ABOUT THE JOBBrightly Software, a Siemens company, is the global leader in intelligent asset management solutions, serving over 12,000 clients across education, public infrastructure, healthcare, and manufacturing. Our portfolio of cloud-based SaaS products spans CMMS, EAM, Strategic Asset Management, IoT Remote Monitoring, Sustainability, and Community Engagement platforms.
As our Product & Solution Security Officer (PSSO), you will serve as the product security leader within Brightly's CyberSecurity team, reporting directly to the Chief Information Security Officer (CISO). Working alongside a senior product security engineer, you will own and drive the product security strategy for the business unit - building the processes, relationships, and programs that keep our SaaS products secure and our customers protected.
This is a high-impact, highly visible role at the intersection of engineering, risk management, and executive communication. You'll be a trusted advisor to leadership, a collaborative partner to product and development teams, and the driving force behind a maturing product security program.
This U.S.-based role is ideally located in Raleigh, NC; however, we encourage applications from qualified remote candidates in the U.S. Qualified Applicants must be legally authorized for employment in the United States and will not require employer sponsored work authorization now or in the future for employment in the United States.
WHAT YOU WILL DODEFINE & DRIVE PRODUCT SECURITY STRATEGY
- Define, own, and continuously improve the Product & Solution Security (PSS) strategy and implementation policy for Brightly Software, ensuring alignment with Siemens corporate policies, regulatory requirements, and contractual obligations.
- Monitor the threat landscape, track reported vulnerabilities and security incidents, and incorporate findings into strategic planning.
- Establish and maintain a process improvement program to embed security practices across the software development lifecycle (SDLC).
- Ensure organizational readiness for product and solution security across all BSW teams and product lines.
LEAD VULNERABILITY & INCIDENT MANAGEMENT
- Own and operate Brightly's product vulnerability management program end-to-end - from identification and triage through remediation tracking and closure.
- Classify and prioritize vulnerabilities and security incidents in coordination with the CISO, driving timely and effective response.
- Support incident response efforts, serving as a key contributor during active security events affecting BSW products.
- Develop and maintain a supplier security qualification and certification program.
PARTNER WITH PRODUCT & ENGINEERING TEAMS
- Build strong, trusted relationships with product management, R&D, and engineering teams to ensure security requirements are clearly communicated, understood, and implemented.
- Serve as the primary security advisor to product and development stakeholders, guiding secure design decisions and threat modeling efforts.
- Coordinate technical direction for product security mechanisms in collaboration with the product security engineer and project-level security contributors.
- Advise on appropriate processes, tooling, and structures to introduce and sustain security across products, solutions, and services.
COMMUNICATE & REPRESENT PRODUCT SECURITY
- Represent Brightly Software in all product and solution security matters - internally across the organization and externally as needed.
- Advise executive management, product management, and R&D leadership on security posture, risks, and strategic priorities.
- Ensure coordinated security messaging in alignment with Corporate Communications and the CISO.
- Synchronize with Brightly's Information Security organization to ensure appropriate coverage across both product and IT infrastructure security domains.
- Build and maintain an internal product security community, fostering awareness and a security-first culture across the business unit.
MEASURE, REPORT & ESCALATE
- Track and report on adherence to product and solution security standards, policies, and the BSW implementation strategy.
- Define risk acceptance criteria in collaboration with relevant stakeholders; lead escalation decisions for elevated security risks in products and solutions.
- Provide regular reporting to the CISO; escalate emergencies promptly and synchronize with peer Product & Solution Security Officers across Siemens.
- Coordinate product security compliance with legal, import, and export teams as required.
WHAT YOU NEED- 7+ years of experience in cybersecurity, with at least 3-5 years focused on product security, application security, or secure software development.
- Demonstrated experience owning or leading a vulnerability management program, including triage, prioritization, and remediation tracking.
- Strong understanding of secure SDLC practices, including threat modeling, security requirements definition, and security testing integration.
- Experience working with cloud-based SaaS products and familiarity with common SaaS security risks and controls.
- Proven ability to partner with and influence engineering and product teams without direct authority - you build trust, not bureaucracy.
- Solid understanding of relevant security frameworks and standards (e.g., NIST CSF, ISO 27001, OWASP, CVE/CVSS scoring).
- Experience supporting or leading incident response efforts in a product or application security context.
- Strong written and verbal communication skills - you can translate complex security concepts for both technical and non-technical audiences.
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
WHAT MAKES YOU A STANDOUT- Experience in a SaaS or software product company, ideally with exposure to asset management, IoT, or infrastructure technology domains.
- Familiarity with Siemens Product & Solution Security (PSS) policies and frameworks, or similar enterprise security governance structures.
- Relevant certifications such as CISSP, CSSLP, CEH, or GIAC GWEB/GPEN.
- Experience building or maturing a product security program from the ground up - you know what good looks like and how to get there.
- Comfort operating in a lean, high-ownership environment where you drive outcomes with a small, focused team.
- Exposure to regulatory and compliance requirements relevant to SaaS products serving public sector, healthcare, or critical infrastructure clients (e.g., FedRAMP, HIPAA, SOC 2, ISO 27001).
- Interest in AI and how to secure it-from safeguarding AI/ML components in products to exploring emerging AI threats. Expertise is a strong plus, but enthusiasm and an appetite to dive in are just as valuable.
You'll Benefit FromSiemens offers a variety of health and wellness benefits to our employees. Details regarding our benefits can be found here: https://www.benefitsquickstart.com/siemens/index.html
The pay range for this position is $137,731 - $236,110 annually. The actual wage offered may be lower or higher depending on budget and candidate experience, knowledge, skills, qualifications, and premium geographic location.