Senior Product Security Engineer (m/w/d)

About

Our team consists of leading industrial experts in the fields of Industry 4.0, Smart Factory and IIoT. These talented professionals work closely with partners to find dynamic solutions for their digital transformation efforts. Our structure enables us to provide customers and partners with the best of both worlds: the agility and dynamism of a startup, backed up by the institutional know‑how of our shareholders VusionGroup and Bossard AG. Join us. Let’s disrupt the future of industrial IoT together.

Responsibilities

• Define and drive the strategy for product security, privacy and compliance across Vusion cloud platforms, devices and product lines in collaboration with engineering and legal teams
• Lead threat modelling, security architecture reviews, and security‑by‑design practices for cloud, gateway, and device solutions
• Discover, triage and prioritize vulnerabilities via code reviews, fuzzing, static analysis and penetration testing
• Design and improve security controls for connected products, including secure provisioning, PKI and certificate lifecycle management, secrets management, secure boot, firmware signing, and OTA integrity
• Work closely with engineering teams to remediate vulnerabilities found internally or reported by researchers and help drive durable fixes
• Establish and review security monitoring, audit logging, periodic assessments, and control effectiveness across services and products
• Evaluate new security tools, services, and architectural patterns to ensure Vusion uses state‑of‑the‑art security technologies in a pragmatic way

Qualifications

• Bachelor’s degree in computer science, cybersecurity, network engineering, or a related field, or equivalent work experience
• 7+ years of experience in product security, security architecture, and/or cloud security, ideally in IoT or cloud‑connected device environments
• Hands‑on experience with IoT platforms, large‑scale distributed systems, and cloud‑connected client‑server architectures
• Defining production procedures for secure boot, key provisioning, signing production data, signing software and firmware images, certificate and key management
• Experience with threat modelling, secure SDLC practices, SAST/DAST/SCA, SBOMs, vulnerability management, and remediation of penetration‑test findings
• Prior privacy and compliance experience with frameworks such as GDPR, ISO 27001, SOC 2, and the EU Cyber Resilience Act
• Relevant security certifications such as CSSLP, CCSP, CISSP, or AZ‑500 are a plus
• Excellent communication skills, with the ability to articulate a compelling security vision and educate teams on secure design and common vulnerability classes
• Self‑motivation, strong problem‑solving skills, and a passion for staying current with modern security tools, infrastructure, and industry best practices

Benefits

• Competitive pay and shareholder equity
• Flexible, hybrid work schedule
• Company doctor (health benefits)
• Company merchandise and presents
• Notebook (can also be used privately)
• Good public‑transport connections with financial support
• Flexible working hours and home‑office option
• No dress code / casual style
• No All‑In contract
• Team events
• Beautiful Mur within walking distance
• Accessibility features and bicycle parking
• Canteen with varied meals and financial assistance, nearby kebab, fresh fruits, coffee/tea/water
• Electric charging station
• Airport Graz nearby
• Multicultural environment with colleagues from around the world

A minimum basic salary of EUR 3,954.00 gross per month for full‑time employment applies, with willingness to adjust based on actual qualifications.