Product Security Specialist
About the assignment
A leading HealthTech organisation in medical imaging is building a dedicated product security function. You own security across the entire software development lifecycle—from policy and threat modelling through to vulnerability management and penetration testing.
This is a newly created, independent senior role with genuine autonomy. You'll embed security controls into CI/CD pipelines, manage software supply chain risk, and support regulated compliance (ISO 27001, EU MDR, NIS2). Your decisions shape how the engineering organisation approaches security.
The role sits at the intersection of developer experience and clinical responsibility: the software you secure directly impacts patient trust and breast cancer detection outcomes.
Your responsibilities
- Own and evolve the Secure Development Lifecycle policy; embed it into engineering workflows and practices
- Drive end-to-end vulnerability management: intake, triage, risk assessment, remediation tracking and coordinated disclosure
- Run the penetration testing programme, including scoping, vendor coordination, findings review and remediation follow-up
- Embed security controls into CI/CD pipelines: SAST, DAST, SCA, secrets detection and container scanning
- Tackle software supply chain risk: SBOM processes, open-source dependency management and secure build practices
- Lead threat modelling, secure design reviews and security risk assessments for new product features
- Support customer security reviews and technical security discussions with enterprise stakeholders
- Define and report product security metrics to leadership; track progress against security baselines
Tech Stack & Tools
Platforms & Tooling
Frameworks & Standards
Methodologies
Certifications (preferred)
Must-haves
- Background in product security, application security, cloud security or DevSecOps
- Proven vulnerability management experience: prioritisation, remediation tracking, risk communication to technical and non-technical audiences
- Hands-on experience with CI/CD security tooling (SAST, DAST, SCA, secrets scanning or container scanning)
- Solid understanding of software supply chain risk, SBOMs and secure build and release practices
- Strong cross-functional collaboration: influence without formal authority and translate security into actionable guidance
Nice-to-haves
- Experience with medical device software, regulated environments or AI/ML-enabled products
- Familiarity with enterprise security reviews or coordinated vulnerability disclosure programmes
- Security certifications (CISSP, CSSLP, CCSP, GWAPT or OSCP)
What we offer
- Genuine ownership: build product security from the ground up, not maintain existing frameworks
- Measurable impact on clinical outcomes: your work improves breast cancer detection worldwide
- Scale-up environment where your decisions shape how the engineering organisation evolves
- AI-native culture: leverage AI tooling as a force multiplier in research, building and communication
- Hybrid working based in the East Netherlands
- Personal guidance from a dedicated MVPeople consultant who knows your niche
The process
Introduction
Phone call with your MVPeople consultant (within 24 hours)
Match & Brief
We discuss the assignment in detail and prepare you
Client meeting
Introduction to the client
Start
Contracting and onboarding
Details
Type
Permanent (MVPermanent)
Location
Nijmegen, GE
Work model
Hybrid
Level
Senior
Industry
gezondheidszorg
Market indication
€80,000 - €108,000 per year
Posted
14 July 2026
Job ID
56488
Contact
MVPeople Group
jobs@mvpeoplegroup.com