Cyber Security Engineer - 564
Role summary
The Cyber Security Engineer will be responsible for supporting and executing security compliance programs across products and platforms. This role involves assisting with the implementation of standards such as EU Cyber Resilience Act (CRA), IEC 62443, and ISO/IEC 27001, and translating requirements into practical artifacts. The engineer will prepare and maintain audit evidence, track compliance gaps, and support product teams in aligning with secure development lifecycle expectations. Additionally, the role requires drafting responses to customer security questionnaires, managing risk and issue tracking, and collaborating closely with cross-functional teams. A minimum of 10 years of experience in cybersecurity, product security, or compliance is required, along with a Bachelor's degree or equivalent experience.
Typical task breakdown:
Security Compliance Execution
· Support execution of the
A&A security compliance program
across products and platforms.
· Assist with implementation and evidence collection for:
o EU Cyber Resilience Act (CRA)
o IEC 62443 4 1 / 4 2
o ISO/IEC 27001
o ISO 9001 (quality system alignment)
· Translate requirements into
practical artifacts
such as procedures, checklists, templates, and evidence packages.
Audit & Evidence Support
· Prepare and maintain
audit evidence
for internal audits, ISO surveillance audits, and customer assessments.
· Track compliance gaps, findings, and corrective actions.
· Support audit activities by coordinating inputs from engineering, product, and platform teams.
EU CRA & Product Security Support
· Assist with CRA related activities including:
o Secure by design documentation
o Vulnerability management evidence
o SBOM and technical documentation alignment
· Help maintain consistency between declared security posture and actual product implementation.
IEC 62443 & Secure Development Practices
· Support product teams in aligning to
IEC 62443 secure development lifecycle expectations
.
· Assist with mapping engineering practices to required controls and evidence.
· Participate in security or compliance reviews as requested.
Customer & Third Party Security Responses
· Draft and maintain responses to
customer security questionnaires and assessments
.
· Collect and validate technical inputs to ensure responses are accurate and defensible.
· Escalate complex or high risk issues to the SG25 manager.
Risk & Issue Tracking
· Identify compliance gaps, risks, or deviations and
raise them through defined processes
.
· Maintain logs for findings, risks, and remediation status.
· Support documentation for risk acceptances and exceptions (approval handled by leadership).
Cross Functional Collaboration
· Work closely with Engineering, Product, Quality, and Platform teams to gather evidence and drive closure of gaps.
· Coordinate with Enterprise Security and Quality teams as needed.
Interaction with team
:
- Global collaboration with cross functional teams, balancing independent ownership of tasks while working closely on regulatory compliance across business units.
Team Structure
- Team of 3 initially
Work environment
:
Office environment
Education & Experience Required:
· Years of experience: 10+ years
experience in cybersecurity, product security, compliance, or regulated product environments
· Working knowledge of:
o IEC 62443 or similar product security standards
o ISO/IEC 27001 concepts
o Secure development lifecycle practices
· Experience supporting
audits, assessments, or customer security reviews
- Degree requirement:
Bachelor’s degree in Engineering, Computer Science, Cybersecurity, or related field (or equivalent experience)
-
Do you accept internships as job experience: No
-
Are there past or additional job titles or roles that would provide comparable background to this role:
Governance Risk & Compliance
Top 3 Skills
- Compliance
- Effective communication skills
- Cyber Security technical experience
Soft Skills
(Required)
- Critical thinker
- Works well independently
(Desired)
- Speaks Portuguese or Spanish