Staff Systems Engineer - Product Security

FERNRIDE is an equal opportunity employer. We are committed to Diversity, Equity, Inclusion & Belonging because we value and celebrate everyone's differences and individuality. We strive to create an open, safe space in which you feel empowered and authentic. FERNRIDE has 50 employees from 10+ countries. Our culture is characterized by the company values and fundamentals:

 #wewinasoneteam #weexecuteanddeliver #weareambitiousinnovators #weareopentochange #weputcustomervaluefirst #respect #professionalism #safety.

The Quantum Systems Land Domain is developing leading-edge autonomous UGV technology for defense — a domain where no blueprint exists. The product strategy starts with a UGV that is useful on today’s battlefields and can be built with current technology, then progressively increases the authority of the autonomy system while reducing the need for human supervision — across ever more complex operating environments, up to fully autonomous operation in proximity to civilians.

As a senior cybersecurity expert, you will own and shape product security from the ground up: define the threat landscape, build the security processes, and drive defense-in-depth across the platform. You will work closely with system safety engineers, design assurance, hardware/software engineering teams, and V&V to ensure cybersecurity is embedded across the full product lifecycle. As the product matures, you will grow your domain into a team.

What you will work on / How you will leave your footprint

• Establish and shape cybersecurity awareness and management across the product domain.
• Conduct threat analysis and risk assessment (TARA) — identify assets, model threat scenarios and attack paths, assess attack feasibility and impact, and determine cybersecurity assurance levels.
• Define and maintain attacker and asset models — adversary profiles, asset criticality classifications, and security domain boundaries.
• Specify security controls — defense-in-depth measures including network segmentation, access control, authentication, encryption, secure boot, and intrusion detection.
• Define technical security architecture — security domains, trust boundaries, secure communication channels, and key management strategy.
• Own supply chain security — evaluate third-party components for known vulnerabilities, define secure procurement requirements, and manage the SBOM.
• Define secure development lifecycle requirements and align with engineering teams on security-relevant coding practices and CI/CD pipeline security.
• Own cybersecurity risk acceptance — present residual threat risk arguments and recommend security posture conditions for product release.
• Define operational security measures — incident response procedures, security monitoring, update/patch management, and key rotation.
• Maintain cybersecurity concept documents and compliance matrices (Cyber Resilience Act, Radio Equipment Directive security clauses, AI Act security clauses).
• Coordinate with System Safety on threat landscape input for hazard analysis (cyber-physical attack paths), alignment of operational security and safety measures, and safety-security interactions at mode-transition boundaries.
• Coordinate with Design Assurance on shared technical architecture — fail-safe vs. fail-secure decisions, component selection criteria, and unified software development guidelines.
• Translate security controls into actionable implementation guidance for engineering teams; review designs for attack surface exposure.
• Define penetration test scope, attack simulation scenarios, and acceptance criteria for V&V; review and accept V&V evidence for cybersecurity claims.
• Coordinate with Quantum Systems core group on security aspects of the C3 system (MOSAIC) and multi-domain operation.
• Develop and maintain AI-assisted workflows for security analysis and compliance auditing.
  
  

What you bring to the team

• Deep expertise in cybersecurity management and engineering for embedded 
• systems, with an engineering mindset and hands-on attitude.
• Understanding of IT and embedded systems technology, and state-of-the-art security controls and approaches.
• Experience with threat analysis and risk assessment (TARA), attacker modeling, and defense-in-depth architecture for resource-constrained platforms.
• Experience with supply chain security — CVE tracking, SBOM management, secure procurement requirements.
• Understanding of secure development lifecycle practices — code review, static analysis, dependency scanning, CI/CD security gates.
• Strong collaboration skills — you work closely with safety engineers, hardware/software teams, and V&V to find feasible solutions that don’t cause unacceptable cybersecurity risks.Interest in AI-assisted engineering workflows and willingness to shape how AI tools support security analysis and compliance management.
• Comfortable working with software development tools — GitHub, VS Code, Bazel, Markdown, CI/CD pipelines — to operate and evolve the AI-assisted methodology.

Nice to have

• Working knowledge of ISO 21434, IEC 62443 series, EU Cyber Resilience Act, Radio Equipment Directive (security aspects), and AI Act (security aspects).
  
  

What we offer @ FERNRIDE

At FERNRIDE, we believe in empowering you to thrive both personally and professionally. Our benefits are thoughtfully designed to support your growth, well-being, and aspirations while fostering a strong sense of work-life harmony. Here’s how we support you:

• Flexible working hours & remote work
• All-day breakfast and unlimited drinks, fruits, and snacks
• Lunch subsidy
• Select one of three options: (1) EUR 40 Spendit card /month (2) Wellpass (3) Mobility card
• Company pension scheme
• Team, department, and company events
• 30 days of vacation
• Up to six weeks of remote work in countries covered under the EHIC (European Health Insurance Card)

Who we are

At FERNRIDE, we believe in a future where robotics unlocks human potential to create a better world. Yet today, humans still perform repetitive, risky tasks to keep our world running. These jobs, essential yet unattractive, should be performed by robots, which still fall short. We are on a mission to change that and transform critical industries through human-centric automation. 

FERNRIDE delivers a comprehensive ground autonomy platform to offer scalable automation solutions across industries. They span from container terminals and yard operations via defence logistics to open-road trucking. By combining AI-powered autonomy with human oversight and modular, vehicle-agnostic hardware, we enable businesses and defence organizations to harness the full potential of automation, driving efficiency and safety.

FERNRIDE was founded in 2019 following 10 years of research at the Technical University of Munich and currently has 50 employees. We are setting the standard for autonomous logistics and advancing Europe’s technological sovereignty by delivering the first-ever fully certified autonomous trucking system in Europe in 2025. 

http://www.fernride.com