We are seeking a Product Security Technical Consultant to advise industrial product development teams on security requirements, regulatory compliance and AI-driven secure development practices across large, federated product portfolios.
Responsibilities
Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows and risk acceptance procedures
Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations and vulnerability handling procedures
Perform OT/ICS security level assessments including SL-T vs SL-A gap analysis, zone/conduit modeling and component requirement mapping
Lead threat modeling workshops with engineering teams using STRIDE, PASTA or MITRE ATT&CK for ICS
Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration and secure coding standards
Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
Integrate AI security controls into DevSecOps pipelines including model provenance, AI SBOM and MLOps security gates
Support conformity obligations for high-risk AI systems including technical documentation, human oversight mechanism design and audit trail architecture
Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act and DORA frameworks and deliver remediation roadmaps
Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross-functional alignment workshops
Contribute to external publications, white papers and industry forums to support practice capability-building
Requirements
5+ years of experience in product security advisory for industrial product development
Knowledge of CRA, IEC 62443 and NIS2 regulatory frameworks
Expertise in threat modeling methodologies including STRIDE, PASTA and MITRE ATT&CK for ICS
Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
Understanding of EU AI Act conformity obligations for high-risk AI systems
Background in DevSecOps pipeline integration including CI/CD compliance checks and MLOps security gates
Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
Capability to conduct engineering-level gap assessments and deliver remediation roadmaps across regulatory frameworks