122 113
18 711
Product & Solution Security Expert (PSSE) (f/m) Miejsce pracy: Poznań Technologies we use Operating system Windows macOS About the project Industrial Cabinet Solutions (ICS) is looking for someone to take responsibility for cyber security for all software development at the business unit, including clipx ENGINEER and clipx MASTER line. In this role, you’ll be instrumental in further improving how we securely develop, build, deploy, and operate our software solutions. Furthermore, you’ll help us get across the finish line with regards to compliance with the EU Cyber Resilience Act (CRA). If youre holding a similar position at the moment and looking for a change or are a seasoned cyber security expert with many years of experience in product development wanting to take it to the next level, we want to hear from you! Your responsibilities Ownership of the end-to-end security strategy for all Industrial Cabinet Solutions (ICS) software and firmware development Drive implementation and continuous improvement of secure-by-design principles aligned with ISA/IEC 62443 standards Review and approve security test plans, penetration testing schedules, and red team activities Govern ongoing threat modeling and risk assessments for ICS SaaS products and connected devices Develop and maintain security guidelines, procedures, and governance frameworks Report security posture, risks, and initiatives to business unit leadership Oversee secure software development lifecycle (SSDLC) integration into CI/CD pipelines and define and observe security related KPIs Contributing to the wider PSSE community at the Phoenix Contact group Success Metrics: Reduction in security vulnerabilities identified post-release, Time-to-remediation for critical and high-severity vulnerabilities, Successful completion of penetration tests and security audits, Team security competency growth (certifications, training completion), Compliance readiness for EU Cyber Resilience Act (CRA) by enforcement date (December 2027), Guardrail improvements and security KPIs. Our requirements Bachelor’s degree in cyber security or equivalent professional experience Fundamental knowledge of all aspects of cyber security including security management, system security and administration, network protocols, programming languages, threat and risk analysis, and security testing Extensive skills in at least one of the areas listed above Familiarity with ISA/IEC 62443 (industrial automation cybersecurity) standards Understanding of EU Cyber Resilience Act requirements and implementation timelines Knowledge of relevant frameworks (NIST CSF, ISO 27001, OWASP) Excellent written and spoken English (at least CEFR level C1) Optional Bachelor’s and master’s degrees in cyber security Industry certifications, in particular Offensive Security Certified Professional (OSCP), Certified Penetration Testing Specialist (CPTS), Certified Secure Software Lifecycle Professional (CSSLP), or Global Industrial Cyber Security Professional (GICSP) Working knowledge of the requirements of the EU CRA as well as the preparation of EU Declarations of Conformity Experience mentoring ethical hackers and security testers Working proficiency in German (CEFR level B2) Benefits sharing the costs of sports activities private medical care sharing the costs of foreign language classes sharing the costs of professional training & courses life insurance remote work opportunities flexible working time integration events preferential loans parking space for employees extra social benefits pre-paid cards holiday funds redeployment package sharing the costs of holidays for kids baby layette school layette christmas gifts sharing the commuting costs employee referral program opportunity to obtain permits and licenses charity initiatives family picnics extra leave annual award PHOENIX CONTACT WIELKOPOLSKA Sp. z o.o. We achieve a leading position thanks to innovative and modern operation, respect for the natural environment and the implementation of the principle that the most important good of the company are people. Wszystkie informacje o przetwarzaniu danych osobowych w tej rekrutacji znajdziesz w formularzu aplikacyjnym, po kliknięciu w przycisk "Aplikuj Teraz".