Senior Product Security Engineer (m / f)

We‘re the Yunex Traffic team, a global leader in intelligent traffic systems. We have been working on revolutionary technologies for the mobility of the future. We develop solutions for traffic management leading to greater traffic flow, safety, efficiency and environmental friendliness. The results of our work are perceived by the citizens in cities around the world.

Who are we looking for?

We're on the lookout for an experienced colleague and Principal / Senior Product Security Engineer to manage diverse cybersecurity projects, ensuring the integrity and resilience of our product portfolio.

What will be your responsibilities?

Lead risk assessments and threat modeling for our product portfolio and hosting solutions.

Be the Security Subject Matter Expert to product teams enabling the definition and implementation of security requirements across our product portfolio, ensuring compliance with customer requirements, norms, and applicable regulations to each market (e.g. IEC 62443, Cyber Resilience Act, and NIS2).

Guide and support product teams throughout the security processes and gates in our Product Life-cycle Management process, ensuring that products and hosting solutions satisfy all security dependencies.

Cooperate with our customer field services team to facilitate the adoption of security measures and compliance with norms and regulations, as well as to lead forensic activities and answer customer security enquiries.

Responsible for the delivery of managed security testing services to product and field customer service teams, such as vulnerability scans (SAST, DAST, and SCA), hardening benchmarks, and external penetration testing.

Coordinate lifecycle management activities of key tools used to enable our security capability.

What do you need to qualify for the role?

Bachelor’s degree in computer science, computer engineering, cybersecurity, and STEM courses;

10+ years of experience in the field of cybersecurity

Fluent in English (you will be part of an international team);

Solid understanding of European security regulations and directives such as the NIS2, Cyber Resilience Act, and RED;

Security first mindset and great communication skills, able to clearly express cybersecurity in simple terms with other functions;

Experience with DevOps practices and tools;

Clear understanding and experience with vulnerability management (SAST, DAST, and SCA);

Experience in securing IT and OT systems, including industrial control systems and next-generation firewalls;

Solid understanding and experience with IEC 62443, ISO 27001, and ISO 27005.

Experience with cloud computing and secure cloud architecture. Familiarity with key cloud services (AWS, Azure, GCP).

Project management skills. Familiarity with Scaled Agile Framework. Track record of successful project delivery in a complex environment;

Additional skills we value (not required)

GICSP, OSCP, CISSP, CEH certifications.

AWS, Azure, GCP Certified Solutions Architect.

Experience with Public Key Infrastructure solutions.

• German language is a plus.

With joining us, among other things, you will get :