Sr. Product Security Consultant

Senior Product Security Consultant

Remote – United States

Role Summary

We are seeking a Senior Product Security Consultant to join our Product Security Services team and deliver outcome-driven, end-to-end consulting engagements focused on securing embedded and connected devices.

This is a high-priority, senior individual contributor role, ideal for someone who has both deep product security experience and a strong consulting presence. You'll be responsible for owning the full lifecycle of service engagements — including scoping, proposal development, execution, delivery, and post-engagement support.

You’ll work directly with engineering and security leaders across industries, offering practical, actionable guidance around secure product development, testing, risk reduction, and compliance. While not a leadership role in title, this position requires the presence and expertise to advise CSOs and senior stakeholders, acting as the face of product security delivery for our clients.

If you're a product security expert with a consultative mindset who thrives in fast-paced environments, knows how to command a room, and enjoys delivering real results, this could be a strong fit.

Responsibilities

• Own and lead product security consulting engagements end-to-end — including client scoping, proposal writing, delivery, and outcomes.
• Deliver product security services such as security control validation, policy implementation, secure development lifecycle integration, penetration testing advisory, and risk assessments.
• Translate security findings into business-aligned, actionable recommendations for both technical and executive audiences.
• Serve as a trusted advisor to clients — including CSOs, compliance leaders, and engineering teams — helping them mature their product security posture.
• Consult on global regulatory mandates relevant to connected systems (e.g., FDA 524B, CRA, Department of Commerce Connected Vehicle Rule, NIST, EO 14028), translating those into practical implementation plans.
• Guide clients on security integration into DevOps pipelines, including tooling strategy and SBOM/vulnerability workflows.
• Drive urgency and accountability across all engagements — from early discovery through program handoff and beyond.
• Take ownership of program management and delivery outcomes — maintaining high standards for communication, execution, and customer satisfaction.

What We’re Looking For

• 8–10+ years of hands-on experience in product security and/or product security consulting — including embedded systems, connected device platforms, or firmware security.
• Demonstrated experience delivering product security services as a consultant or internal lead — not just advising, but doing.
• Background in startups or fast paced consulting environments with high accountability and direct client engagement.
• Proven ability to scope, lead, and execute consulting projects independently.
• Strong understanding of product security controls, penetration testing, secure product design, and related regulatory frameworks.
• Experience operating as a solo consultant or lead contributor, capable of managing multiple high-urgency priorities.
• Ability to credibly advise senior stakeholders and CSOs — grounded in knowledge, presence, and delivery over polish.
• Strong program management discipline — with a focus on execution, timelines, and business impact.

It’s a Plus If You Also Have

• Experience in industries such as Automotive, Industrial Control Systems, or Consumer Electronics.
• Familiarity with regulatory standards like FDA Premarket Guidance, Cyber Resilience Act, US Department of Commerce Connected Vehicle Rule,NIST 800-53/82, or ISO 26262/62443.
• Hands-on experience with SBOMs, vulnerability management, and secure SDLC practices.
• Experience engaging directly with regulators, key customers, or partners around security posture and compliance.
• Familiarity with commercial or open-source tools for binary/static analysis, SCA, or CI/CD security automation.