Senior Product Security Engineer (m/w/d)

We are seeking a Senior Product Security Engineer in Technology Governance and Compliance. You should have exceptional skills in privacy and security by design, formal standards documentation, information security or application security, product development lifecycle for medical devices, and experience with risk management and project management.

You will report directly to the Senior Manager, Product Security, and collaborate with company-wide Information Security and other relevant teams to ensure that every medical device, both hardware and software, launched is as secure as possible. Your goal will be to increase the assurance levels of security in the infrastructure underlying all our products.

In this role, you will analyze data, surface trends, and ensure compliance with product security regulatory requirements for software in medical devices or software as a medical device.

1. Coordinate with cross-functional teams for medical device security requirements throughout the total product lifecycle, including risk assessment, security testing (SAST, DAST, SCA, penetration testing), and publication of product security collateral.
2. Perform and participate in medical device security risk assessments, including threat modeling, security design controls, mitigations, and reporting.
3. Use software tools for automation of processes.
4. Support Regulatory Affairs and Quality Assurance teams with regulatory submissions (e.g., US FDA, EU MDR, Japanese PMDA, China NMPA).
5. Engage with development teams to review architecture flows, data flows, and system or software design requirements for compliance with security standards.
6. Assess conformance through monitoring and reporting of vulnerability management, including vulnerability scans, customer complaints, and third-party reports.

• Bachelor’s or master’s degree in a relevant field or equivalent experience in the medical device industry.
• Minimum of 7 years of professional experience in at least 2 technical disciplines such as application security, medical device security, risk management, biomedical engineering, or cloud security.
• Knowledge of medical device cybersecurity standards (IEC 81001-5-1, IEC TR 80001-2-2:2012, FDA Guidance, ISO 62304).
• Fluent in English; German skills are a plus.
• Effective problem-solving, project management, and decision-making skills.
• Experience with regulatory compliance and submissions.

Travel: 5%, with some international travel required.

• Knowledge of ISO 14971 and ISO 13485 standards.
• Experience working across multiple geographies.
• Knowledge of cybersecurity regulations and standards such as ISO/IEC, AAMI, HSCC, EU MDR, NMPA, FDA.
• Information Security certifications (e.g., CISSP, CISA, CISM).
• Passion for continuous learning and applying IT knowledge to medical device security.

• Dynamic, growth-oriented environment with varied activities.
• Open-door policy, agile decision-making, and positive atmosphere.
• Modern offices, flexible hours, hybrid work arrangements.
• Training, company events, sports opportunities, and work-life balance initiatives.
• Perks: drinks, snacks, canteen, good transport links, JobTicket, JobBike.