senior Product Security Engineer in Technology Governance and Compliance. You should have exceptional skills with privacy and security by design, formal standards documentation, information security or application security, product development life cycle for medical devices, and experience with risk management and project management. You will report directly to the Senior Manager, Product Security and will collaborate with the other company-wide Information Security and relevant teams to ensure every medical device, both hardware and software, launched is as secure as possible and to increase the assurance levels of security in the infrastructure underlying all our products. In this role, you will analyze data, surface trends, and ensure compliance with product security regulatory requirements for software in a medical device or software as a medical device.

Main Responsibilities :

1. Coordinate with cross-functional teams for medical device security requirements throughout the product lifecycle, including risk assessment, security testing (SAST, DAST, SCA, penetration testing), and publication of product security collaterals.
2. Perform and participate in medical device security risk assessments, including threat modeling, security design controls, mitigations, and reporting.
3. Utilize software tools for process automation.
4. Support Regulatory Affairs and Quality Assurance teams with regulatory submissions to bodies such as US FDA, EU MDR, Japanese PMDA, China NMPA, or others.
5. Engage with development teams to review architecture, data flows, and system or software design for compliance with medical device security regulations.
6. Monitor and report on product security vulnerabilities through scans, customer feedback, and third-party reports.

Your Profile and Skills :

• Bachelor’s or master’s degree in Cybersecurity, Software Engineering, Biomedical Engineering, Risk Management, or related fields, or equivalent experience in the medical device industry.
• At least 7 years of professional experience across at least two technical disciplines such as application security, medical device security, risk management, or cloud security.
• Knowledge of medical device cybersecurity standards like IEC 81001-5-1, IEC TR 80001-2-2:2012, FDA Guidance, ISO 62304.
• Fluent in English; German skills are a plus.
• Strong problem-solving skills, attention to detail, and experience in root cause analysis.
• Proven project management and decision-making abilities.
• Experience with regulatory compliance and submissions.
• Team player with solution-oriented mindset.
• Willingness to travel approximately 5%, including international trips.

Preferred / Additional Skills :

• Knowledge of ISO 14971, ISO 13485, and medical device cybersecurity regulations and standards.
• Experience working across multiple geographies.
• Certifications such as CISM, CISSP, CISA, or others related to cybersecurity.
• Passion for continuous learning and applying new knowledge to risk assessment in medical device software.

What we offer :

• Dynamic, growth-oriented environment with varied activities.
• Open-door policy and agile decision-making.
• Supportive work atmosphere promoting autonomy and responsibility.
• Modern offices with latest technologies, hybrid work model.
• Training, company events, sports, work-life balance initiatives.
• Perks like free drinks, snacks, canteen, JobTicket, JobBike.

Our Mission :

exocad aims to make high-quality dental restorations accessible to all, improving quality of life through innovative software solutions in the dental industry.