Product Security Incident Response Manager

Product Security Incident Response Manager (m/f/d) The NXP Product Security Incident Response Team (PSIRT) is committed to rapidly addressing security vulnerabilities in NXP products by responding to, documenting, and providing guidance on impact, severity, and mitigation. Our organization is growing, and we are looking for an experienced security expert to work on initiatives that improve our security posture and to identify, triage, and support the resolution of product‑related security incidents. You will collaborate across engineering, security teams, product managers, and others to protect our products and customers. In This Role Empower our software development community to manage vulnerabilities in Third‑Party Components (TPS) and Open Source Software (OSS), ensuring robust security. Define and develop best practices, streamline processes, and drive continuous improvement initiatives. Contribute to new regulations and standardization activities that may impact product security, such as the upcoming EU Cyber Resilience Act. Collaborate with external security researchers, academia, and research organizations on cutting‑edge projects and vulnerability submissions. Be a key player in risk management by supporting and leading triage and vulnerability assessments of product vulnerabilities. Work cross‑functionally with internal teams (engineering, product management, legal, etc.) to ensure timely resolution of incidents. Own the process by generating and managing PSIRT JIRA tickets for validated vulnerabilities. Provide updates about incident status, impact, and mitigation actions to relevant stakeholders. Manage incoming third‑party vendor vulnerability pre‑notifications and monitor internal and external sources to identify signs of security incidents related to our products. Your profile 3+ years of experience in product security incident response, investigation, and vulnerability management across hardware and software products. Bachelor’s or master’s degree in engineering—Computer Science, Electrical Engineering, Cybersecurity, or a related field. Familiarity with a Security Operations Center or PSIRT or similar incident response teams. Familiarity with industry‑standard security frameworks, standards, and regulations. Understanding of security in embedded systems and hardware, and capability to learn rapidly where needed. Interest in security concepts, secure coding, and best practices. Excellent collaboration and communication skills to work effectively with cross‑functional teams. Ability to work independently, taking ownership of security initiatives and improving processes. Benefits This is a full‑time position with a permanent contract. You will receive a competitive salary, eligibility for our bonus plan, lunch vouchers, a higher than average number of vacation days, and the possibility to purchase company shares at a 15% discount. We also offer a work‑from‑home policy, relocation support for moves to Austria, and various wellness benefits. Professional Development NXP provides online and offline learning opportunities to help you develop core and professional skills, supporting career growth. Location NXP Graz/Gratkorn is based just outside of Graz, the second‑largest city in Austria, offering excellent transportation links and access to cultural and outdoor activities in Styria. Hiring Process Apply online and share your CV. After a positive screening, you will have an initial phone or video conversation with a Talent Acquisition Consultant, followed by multiple business interviews. Legal and EEO Statements Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA) “Kollektivvertrag für Angestellte Gewerbe und Handwerk und in der Dienstleistung”, this position (fulltime) is graded in Employment Group V. NXP is proud to have received several external awards, including the Leading Employer Award 2020–2025 and the Equalita quality label for women’s advancement. Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industries Semiconductor Manufacturing, Computers and Electronics Manufacturing, and Software Development #J-18808-Ljbffr