Our client is a driven by a commitment to operations, and services are used in more than 170 countries and regions, serving over one-third of the world's population with 197,000 employees worldwide.

 

The client is committed to develop the future information society and build a “Better Connected World”.

 

The Munich Research Center (MRC) is responsible for advanced technology research, architecture design and strategic technical planning.

 

PSIRT is responsible for vulnerability management during the Group's deep dive into digital transformation and new business.

 

It builds an end-to-end (E2E) vulnerability governance and capability system and an open vulnerability management ecosystem, implements vulnerability management requirements under the company's diverse business structure to meet stringent external requirements, and ensures that product security capabilities can be translated into competitiveness.

 

Product Expert of PSIRT/Cert  - Vulnerability Management

 

Allocation Munich

 

Candidate Profil/Job Description

 

We are seeking an experienced and highly skilled Expert of PSIRT (Product Security Incident Response Team) and Cert (Computer Emergency Response Team) and Vulnerability Management to join our organization.

 

As an Expert of PSIRT and Cert and Vulnerability Management, you will be responsible for overseeing and managing the organization's response to product security incidents, coordinating with external CERTs, and implementing effective vulnerability management practices.

 

Your role will involve collaborating closely with various departments within the organization to effectively communicate vulnerability management principles, policies, and specific events.

Moreover, you will actively engage with regulators, customers, and suppliers to foster transparency, build mutual trust, and establish strong partnerships.

 

Key Responsibilities:

 

Communication LeadEffektive Communication and Collaboration:

 

Collaborate seamlessly with cross-functional departments, such as engineering, IT, legal, and compliance, to align vulnerability

management strategies with overall business objectives.

 

Serve as the primary liaison between the vulnerability management teams and external stakeholders, including regulators, customers, and suppliers.

 

Engaging with Regulators:

Proactively engage with regulatory bodies to ensure compliance with industry standards and requirements.

 

Facilitate discussions with regulators, addressing any concerns and providing insights into our vulnerability management practices,

ensuring adherence to relevant regulations.

 

Customer and supplier Relations:

Build and maintain strong relationships with our valued customers and suppliers, instilling confidence in our security measures and

demonstrating our commitment to protecting their interests.

 

Collaborate with customers and suppliers to address any vulnerabilities or security concerns promptly and effectively.

 

Building Trust and Partnerships:

Foster a culture of transparency and trust both internally and externally by openly communicating our vulnerability management

efforts and progress.

 

Seek opportunities to collaborate on joint initiatives with industry partners to strengthen the overall security ecosystem.

• Product Security Incident Response:
  • Lead and manage the Product Security Incident Response Team (PSIRT) to ensure prompt and effective response to security incidents related to our products and services.
  • Develop and implement incident response procedures and playbooks to streamline the response process and minimize impact.
  • Investigate and assess the severity and impact of reported security vulnerabilities and incidents.
  • Coordinate with cross-functional teams, including engineering, product management, legal, and communications, to resolve security incidents and mitigate risks.
  • Collaborate with external stakeholders, including CERTs, security researchers, and customers, to exchange information and ensure a coordinated response to incidents.                                                             
• Cert Coordination:
  • Establish and maintain strong relationships with external CERTs, including national and international CERT organizations.
  • Serve as the primary point of contact for CERTs regarding security incidents, vulnerability disclosures, and information sharing.
  • Collaborate with CERTs to exchange actionable threat intelligence, vulnerability data, and mitigation strategies.
  • Ensure compliance with reporting requirements and guidelines set forth by CERTs and regulatory bodies. 
• Vulnerability Management:
  • Develop and maintain a comprehensive vulnerability management program, including vulnerability scanning, assessment, prioritization, and remediation.
  • Monitor and track emerging vulnerabilities and threats and provide timely alerts and advisories to internal teams.
  • Collaborate with internal stakeholders to ensure vulnerabilities are addressed in a timely manner through patching, mitigations, or other appropriate measures.
  • Conduct vulnerability assessments and penetration testing to identify weaknesses and recommend remediation actions.
  • Stay updated on the latest security trends, vulnerabilities, and industry best practices to continuously improve the vulnerability management program.
  • Play a pivotal role in leading the vulnerability management insight analysis team, driving cutting-edge research, and staying ahead of emerging threats and vulnerabilities.
  • Spearhead the development of a dynamic ecosystem that fosters collaboration and knowledge sharing among different teams, ensuring a holistic approach to vulnerability management.                                                                                                 
• Documentation and Reporting:
  • Document and maintain accurate records of security incidents, vulnerability assessments, and mitigation activities.
  • Prepare and present reports to senior management, highlighting the status of security incidents, vulnerabilities, and the effectiveness of the vulnerability management program.
  • Provide recommendations for improving security controls, incident response procedures, and vulnerability management processes based on industry standards and best practices.

 

Qualifications:

 

English Language Level C1

 

Min. Master or PhD of Computer Science, Cyber-Security, or ideal PhD a related field

 

Extensive experience (X+ years) in managing product security incidents, CERT coordination, and vulnerability management in a large organization.

 

Strong knowledge of security incident response methodologies, CERT operations, and vulnerability management frameworks (e.g., CVE, CVSS).

 

Familiarity with security standards and best practices  

(e.g., ISO 27001, ISO/IEC 29147, and ISO/IEC 30111, NIST Cybersecurity Framework, OWASP).

 

Experience with vulnerability scanning tools, penetration testing methodologies, and threat intelligence platforms.

 

Excellent problem-solving and analytical skills, with the ability to assess risks and prioritize actions effectively.

 

Strong communication and interpersonal skills, with the ability to collaborate with both technical and non-technical stakeholders.

 

Exceptional communication and interpersonal skills, with the ability to engage and collaborate effectively with both technical and non-technical stakeholders.

 

Familiarity with incident response procedures and crisis management is a plus.

 

Leading Team Management Skills

 

Relevant certifications such as CISSP, CISM, CEH, or GIAC certifications are highly desirable.

 

Joining our organization as an Expert of PSIRT and Cert and Vulnerability Management, you will play a vital role in protecting our products and services from security threats, ensuring the organization's ability to respond effectively to incidents, and maintaining a robust vulnerability management program.

If you are passionate about cybersecurity, possess strong leadership skills, and thrive in a dynamic environment, we encourage you to apply.