Product Security Expert

As Product Security Subject Matter Expert, you hold a key position in our RBA (Risk & Business Assurance) Expertise Security sector, ensuring product security capabilities are defined, implemented and monitored.

Role and responsibilities

ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips.

As the Product Security Subject Matter Expert, you will support secure design, development and maintenance of ASML’s products by ensuring product security capabilities are defined, implemented and monitored. You shall also verify the appropriateness (sufficiency) and performance of the controls in the product domain across ASML.

The Product Security Subject Matter Expert is responsible for monitoring compliance against our security frameworks and customer requirements. In this position, you have these main focus points:

• Develop product security risk and control framework with product security requirements and controls, monitoring dashboard.
• Partner with development teams to proactively communicate product security requirements, promoting control frameworks to ensure secure goals are met.
• Implement and embed our product security standards and policies throughout our sectors. Building bridges with your (internal and where needed external) business stakeholders is key to achieve success in implementing our policies and standards.
• Keep updated on the latest trends, standards, regulations on product security and embed them in ASML policies, standards, control framework.
• Guide and prepare ASML sectors to comply with the regulatory requirements on product security.
• Explain product security risks to business leaders, and business positions/risk to technical leaders to achieve appropriate security outcomes.
• Pro-actively enable knowledge management within RBA and ASML sectors.

You work together with a team of security professionals, product architects and sector security managers to drive the product security capability and framework. The Security Community has approx. 250 FTE across ASML. Together with the rest of the community, you protect ASML’s assets and you’re at the center of everything that’s digitally exchanged.

Education and experience

Ideally, we are looking for someone who brings a strong technical background and drive security program and project execution across multiple security teams; design and engineering, manufacturing, sales and customer support in situations where authority is not a given. Someone who is open to challenges and can think outside the box, able to bridge between higher level abstraction and detailed design choices.

Besides product security technical knowledge, excellent communication and collaboration skills are essential for this role. You take ownership and lead initiative to results, take responsibility and act decisively whilst collaborating well with other teams, technical and non-technical peers. You have strong stakeholder management skills, able to build solid relationships of trust at different levels.

Some key competences that come natural to you in this position:

• 10+ years of experience in designing and implementing internal control framework and solving challenges, preferably in a multinational corporate security environment in two or more of the following areas: product security (preferred) or application security, information security or digital platform security.
• In-depth knowledge or experience in product security by design.
• Proven experience with product security risk assessments.
• In-depth knowledge of compliance standards in security domain, such as NIST, CIS, ISO 27000, IEC67443, SEMI.
• BSc/MSc/PhD in Cyber security, Software Engineering, Computer Science, Information Technology or equivalent through certification and or training.
• Either a GICSP, CISM, CISSP, or CISA certificate is considered as a must.

This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.