Product Security Engineer (m/f/d)

About the position

Dentsply Sirona is the world's largest manufacturer of professional dental products and technologies, with a 130-year history of innovation and service to the dental industry and patients worldwide. Dentsply Sirona develops, manufactures, and markets a comprehensive solutions offering including dental and oral health products as well as other consumable medical devices under a strong portfolio of world class brands. Dentsply Sirona's products provide innovative, high-quality and effective solutions to advance patient care and deliver better and safer dentistry. Dentsply Sirona's global headquarters is located in Charlotte, North Carolina, USA. The company's shares are listed in the United States on NASDAQ under the symbol XRAY. We are looking for a Product Security Engineer (m/f/d) to join our team. This individual will help build and enhance our Product & Solution Security (PSS) program. As a Product Security Engineer for our medical devices, cloud-based software, and connected solutions, the role will be responsible for integrating security into the product lifecycle, ensuring regulatory compliance, and driving a security-first culture. This is a technical role reporting to the Head of Product and Solution Security. The engineer will work across the engineering lifecycle to implement agile security best practices, DevSecOps, tools, and controls. They will support secure development through technical code reviews, security tests, automation, and direct collaboration with various product teams within R&D. This is a hybrid position requiring working from either our Bensheim or Zurich office.

Responsibilities

• Perform security assessments of code, configurations, and product components.
• Support senior engineers in implementing shift-left practices across the product development lifecycle and manage security tools in CI/CD pipelines.
• Communicate technical findings from assessments to product teams and guide them through vulnerability remediation and secure coding.
• Contribute to the development and refinement of security engineering standards.
• Actively support threat modeling and risk mitigation for various products.
• Monitor security metrics (KPIs and KRIs) and support incident response when needed.
• Collaborate with senior team members to embed security into system and software design practices.
• Promote a culture of security awareness across R&D teams.
• Mentor junior product security engineers on secure design principles and practices.

Requirements

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in cybersecurity, product security, software and hardware security, and cloud security. Experience in the medical device or healthcare industry is a strong plus.
• Industry-recognized certifications such as OSCP, CSSLP, CCSP, etc., are a strong plus.
• Proven experience implementing secure SDLC practices, DevSecOps, and collaborating with engineering teams.
• Proficiency with tools like SAST, DAST, SCA, and CI/CD pipelines.
• Knowledge of Secure SDLC (SSDLC) and Secure Product Development Frameworks (SPDF).
• Strong understanding of secure coding and testing practices.
• Excellent English language skills; German language skills are a plus.