FERNRIDE

Staff Systems Engineer – Product Security

FERNRIDE

full-time

Posted on:

Location Type: Hybrid

Location: MunichGermany

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

Cyber Security

About the role

  • Establish and shape cybersecurity awareness and management across the product domain.
  • Conduct threat analysis and risk assessment (TARA) — identify assets, model threat scenarios and attack paths, assess attack feasibility and impact, and determine cybersecurity assurance levels.
  • Define and maintain attacker and asset models — adversary profiles, asset criticality classifications, and security domain boundaries.
  • Specify security controls — defense-in-depth measures including network segmentation, access control, authentication, encryption, secure boot, and intrusion detection.
  • Define technical security architecture — security domains, trust boundaries, secure communication channels, and key management strategy.
  • Own supply chain security — evaluate third-party components for known vulnerabilities, define secure procurement requirements, and manage the SBOM.
  • Define secure development lifecycle requirements and align with engineering teams on security-relevant coding practices and CI/CD pipeline security.
  • Own cybersecurity risk acceptance — present residual threat risk arguments and recommend security posture conditions for product release.
  • Define operational security measures — incident response procedures, security monitoring, update/patch management, and key rotation.
  • Maintain cybersecurity concept documents and compliance matrices (Cyber Resilience Act, Radio Equipment Directive security clauses, AI Act security clauses).
  • Coordinate with System Safety on threat landscape input for hazard analysis (cyber-physical attack paths), alignment of operational security and safety measures, and safety-security interactions at mode-transition boundaries.
  • Coordinate with Design Assurance on shared technical architecture — fail-safe vs. fail-secure decisions, component selection criteria, and unified software development guidelines.
  • Translate security controls into actionable implementation guidance for engineering teams; review designs for attack surface exposure.
  • Define penetration test scope, attack simulation scenarios, and acceptance criteria for V&V; review and accept V&V evidence for cybersecurity claims.
  • Coordinate with Quantum Systems core group on security aspects of the C3 system (MOSAIC) and multi-domain operation.
  • Develop and maintain AI-assisted workflows for security analysis and compliance auditing.

Requirements

  • Deep expertise in cybersecurity management and engineering for embedded systems, with an engineering mindset and hands-on attitude.
  • Understanding of IT and embedded systems technology, and state-of-the-art security controls and approaches.
  • Experience with threat analysis and risk assessment (TARA), attacker modeling, and defense-in-depth architecture for resource-constrained platforms.
  • Experience with supply chain security — CVE tracking, SBOM management, secure procurement requirements.
  • Understanding of secure development lifecycle practices — code review, static analysis, dependency scanning, CI/CD security gates.
  • Strong collaboration skills — you work closely with safety engineers, hardware/software teams, and V&V to find feasible solutions that don’t cause unacceptable cybersecurity risks. Interest in AI-assisted engineering workflows and willingness to shape how AI tools support security analysis and compliance management.
  • Comfortable working with software development tools — GitHub, VS Code, Bazel, Markdown, CI/CD pipelines — to operate and evolve the AI-assisted methodology.
  • Working knowledge of ISO 21434, IEC 62443 series, EU Cyber Resilience Act, Radio Equipment Directive (security aspects), and AI Act (security aspects).
Benefits
  • Flexible working hours & remote work
  • All-day breakfast and unlimited drinks, fruits, and snacks
  • Lunch subsidy
  • Select one of three options: (1) EUR 40 Spendit card /month (2) Wellpass (3) Mobility card
  • Company pension scheme
  • Team, department, and company events
  • 30 days of vacation
  • Up to six weeks of remote work in countries covered under the EHIC (European Health Insurance Card)
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity managementthreat analysisrisk assessmentattacker modelingdefense-in-depth architecturesupply chain securitysecure development lifecyclepenetration testingincident responsesecurity monitoring
Soft Skills
collaborationcommunicationproblem-solvingengineering mindsethands-on attitude