Hannover, Germany
Product Cyber Security Expert (m/f/d)
Are you passionate about security engineering and cybersecurity risk management? Do you feel drive when you think about challenges of an efficient “Secure Software Development Lifecycle (SSDLC)”, “shifting security left” and security automation? Is finding and exploiting vulnerabilities in all sorts of software and IoT devices almost like a hobby for you? Then this is a great opportunity for you to join our R&D development team and collaborate side-by-side with software developers, architects, project- and product managers to create secure products and solutions for Consumer Audio. Your main responsibility is to minimize data privacy and security risks of our mobile apps, cloud services and audio products through the entire product lifecycle. In this responsible position you will collaborate across business units with other departments such as corporate Cyber Security Center of Excellence, IT, legal and quality management.
Your tasks:
- Identify and address cybersecurity and data privacy risks through the entire product lifecycle
- Conduct privacy impact assessments and threat modelling for products and services that we develop for our customers
- Ensure privacy and security principles are incorporated by design into our products and services
- Define, execute and establish security and data privacy verification activities such as development guidelines, reviews, SCA, SAST, DAST and penetration testing
- Perform and support vulnerability management for our products and services
- Support creation of privacy and security documentation including required regulatory evidence
- Contribute to security automation and development of DevSecOps practices
- Conduct security risk assessments, identify security risks, develop and propose appropriate remediation and mitigation options
- Evolve our privacy and security processes, methods and tools used for R&D product development and post-market monitoring
- Contribute into the development and execution of the corporate information security program
- Act as an ambassador of information security and risk matters; promote cyber security risk awareness across business functions
- Stay up-to-date on the latest cyber security trends, threats, risks and regulations
Your profile:
- Passionate about cybersecurity and data privacy
- BSc/MSc degree in computer science, software engineering or equivalent
- Ideally 5+ years of SSDLC experience
- Specialization or further education in cybersecurity such as CISSP, GIAC or similar is desired
- Result-oriented team player with a pragmatic approach and good communication skills
- Fluent in written and spoken English, German is a plus
Our offer:
- Training and development opportunities – we believe every employee deserves a development plan. Come, learn, and grow with us!
- Atmosphere of mutual trust in a highly motivated team
- Permanent contract, mobile working options
- (Semi)-flexible work schedule and interesting employee benefits
- Company sponsored employee appreciation event