Product Security Specialist

Role Overview The Security Specialist supports product cybersecurity by driving securebydesign practices across HBK's diverse product portfolio, including web, desktop, SaaS, cloud, embedded, and firmware solutions. The role leads threat modelling and risk assessment activities, performs vulnerability analysis, and supports Cyber Resilience Act (CRA)–aligned compliance initiatives. Acting as a trusted advisor and handson expert, the Security Specialist ensures that security principles are embedded throughout the entire product lifecycle, requiring deep expertise in security concepts, risk assessment, threat modelling, and modern development practices. Key Responsibilities Lead threat modelling and risk assessment activities using STRIDE and TARA methodologies, aligned with industryspecific standards such as IEC 62443. Derive productspecific security goals based on threat modelling and risk assessment outcomes, serving as direct input for penetration testing scope and objectives. Support vulnerability assessment, remediation tracking, and continuous risk reduction across products. Promote secure coding practices and provide source code and configuration review support to product teams. Coordinate and support security testing activities, including SAST, DAST, penetration testing, and fuzzing. Maintain security documentation, evidence, and artefacts required for EU CRA compliance. Integrate security into software development processes by leveraging modern security tools and frameworks (e.g., static code analysis, fuzzing, security testing frameworks). Ensure the correct application of cryptographic techniques for data protection. Support compliance with relevant security standards and regulations, including ISO 21434 (Automotive), IEC 62443 (Industrial), NIST SP 800 series, EU Cyber Resilience Act (CRA), and ISO 27001. Guide product teams in implementing security controls required to achieve and demonstrate EU CRA compliance. Actively review code and system configurations for vulnerabilities and coach teams to prevent recurring security issues. Provide guidance on hardware security measures, including the use of Secure Hardware Modules (SHM). Qualifications Education: Bachelor's or Master's degree in computer sciences, Cyber Security or some other engineering degree. Required Experience and Skills Proven experience in security across multiple product types (web, desktop, SaaS, cloud, embedded, firmware). Deep technical understanding of security concepts (IAM, Secure Access, Secure Boot, Secure On board communication Encryption, Secure Coding Practices etc). Hands-on experience in Threat Modelling (STRIDE), Risk Analysis (TARA), Vulnerability hunting and source code reviews. Familiarity with one or more recognised security standards and regulations, such as EU CRA (Cyber Resilience Act), CSMS, UNECE R156/R157, ISO 21434 (Automotive), IEC 62443 (Industrial Control Systems), ISO 27001, and NIST SP 800 series Strong background in modern software development (C++, Java) on Linux/Android. Understanding of cryptographic fundamentals and secure hardware concepts. Strong expertise in both System and SW Engineering Expert in Requirement Engineering and requirement based development Good understanding of different architectures, operating systems(Linux/QNX/Microsar), hardware & software security concepts, cryptography, debugging techniques Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts. Excellent communication skills to effectively engage with engineering teams, customers, and stakeholders. One Company – HBK Hottinger Brüel & Kjaer (HBK) is a global leader in the fields of sensors, data acquisition, analytics and collaboration for various R&D, production and in-operation applications. Until the end of July 2020, the companies were known as Hottinger Baldwin Messtechnik GmbH (HBM) and Brüel & Kjær Sound & Vibration Measurement A/S respectively. HBK is part of Spectris Limited and employs around 3500 people worldwide. Our product eco system covers all layers from sensors, electronics, to software and collaboration. Our customers range from end users of the entire tool chain focusing on analytics and results in virtual testing, physical testing, and monitoring, to our OEM and system integrator partners and customers integrating our products into their own offering and solution. The product portfolio is as versatile and varied as our customer base covering many industries. We have engineering and production facilities in Germany, Denmark, UK, Portugal, USA and China and are represented in over 80 countries worldwide. We are proud to be one of the top three suppliers worldwide in our market segments served, thanks to our high-quality products and the commitment of our employees.