Cybersecurity engineers are responsible for understanding and contributing to Security by Design practices, secure application software development lifecycle practices, security testing and assessment, and the integration of Security with DevOps. This role is responsible for security engineering of the cloud (AWS, Azure) environments and vulnerability management of both Infrastructure as Code (IaC) and application development (SAST/DAST). Engineers will spend their time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.
Engineers must have the following:
3-5 years of CyberSecurity experience
Familiarity with Web Application Security standards (OWASP, MITRE)
Experience with application security technologies including SCA/SAST/DAST and the ability to identify false positives and assist with remediation planning
Previous experience integrating security tools in CI/CD development pipelines
Excellent verbal and written communications
Preferred candidates should have:
5+ years Cybersecurity experience
Professional certification (CISSP, CCSP, GWAPT, GWEB, AWS SA / Certified Security, etc.)
1-3 years working directly with Cloud Infrastructure as code (CFT, TF) in AWS
Familiarity with ServiceNow VM and GRC modules
Development of automation and scripting 10+ years experience.
Position s Contributions to Work Group:
Supports the execution of the A&A security compliance and assurance program across regulated products and platforms. This role is responsible for day-to-day compliance activities, evidence development, customer security responses, and standards alignment under the direction of the A&A Security GRC Manager.
The role works hands-on with engineering, product, and quality teams to ensure A&A products meet requirements for EU Cyber Resilience Act (CRA), IEC 62443, ISO 27001, and ISO 9001, and that evidence is accurate, current, and audit-ready.
This is a delivery-oriented role suited for a strong practitioner who understands security and compliance in product environments and wants to grow depth and influence.
Typical task breakdown:
Security Compliance Execution
Support execution of the A&A security compliance program across products and platforms.
Assist with implementation and evidence collection for: EU Cyber Resilience Act (CRA); IEC 62443-4-1 / 4-2; ISO/IEC 27001; ISO 9001 (quality system alignment)
Translate requirements into practical artifacts such as procedures, checklists, templates, and evidence packages.
Audit & Evidence Support
Prepare and maintain audit evidence for internal audits, ISO surveillance audits, and customer assessments.
Track compliance gaps, findings, and corrective actions.
Support audit activities by coordinating inputs from engineering, product, and platform teams.
EU CRA & Product Security Support
Assist with CRA-related activities including: Secure-by-design documentation; Vulnerability management evidence; SBOM and technical documentation alignment
Help maintain consistency between declared security posture and actual product implementation.
IEC 62443 & Secure Development Practices
Support product teams in aligning to IEC 62443 secure development lifecycle expectations.
Assist with mapping engineering practices to required controls and evidence.
Participate in security or compliance reviews as requested.
Customer & Third Party- Security Responses
Draft and maintain responses to customer security questionnaires and assessments.
Collect and validate technical inputs to ensure responses are accurate and defensible.
Escalate complex or high-risk issues to the SG25 manager.
Risk & Issue Tracking
Identify compliance gaps, risks, or deviations and raise them through defined processes.
Maintain logs for findings, risks, and remediation status.
Support documentation for risk acceptances and exceptions (approval handled by leadership).
Cross Functional- Collaboration
Work closely with Engineering, Product, Quality, and Platform teams to gather evidence and drive closure of gaps.
Coordinate with Enterprise Security and Quality teams as needed.
Interaction with team:
Global collaboration with cross-functional teams, balancing independent ownership of tasks while working closely on regulatory compliance across business units.
Education & Experience Required:
Years of experience: 10+ years experience in cybersecurity, product security, compliance, or regulated product environments
Working knowledge of: IEC 62443 or similar product security standards; ISO/IEC 27001 concepts; Secure development lifecycle practices
Experience supporting audits, assessments, or customer security reviews
Top 3 Skills:
Compliance
Effective communication skills
Cyber Security technical experience
Soft Skills Desired:
Speaks Portuguese or Spanish
Never miss an opportunity! Create an alert based on the job you applied for.
