Product Security Engineer (Product & Solution Security Expert) ICS (f/m)

Your responsibilities

• Ownership of the end-to-end security strategy for all Industrial Cabinet Solutions (ICS) software and firmware development
• Drive implementation and continuous improvement of secure-by-design principles aligned with ISA/IEC 62443 standards
• Ensure compliance with applicable legislation – in particular the EU Cyber Resilience Act (CRA) – including conformity assessments, vulnerability reporting requirements, and CE marking preparation
• Review and approve security test plans, penetration testing schedules, and red team activities
• Govern ongoing threat modeling and risk assessments for ICS' SaaS products and connected devices
• Develop and maintain security guidelines, procedures, and governance frameworks
• Report security posture, risks, and initiatives to business unit leadership
• Oversee secure software development lifecycle (SSDLC) integration into CI/CD pipelines and define and observe security related KPIs
• Mentoring ethical hackers and security testers
• Contributing to the wider PSSE community at the Phoenix Contact group
• Success Metrics: Reduction in security vulnerabilities identified post-release, Time-to-remediation for critical and high-severity vulnerabilities, Successful completion of penetration tests and security audits, Team security competency growth (certifications, training completion), Compliance readiness for EU CRA by enforcement date (December 2027), Guardrail improvements and security KPIs.

Our requirements

• Bachelor’s degree in cyber security or equivalent professional experience
• Fundamental knowledge of all aspects of cyber security including security management, system security and administration, network protocols, programming languages, threat and risk analysis, and security testing
• Extensive skills in at least one of the areas listed above
• Familiarity with ISA/IEC 62443 (industrial automation cybersecurity) standards
• Understanding of EU Cyber Resilience Act requirements and implementation timelines
• Knowledge of relevant frameworks (NIST CSF, ISO 27001, OWASP)
• Excellent written and spoken English (at least CEFR level C1)

Optional

• Bachelor’s and master’s degrees in cyber security
• Industry certifications, in particular Offensive Security Certified Professional (OSCP), Certified Penetration Testing Specialist (CPTS), Certified Secure Software Lifecycle Professional (CSSLP), or Global Industrial Cyber Security Professional (GICSP)
• Working proficiency in German (CEFR level B2)

What we offer

• A challenging work in an innovative Shared Services Center in Poznan
• A stable work in an international organization
• Participation in interesting projects
• Development opportunities and a wide range of training, including subsidised language courses
• Private medical care
• A multisport card
• Housing loans and a loan and assistance fund
• Annual bonus
• Flexible working hours
• Possibility to work remotely up to 8 days a month
• Subsidies for commuting more than 30 km from PxC BS
• A referral bonus

Benefits

• sharing the costs of sports activities
• private medical care
• sharing the costs of foreign language classes
• sharing the costs of professional training & courses
• life insurance
• remote work opportunities
• flexible working time
• integration events
• preferential loans
• parking space for employees
• extra social benefits
• pre-paid cards
• holiday funds
• redeployment package
• sharing the costs of holidays for kids
• baby layette
• school layette
• christmas gifts
• sharing the commuting costs
• employee referral program
• opportunity to obtain permits and licenses
• charity initiatives
• family picnics
• extra leave
• annual award