Senior Staff OT Security Engineer
Dexcom
Cyber SecurityFirewallsIoTJavaPython
Product Security Engineer
Fresenius Medical Care
full-time
Posted on:
Origin: • 🇩🇪 Germany
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
Cyber SecurityIoTLinux
About the role
- Provide hands-on security engineering support across the Water Systems product family, including embedded controllers, IoT components, and connected digital services
- Partner with R&D to integrate cybersecurity controls early in the development lifecycle, including, but not limited to secure boot, encrypted communication, and access control mechanisms
- Perform security design reviews, support code-level mitigation efforts, and contribute to validation of security features for WTS products and related platforms
- Serve as the technical point of contact for security topics related to WTS products, connectivity modules, and system interfaces
- Contribute to the operational execution of the Product Security Program within the assigned portfolio, ensuring alignment with internal frameworks and regulatory requirements (e.g., FDA, MDR, IEC 81001-5-1)
- Support vulnerability handling and coordinated disclosure processes, including triage, remediation tracking, and external communication preparation
- Participate in post-market surveillance of cybersecurity issues, including analysis of incidents and integration of lessons learned into the development process
- Maintain product-specific cybersecurity documentation, metrics, and audit-ready records
- Develop and maintain cybersecurity plans (e.g., Cybersecurity Management Plan) throughout the product lifecycle
- Perform or support threat modeling, attack surface analysis, and cybersecurity risk assessments in accordance with regulatory expectations and internal documentation
- Assist in defining risk mitigations and evaluating residual risks to support design decisions and regulatory justifications
- Contribute security input to product roadmaps, change impact assessments, and submission dossiers
- Participation in medical device cybersecurity events/conferences
Requirements
- Successfully completed bachelor’s or master’s degree in computer science, information technology or similar field of specialization
- Minimum 5 years of professional experience in IT Security, cybersecurity (e.g. embedded systems, risk management, regulatory requirements) with in-depth knowledge of enabling technologies and technical solutions in the field of cybersecurity
- Ideally experience in R&D in medical devices or other industries with international exposure and heavy regulated environments (e.g.: medical, automotive, d&s, nautical, avionics)
- Knowledge of relevant cybersecurity regulations and guidelines (FDA pre-market and post-market guidance, section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0)
- Knowledge of R&D related processes and methodologies (e.g. cybersecurity, product risk management, etc.)
- Experience in embedded systems development is an advantage
- Knowledge of relevant software quality regulations and guidelines such as IEC 62403, IEC 82304 is an advantage
- Knowledge of cybersecurity relevant tools (e.g. Microsoft Threat Modelling Tool, Binary Analysis Tools, Static code analyzers, system hardening tools, Kali Linux)
- Knowledge of software testing and software development tools
- Knowledge of medical device field and application
- High engagement on achieving the targets and on the objectives of the position, proactive and solution-oriented approach towards problems, ability to work cross functional with all levels of employees
- Fluent in English in written and spoken; German language is a plus
