Security Analyst / Product Security Engineer (software) (m/f/d)

Security Software Architect

Define and maintain the security architecture of the tester software platform, primarily focusing on Linux workstation software.

Translate Cyber Resilience Act (CRA) essential cybersecurity requirements into concrete software development practices and product requirements.

Perform threat modeling and security risk analysis for the software architecture, interfaces, and external integrations.

Identify and analyze security vulnerabilities in the software stack (C++, Java, Linux environment).

Establish and maintain secure development practices, including:

• secure coding guidelines
• security-focused code reviews
• use of static and dependency security analysis tools

Monitor security advisories and vulnerability databases (e.g. CVEs) for third-party libraries, Linux components, and external dependencies used by the product.

Investigate reported vulnerabilities or security incidents affecting the software and coordinate root cause analysis and remediation with development teams.

Define and maintain processes for vulnerability handling and disclosure, including tracking, prioritization, and remediation.

Support development teams in implementing security controls, such as:

• authentication and authorization mechanisms
• secure use of cryptographic functions
• protection against common software vulnerabilities

Define requirements and concepts for secure software updates and software integrity protection.

Contribute to security documentation required for CRA compliance, including risk assessments and security-related product documentation.

Act as security advisor for development teams, helping them design and implement secure solutions.

Assess security implications of executing customer-provided test programs and define safeguards such as sandboxing, permissions, or execution isolation.