Senior Product Security Incident Response Engineer (m/f)

• →Manage the intake, analysis, and resolution of security vulnerabilities and incidents
• →Coordinate security incident response activities in collaboration with development, DevOps, QA, and security teams
• →Define and continuously improve vulnerability management processes
• →Communicate with external vulnerability reporters, partners, and regulatory bodies
• →Ensure the timely publication of security advisories
• →Monitor relevant security standards (ISO 27001, ISO 29147, ISO 30111, NIST, CVSS, CWE) and regulations (NIS2/ZKS, CRA, CSA, GDPR)
• →Prepare security incident reports and manage related metrics
• →Educate internal teams on security practices and procedures

• Several years of experience in information security, with a focus on incident response or vulnerability management
• Experience leading teams or coordinating cross-functional initiatives
• Good understanding of application, network, and infrastructure security
• Deep understanding of common vulnerability classes (OWASP Top 10, CWE Top 25) and exploitation techniques
• Knowledge of standards and regulatory frameworks such as NIST, OWASP, NIS2, the Cyber Resilience Act (CRA), GDPR, ISO/IEC 27001, ISO/IEC 29147, and ISO/IEC 30111
• Experience with vulnerability tracking tools and ticketing systems
• Excellent communication and organizational skills
• Experience working under pressure, including crisis communication and managing multiple parallel incidents
• Professional working proficiency in English

• Certifications such as CISSP, CISM, GCIH, or similar
• Experience working in a PSIRT or similar security teams
• Knowledge of coordinated vulnerability disclosure processes, with hands-on experience in CVSS scoring and the CVE process
• Experience with reverse engineering, penetration testing, or exploit development
• Experience working with SBOMs (CycloneDX, SPDX) and tools such as Dependency-Track
• Experience with cloud security and container security

We look forward to meeting you!