Product Security Officer

Permanent employee, Full-time · Amsterdam

About Fairphone

Fairphone is more than just a company - we are a global leader in sustainable, modular electronics, on a mission to change the electronics industry from the inside out. Built on strong social and environmental values, we are a diverse and inclusive team from all walks of life creating market consumer electronics that make a real impact.
At Fairphone, you will find a supportive and safe space where everyone can be themselves, collaborate openly, and have the freedom to learn and grow - because that’s how we innovate and drive change together!
So… are you a proactive, self-motivated team player who loves taking initiative and bringing positive energy? Do you thrive in a fast-moving start-up or scale-up environment? Are you a great communicator who values collaboration and embraces different perspectives? And most importantly, do you feel a strong connection to Fairphone’s mission and values? If you're nodding along and thinking, “Yes, that’s me!”, then check out our vacancy below!

Please know that we acknowledge that we are living in a time where the use of AI can bring many efficiencies and support. However, we want to know the real YOU. Please try to limit the use of AI tools to generate answers to the application; we value authenticity and encourage you to use your creativity!

Location: Amsterdam (you should have the right to work in the Netherlands)
Hours: 32-40 hours per week
Contract duration: The 1st 12-month employment contract with the possibility of extension to permanent
Deadline to apply: We review applications on a rolling basis. Please apply as soon as possible.

About your role

We are seeking a highly motivated and experienced Product Security Officer to lead and champion security initiatives throughout the entire product development lifecycle of our mobile and audio devices, including the hardware angle (choice of the components, etc.) and software angle (operating systems, firmware, applications), with a higher focus on the smartphones of our portfolio. The ideal candidate will possess a deep understanding of mobile software security, including firmware-layer vulnerabilities and OS-level attack vectors, with a foundational grasp of hardware-backed security features and trusted execution environments. They will be responsible for embedding security by design into our products, ensuring compliance with relevant regulations, and protecting our customers' data and privacy.
You will report directly to our Head of Software Engineering, under our CTO.

Key Responsibilities & Objectives

Security Strategy:

Develop and implement comprehensive product security strategies and roadmaps, ensuring product security compliance with relevant industry regulations (e.g., Common Criteria methodology) and certifications (AER or other B2B product security requirements).
Provide expert guidance on the core hardware security components (e.g. Secure Element, dedicated, tamper-resistant hardware chip) and software implementation of new and existing phone products.
Conduct security reviews and risk assessments for all new product features and major updates.
Maintain documentation of product security controls and compliance efforts.

Secure Development Lifecycle (SDL):

Integrate security activities into every phase of the Software Development Lifecycle (SDLC), from requirements gathering to deployment and maintenance
A critical component of this role is managing the extended security posture of our products, ensuring that smartphones and audio devices remain resilient against evolving threats throughout their long-term software support window (8–10 years for the smartphones).
Define and enforce secure coding guidelines and best practices for development teams, including the ODM (Original Design Manufacturer).
Shepperd and support QA team in security testing activities including checking if the ODM is integrating all the required patches (google, Linux kernel, Qualcomm)

Vulnerability Management:

Establish and manage a vulnerability management program for phone and audio products, including tracking, prioritization, and remediation of security defects.
Monitor security advisories and emerging threats relevant to mobile devices and platforms.
Lead incident response and vulnerability management, serving as the primary liaison with Legal to ensure all mitigation efforts align with product compliance requirements. You will be responsible for operationalizing our response strategies to meet the rigorous standards of the Cyber Resilience Act (CRA) and NIS2 Directive, ensuring that vulnerability disclosures and reporting timelines are handled with both technical precision and regulatory across the entire product lifecycle..
Work closely with the software and hardware engineering team, QA, and product management teams to remediate identified vulnerabilities in a timely manner and fix issues if needed.

Collaboration & Training:

Serve as the primary security subject-matter expert for product and engineering teams.
Provide security training and awareness programs to software and hardware engineering, QA, and product management teams.
Collaborate with external security researchers and participate in bug bounty programs.
Work closely with the broader Information Security team (IT, Legal) to align product security with enterprise security initiatives.

Emerging Technologies:

Stay abreast of the latest advancements in mobile technology, security threats, and countermeasures.
Evaluate and recommend new security tools and technologies for product development.

Your Skills & Experience

Education: Bachelor's or Master's degree in Computer Science, Information Security, Electrical Engineering, or a related field
Minimum of 7 years of experience in product security, mobile security, or a similar role, preferably within a telecommunications or consumer electronics company.
Demonstrable experience with securing mobile operating systems (Android) with Qualcomm chipsets, embedded systems, and hardware security.
Proven track record of implementing and maturing Secure Development Lifecycles (SDLs).

Technical Skills:

Strong understanding of common mobile security vulnerabilities.
Proficiency in security testing tools and methodologies
Knowledge of cryptography, secure boot, trusted execution environments (TEE), and hardware security modules (HSM).
Familiarity with network security protocols and mobile network architectures (5G, LTE).
Experience with various programming languages (e.g., C/C++, Rust, Java/Kotlin, Python).

Soft Skills:

Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.
Ability to work independently and as part of a cross-functional team.

Preferred Qualifications (Bonus Points):

Familiarity with privacy-by-design principles and data protection regulations.
Familiarity with open sourcing principles.
Contributions to the security community (e.g., open-source projects, research papers, conference presentations).
You love Technical challenges
You are hands-on, take initiative and see opportunities where others see issues, and apply them via constructive, creative thinking.
You feel a strong and intrinsic connection with Fairphone’s vision, mission and values.
You enjoy collaborating with people from different levels of seniority, cultures and backgrounds.

#LI-DNI

What Fairphone can offer you?

The opportunity to create an impact on the electronics industry around the world.
A diverse work environment full of international, passionate, warm-hearted team members.
25 paid holidays per year (based on a full-time contract) next to the other public holidays in the Netherlands. You’ll also get a day off on your birthday! Additionally, the longer you stay, the more holidays you get!
Daily, healthy lunch, organic FairChain coffee, and many more tasty things.
You will join Fairphone’s collective pension scheme, and we will contribute to building your pension.
You will receive a MacBook, Fairbuds, and a Fairphone as working devices.
Hybrid working model: We are remote-friendly and also contribute up to €250 toward your home office set-up.
Public transport allowance – we fully cover your 2nd-class commute from your home to the office
Bike allowance – We support you with a bike purchase of up to €300, and you’ll also have a yearly repair budget of up to €100! We also cover 23 cents per km for your biking distance from home to the office (or train station) and back!
Grow with us! We encourage you to develop at Fairphone. That’s why we’ll support your career goals with coaching (Inuka), trainings, workshops, or courses that you can join with your development budget.
Kitchen with beautiful views to the IJ waterfront.
There’s a gym in the building where you can build healthy habits, stay active and have fun with your colleagues, as well as a subscription to our mental & physical well-being services (Inuka & Urban Sports)

Apply for this job

About us

DEI @Fairphone

At Fairphone, we care about people, planet and you. It’s natural that we see diversity, equity and inclusion (DEI) as an essential part of how we work together and do business.
We support and further strengthen our inclusive work environment and culture by more formally implementing various DEI efforts to ensure all Fairphoners feel included, respected, and supported.

Apply for this job

We are looking forward to hearing from you!

Thank you for your interest in Fairphone! Should you have difficulties with the upload of your data, please send an email to people@fairphone.com