Product & Solution Security Expert (Embedded Development) - m/f/d

Description du poste:

At our Siemens R&D Center we are focused on product development including software development, hardware development, mechanical design, and testing for the next generation concept of Industry 4.0.
We're seeking a Product & Solution Security Expert to join our team developing the next generation of the SIMATIC ET 200 family - our industry-leading decentralized I/O systems. As we expand the portfolio of our device family and implement advanced features and communication protocols, we're delivering solutions that help define the future of industrial automation.
This role is a unique opportunity for an engineer who combines strong firmware development capabilities with a product security mindset. A significant part of the role focuses on integrating security by design and by default throughout the product lifecycle, including IEC 62443 and EU Cyber Resilience Act expectations, while around 30% of the time can also be spent on hands-on embedded firmware development and implementation support.

Your task will be:

* Identification and elicitation of development requirements, review of specifications and architecture
* Advise product teams, product owners and developers on product cybersecurity, security requirements and risk-based decisions.
* Define and review security requirements, threat and risk analyses, and mitigation measures in line with IEC 62443, EU CRA and Siemens product security processes.
* Support secure architecture and design reviews for industrial automation products, including OT environments and secure communication.
* Coordinate vulnerability handling, root-cause analysis and remediation with development, testing and product management.
* Promote secure development and testing practices, including secure code reviews, SAST/DAST/SCA and security test planning
* Use AI tools effectively and responsibly to improve security analysis, vulnerability triage, documentation and team awareness
* Contribute directly to firmware development in C/C++ for embedded systems, especially in security-relevant areas and implementation of security requirements.
* Contribute to secure software architecture design and drive its implementation.
* Create, review and maintain security-related documentation, compliance evidence, risk analysis inputs, and quality records needed for audits, releases and product security governance
* Act as a bridge between development, testing and compliance activities - turning security requirements into practical engineering tasks whilst ensuring the necessary documentation and evidence are complete and audit-ready.
* Be a role model for ownership culture, compliance, and fair behavior
* Embed AI into everyday engineering workflows (from requirements to release) to boost speed, quality, and collaboration