The “Product Security Engineer” (PSE) is part of the “First Line of Barco Cyber Defense” within the Business Unit and manages technical aspects of product related security & privacy risks, aligned with the corporate strategy managed by the Security Office (second line of defense). The PSE reports to R&D management.The Product Security Engineer is responsible for information security and privacy aspects for products within his/her Business Unit on a technical level. The PSE is the first point of contact for all technical security questions from stakeholder functions like R&D. The PSE is responsible for leading and guiding implementation of product technical security & privacy controls, oversee and guarantee adoption of the secure software development lifecycle process, compliance with applicable regulations and informs the Security Office about the progress on these domains. Main accountabilities: Lead and mentor the group of R&D Security Champions and take ownership of the groups’ meetings and activities, while promoting a culture of security awarenessProvide security insights and feedback to R&D at a highly technical level (e.G. during code reviews)Lead R&D teams during threat modeling security risk analyses during design/development phases in accordance with IEC -5-1 and FDA’s premarket cybersecurity guidance.Challenge R&D teams and system architects about the why and how technical security controls should be integratedDesign and document technical security controls in different product linesDrive security integration into all stages of the product lifecycle, from design to the post market stage, e.G: Threat modelingCode review processApplication security testing (SAST, DAST, …)Vulnerability management (e.G. of open-source packages)Vulnerability scanning (tooling and configuration) Provide security support during product penetration tests executed by external partnersTake ownership of incident response management and vulnerability disclosure processesTake ownership for ISO ISMS/audit product development related subjectsContribute to the creation of security whitepapers of the different product linesKey contact point for security/privacy related topics during pre-sales phaseStay up to date with the latest security/privacy technologies, trends and regulationsInform the Security Office about the state of security per product Education:Master's degree in IT or information security, or equivalent by experience Experience: At least 3 years of experience in information security or application security, preferably with a software development or software testing backgroundExperience with agile development process across international teamsFamiliar with ISO x frameworks and risk assessment/treatmentKnowledge of third-party auditing and risk assessment methodologiesFamiliar with security attack pathologies Competencies: Solid understanding of security protocols, cryptography, authentication, authorization and best practices, including secure boot chains.Proven experience with leading and guiding a group of stakeholders from different functions through threat modeling, utilizing STRIDE or other frameworksExperience with threat modelling of cloud-based systems (SaaS, IaaS, or PaaS)Excellent knowledge of secure coding practices and the Common Vulnerability Scoring System (CVSS) and its application during technical vulnerability assessmentExperience with management of 3rd party vulnerabilities through analysis of Software Bill of Materials (SBOM)Ability to explain security concepts and security processes to technical stakeholders such as R&D Software EngineersVery broad technical knowledge: from embedded devices to containerized deployments of services, from backend to frontendCoding skills: C, C++, JavaScript (Rust & Go a bonus)Highly motivated individual with a genuine enthusiasm for information security and technologyEager to stay up to date with the latest technologiesCustomer-centric mindsetGood verbal, written, presentation, facilitation, and interaction skills, including ability to effectively communicate risks, issues and concepts to multiple organization levels and executive managementGood communication skills both verbal and written EnglishAbility to prioritize workloads and to know when to seek guidance Differentiation Criteria Preferably holder of certifications like GIAC, CISSP, CISM, …Experience with cybersecurity standards from the medical device industry (e.G. MDCG -16, IEC -5-1, FDA premarket guidance, …). 🛡️ We are committed to conducting our business activities with the highest standards of integrity, responsibility and compliance across all aspects of our operations. This includes adherence to applicable laws, regulations and internal policies related to ethical conduct, quality standards, cyber security, sustainability, data protection & confidentiality and safety. D&I StatementAt Barco, innovation drives everything we do. We believe that diversity fuels creativity, bringing us closer to our colleagues and customers. Inclusion and equity aren't just values—they're core capabilities that propel us toward our shared goals and mission.