Product Security Incident Response Manager (m/f/d)

The NXP Product Security Incident Response Team (PSIRT) is committed to rapidly address security vulnerabilities in NXP products, by responding and documenting reported vulnerabilities and by providing customers with clear guidance on the impact, severity and mitigation. See also www.nxp.com/psirt.

Our organization is growing and therefore we have this new opportunity. We’re looking for an experienced security expert to work on different initiatives and projects with the goal of improving our security posture. In addition, you will be responsible for identifying, triaging, and supporting resolution of product-related security incidents. You’ll get the opportunity to collaborate across engineering, security teams, product managers and others with the goal of protecting our products and customers.

In This Role, You

• Empower our software development community in managing vulnerabilities in Third Party Components (TPS) and Open Source Software (OSS), ensuring robust security
• Define and develop best practices, streamline processes, and drive continuous improvement initiatives.
• Contribute to new regulations and standardization activities that may impact product security or our way of working such as the upcoming EU Cyber Resilience Act.
• Collaborate with innovators – partner with external security researchers, academia and research organizations on cutting-edge projects and vulnerability submissions.
• Be a key player in risk management by supporting and leading triage and vulnerability assessments of product vulnerabilities.
• Work cross-functionally with internal teams (engineering, product management, legal, etc.) to ensure timely resolution of incidents.
• Own the process by generating and managing PSIRT JIRA tickets for validated vulnerabilities.
• Provide updates about incident status, impact, and mitigation actions to relevant stakeholders.
• Manage incoming Third Party vendor vulnerability pre-notifications andmonitor internal and external sources to identify signs of security incidents related to our products.
  
  

Your profile

• 3+ years of experience in product security incident response, investigation and vulnerability management across hardware and software products.
• Bachelor’s/master’s degree in engineering – Computer Science, Electrical Engineering, Cybersecurity, or a related field.
• Familiarity in a Security Operations Center or PSIRT or similar security incident response teams.
• Familiarity with industry-standard security frameworks, standards, and regulations.
• Understanding of security in the following areas - embedded systems, hardware and software; ability to quickly learn where needed
• Interests in security concepts, secure coding, and security best practices
• Excellent collaboration and communication skills to work effectively with cross-functional teams.
• Ability to work independently, taking ownership of security initiatives and improving processes.
  
  

Please note: The successful candidate may/will be responsible for security related tasks. The assignment may/will be in scope of security certifications, therefore a conscious and reliable way of working is necessary.

For Austrian applicants: NXP provides market competitive compensation according to the benchmarking of the electronic and semiconductor industry. Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA) “Kollektivvertrag für Angestellte Gewerbe und Handwerk und in der Dienstleistung“, this position (fulltime) is graded in Employment Group V. Your individual experiences and expectations will be considered in the application process. Moreover, we provide attractive benefits to our employees like home office, flexible working time, meal benefits and more.

More information about NXP in Austria...