Product Security Specialist

Role Overview

The Security Specialist supports product cybersecurity by driving securebydesign practices across HBKs diverse product portfolio including web desktop SaaS cloud embedded and firmware solutions. The role leads threat modelling and risk assessment activities performs vulnerability analysis and supports Cyber Resilience Act (CRA)aligned compliance initiatives. Acting as a trusted advisor and handson expert the Security Specialist ensures that security principles are embedded throughout the entire product lifecycle requiring deep expertise in security concepts risk assessment threat modelling and modern development practices.

Key Responsibilities

• Lead threat modelling and risk assessment activities using STRIDE and TARA methodologies aligned with industryspecific standards such as IEC 62443.

• Derive productspecific security goals based on threat modelling and risk assessment outcomes serving as direct input for penetration testing scope and objectives.

• Support vulnerability assessment remediation tracking and continuous risk reduction across products.

• Promote secure coding practices and provide source code and configuration review support to product teams.

• Coordinate and support security testing activities including SAST DAST penetration testing and fuzzing.

• Maintain security documentation evidence and artefacts required for EU CRA compliance.

• Integrate security into software development processes by leveraging modern security tools and frameworks (e.g. static code analysis fuzzing security testing frameworks).

• Ensure the correct application of cryptographic techniques for data protection.

• Support compliance with relevant security standards and regulations including ISO 21434 (Automotive) IEC 62443 (Industrial) NIST SP 800 series EU Cyber Resilience Act (CRA) and ISO 27001.

• Guide product teams in implementing security controls required to achieve and demonstrate EU CRA compliance.

• Actively review code and system configurations for vulnerabilities and coach teams to prevent recurring security issues.

• Provide guidance on hardware security measures including the use of Secure Hardware Modules (SHM).

Qualifications

Education:

Bachelors or Masters degree in computer sciences Cyber Security orsome other engineering degree.

Required Experience and Skills

• Proven experience in security across multiple product types (web desktop SaaS cloud embedded firmware).

• Deep technical understanding of security concepts (IAM Secure Access Secure Boot Secure On board communication Encryption Secure Coding Practices etc).

• Hands-on experience in Threat Modelling (STRIDE) Risk Analysis (TARA) Vulnerability hunting and source code reviews.

• Familiarity with one or more recognised security standards and regulations such as EU CRA (Cyber Resilience Act) CSMS UNECE R156/R157 ISO 21434 (Automotive) IEC 62443 (Industrial Control Systems) ISO 27001 and NIST SP 800 series

• Strong background in modern software development (C Java) on Linux/Android.

• Understanding of cryptographic fundamentals and secure hardware concepts.

• Strong expertise in both System and SW Engineering

• Expert in Requirement Engineering and requirement based development

• Good understanding of different architectures operating systems(Linux/QNX/Microsar) hardware & software security concepts cryptography debugging techniques

• Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts.

• Excellent communication skills to effectively engage with engineering teams customers and stakeholders.