Security Analyst / Product Security Engineer (Software) (m/f/d)

Job description

- Define and maintain the security architecture of the tester software platform, primarily focusing on Linux workstation software. - Translate Cyber Resilience Act (CRA) essential cybersecurity requirements into concrete software development practices and product requirements. - Perform threat modeling and security risk analysis for the software architecture, interfaces, and external integrations. - Identify and analyze security vulnerabilities in the software stack (C++, Java, Linux environment). - Establish and maintain secure development practices, including: - secure coding guidelines - security-focused code reviews - use of static and dependency security analysis tools - Monitor security advisories and vulnerability databases (e.g. CVEs) for third-party libraries, Linux components, and external dependencies used by the product. - Investigate reported vulnerabilities or security incidents affecting the software and coordinate root cause analysis and remediation with development teams. - Define and maintain processes for vulnerability handling and disclosure, including tracking, prioritization, and remediation. - Support development teams in implementing security controls, such...