Product Manager Security (m/f)

Your responsibility:

Implementation of Secure Development Lifecycle (SDL) requirements over the entire product lifecycle.

Conducting Threat Modeling, Security Reviews and Risk Assessments for assigned products.

Tracing and management of product-specific security incidents to solution and status communication to management.

Control of supply chain security risks for external components. Collection and maintenance of evidence to meet compliance requirements.

Coordination of all security activities with development teams, security architects and product owners in cooperation with our vulnerability and penetration testing team.

Definition and development of product-specific safety requirements over the entire life cycle. Main contact partner for customer dialogue on security, assessments and vulnerability disclosure.

Supporting security training and assessments to ensure the expertise of product teams.

Mentoring of Product Security Engineers (if available) through reviews and professional guidance.

Contribution to security architecture and roadmap through consultation on new threats and technologies.

Your profile: At least 5 years of experience in Product Security or Application Security.

Understanding Secure Development Lifecycle (SDL) processes and common security compliance frameworks.

Detectable experience in carrying out safety tests with SAST, DAST and SCA tools.

Knowledge in one or more programming languages such as C#, TypeScript, Java, JavaScript, Dart, C++, Python or Delphi.

Experience in vulnerability management and risk assessments.

Embossed communication skills for technical and business stakeholders.

Project management experience in interdisciplinary teams.

Ability to actively improve safety culture.

Self-working and competence to initiate technical colleagues.

Good knowledge of German (C1) and English (C1)

Nice to have: Certification like CSSLP or comparable Secure Development certificates.

Knowledge of cloud security best practice (probably Azure).

Experience with enterprise security frameworks (e.g. SOC 2, ISO 27001).

Know-how in product or cloud security architecture.

Background in SaaS or Enterprise software environments.

What you can expect from us: Designed by our values & vision, we drive the digital transformation with our customers – for a digital, more efficient and sustainable engineering and construction. “Building Better Together” is more than a slogan for us. Because next to our customers you are in the foreground. So that you can fully develop your passion for your tasks, we support you through: a structured start: individual onboarding, organized networking

Goodies such as: Employee Benefits (e.g. Corporate Benefits), Premiums (e.g. for the wedding, birth, anniversary), equity participation Schneider Electric, employee events (team events, summer festivals, ...), depending on the location: table stool/tablet table/ dog tolerated, health management (e.g. discounts in the sports studio, company doctor, ...),...

a modern working time model: confidence working time, flexible working hours, possibility to work hybrid

Career development/ perspectives: team or role-based further development/ training, individual further development/ training, national and international career prospects within the RIB Group or Schneider Electric, ...

Your room for design options: proactive sharing of your ideas/ approaches/ process optimization within the team, operational ideas management, active participation in meetings on team and management level (RIB Town Halls), ...

Ways to be sustainable (depending on location & function): digital infrastructure, company bikes, driving cost subsidy, eAuto as a company car