Security Engineer

Select how often (in days) to receive an alert: Product Security Engineer Location: Kortrijk, BE The “ Product Security Engineer ” (PSE) is part of the “First Line of Barco Cyber Defense” within the Business Unit and manages technical aspects of product related security & privacy risks, aligned with the corporate strategy managed by the Security Office (second line of defense). The PSE reports to R&D management. The Product Security Engineer is responsible for information security and privacy aspects for products within his/her Business Unit on a technical level. The PSE is the first point of contact for all technical security questions from stakeholder functions like R&D. The PSE is responsible for leading and guiding implementation of product technical security & privacy controls, oversee and guarantee adoption of the secure software development lifecycle process, compliance with applicable regulations and informs the Security Office about the progress on these domains. Lead and mentor the group of R&D Security Champions and take ownership of the groups’ meetings and activities, while promoting a culture of security awareness Provide security insights and feedback to R&D at a highly technical level (e.g. during code reviews) Lead R&D teams during threat modeling security risk analyses during design/development phases in accordance with IEC 81001-5-1 and FDA’s premarket cybersecurity guidance. Challenge R&D teams and system architects about the why and how technical security controls should be integrated Design and document technical security controls in different product lines Drive security integration into all stages of the product lifecycle, from design to the post market stage, e.g: Threat modeling Code review process Application security testing (SAST, DAST, …) Vulnerability management (e.g. of open-source packages) Vulnerability scanning (tooling and configuration) Provide security support during product penetration tests executed by external partners Take ownership of incident response management and vulnerability disclosure processes Take ownership for ISO 27001 ISMS/audit product development related subjects Contribute to the creation of security whitepapers of the different product lines Key contact point for security/privacy related topics during pre-sales phase Stay up to date with the latest security/privacy technologies, trends and regulations Inform the Security Office about the state of security per product Education: Master's degree in IT or information security, or equivalent by experience Experience: At least 3 years of experience in information security or application security, preferably with a software development or software testing background Experience with agile development process across international teams Familiar with ISO 2700x frameworks and risk assessment/treatment Knowledge of third-party auditing and risk assessment methodologies Familiar with security attack pathologies Solid understanding of security protocols, cryptography, authentication, authorization and best practices, including secure boot chains. Proven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworksExperience with threat modelling of cloud-based systems (SaaS, IaaS, or PaaS) Excellent knowledge of secure coding practices and the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessment Experience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM) Ability to explain security concepts and security processes to technical stakeholders such as R&D Software Engineers Very broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontend Highly motivated individual with a genuine enthusiasm for information security and technology Eager to stay up to date with the latest technologies Customer-centric mindset Good verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive management Good communication skills both verbal and written English Ability to prioritize workloads and to know when to seek guidance Differentiation Criteria Preferably holder of certifications like GIAC, CISSP, CISM, … Experience with cybersecurity standards from the medical device industry (e.g. MDCG 2019-16, IEC 81001-5-1, FDA premarket guidance, …). 🛡️ We are committed to conducting our business activities with the highest standards of integrity, responsibility and compliance across all aspects of our operations.This includes adherence to applicable laws, regulations and internal policies related to ethical conduct, quality standards, cyber security, sustainability, data protection & confidentiality and safety. We are offering a collaborative environment where we welcome differences and embrace everyone’s uniqueness. It is the only way to visioneer a bright tomorrow. We are committed to building a culture where everyone - regardless of their background, age, gender, sexual orientation, physical ability… - can work, grow and thrive. 🛡️ We are committed to conducting our business activities with the highest standards of integrity, responsibility and compliance across all aspects of our operations. This includes adherence to applicable laws, regulations and internal policies related to ethical conduct, quality standards, cyber security, sustainability, data protection & confidentiality and safety. D&I StatementAt Barco, innovation drives everything we do. We believe that diversity fuels creativity, bringing us closer to our colleagues and customers. Inclusion and equity aren't just values—they're core capabilities that propel us toward our shared goals and mission. At Barco, we design cutting-edge technology that enhances everyday life through advanced visual experiences. As a global leader in collaboration and imaging, we serve the Enterprise, Healthcare, and Entertainment industries with innovative tools that empower professionals to communicate and perform at their best. With a strong commitment to quality, reliability, and sustainability, our technologies are trusted in over 90 countries. Backed by a team of 3,200+ employees, we continue to push boundaries and shape the future of digital imaging and connectivity. #J-18808-Ljbffr