Cyber Security Engineer – Railway Product Testing

About the role

We are looking for a Cyber Security Engineer to join our Integration Verification & Testing department. You will work closely with the IVT Manager and Product Integrity Manager to design, execute and document security tests for electronic devices used in the railway sector.

Key responsibilities

• Ensure compliance with railway‑specific regulations such as IEC 62443 and CLC/TS 50701.
• Support security certifications and coordinate with regulatory bodies and certification authorities.
• Maintain audit trails and documentation for all security controls.
• Conduct penetration tests, vulnerability scans and security audits on railway products and hybrid OT/IT environments.
• Develop, maintain and execute security test cases, scenarios and automated scripts.
• Manage security incidents, coordinate responsible disclosure with external vendors and track remediation.
• Analyse functional requirements, define test strategies, specifications and test benches.
• Create test documentation (plans, procedures, reports) and report progress using tools such as Polarion, Redmine or Bugzilla.

Required profile

• Bachelor’s degree in Computer Engineering, Electronics, Telecommunications or a related field.
• At least 2 years of experience in cybersecurity, preferably product security.
• Good written and spoken English (minimum B1 level).
• Knowledge of Linux operating systems and OT/IT security concepts for the railway domain.
• Experience with safety‑critical or security‑critical systems and an understanding of their architecture.
• Previous exposure to railway, transportation or critical‑infrastructure sectors is a plus.
• Strong analytical and problem‑solving abilities and a team‑oriented mindset.

Required skills

• Linux operating system
• Vulnerability assessment and penetration testing
• Scripting languages (e.g., Python, Bash)
• Security test case development and automation
• OT/IT security knowledge
• IEC 62443 and CLC/TS 50701 standards
• Security certifications and incident management
• Vulnerability scanning and security audits
• Hybrid OT/IT environment testing
• Test management tools (Polarion, Redmine, Bugzilla)