Senior Product Security Architect (m/f/d)
- Establish best practices for the effective avoidance, identification, and resolution of security weaknesses in products, services, and related processes for FMC products and services.
- Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle (from concept through deployment and use), including conducting security reviews and coordinating penetration testing.
- Lead & Partner with developers and testers in security activities during the product lifecycle, such as secure design reviews/threat modeling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.
- Innovate on technical solutions to solve security challenges in product architecture, implementation, testing, release, and operations.
- Coordinate and guide the response to security vulnerabilities that are reported by 3rd party researchers or customers against released products and services.
- Work closely with other security professionals in Information Security or other groups at Fresenius Medical Care to execute key functions such as secure code signing, secure manufacturing, and secure product operations.
- Contribute to the risk management process for product development.
- Perform analysis and execute POCs (Proof of Concepts) or POFs (Proof of Feasibility) initiatives covering medical device security and advanced cryptography.
- Bachelor’s Degree in related engineering or scientific discipline required; Advanced Degree desirable
- 5+ years in a Product Security Architect role
- Secure software / systems development lifecycle experience
- Demonstrable knowledge and experience in System security engineering/ Embedded device security/ Security Testing or Penetration Testing/ Cryptography
- Knowledge of common security standards and best practices
- Experience with Cryptographic Libraries (wolfSSL/OpenSSL) and PKI
- Experience leading secure architecture, design, and code reviews
- Direct development experience in languages including C/C++ (x86 or ARM), Python, and Java; Go or Swift experience desirable
- Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Incident Handler (GCIH), or SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification
- Experienced and comfortable making risk-based recommendations and judgments
- Excellent written and verbal communication skills; must understand and be able to deliver security concepts and challenges to various levels within the organization (e.g. developers, program management, business leaders)
Working@Global Research & Development (GRD)
Our aim in GRD: Global research. We work together with strong partners and start-ups. An inspiring environment awaits you with the freedom that you need. Over 1200 colleagues from different disciplines work in international teams.
The Schweinfurt site
This is where the technology centre for the development and production of dialysis machines for the global market is currently being established. In the centre of a modern environment, we create room for innovation and purposeful project work.
Contribute to our work and use your knowledge to improve the quality of life of patients. Thanks to our work, dialysis patients can look to the future with confidence today. The demand for modern dialysis processes is increasing globally – for us, this means that we are growing.
Let’s work together: inquisitive and with high demands for quality.
Global Research & Development (GRD)