Skip To Main Content
backBack to Search

Product Security Technical Consultant

Remote in Poland
Security Compliance Assurance& 3 others
hot
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

We are seeking a Product Security Technical Consultant to advise industrial product development teams on security requirements, regulatory compliance and AI-driven secure development practices across large, federated product portfolios.

Responsibilities
  • Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows and risk acceptance procedures
  • Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations and vulnerability handling procedures
  • Perform OT/ICS security level assessments including SL-T vs SL-A gap analysis, zone/conduit modeling and component requirement mapping
  • Lead threat modeling workshops with engineering teams using STRIDE, PASTA or MITRE ATT&CK for ICS
  • Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration and secure coding standards
  • Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
  • Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
  • Integrate AI security controls into DevSecOps pipelines including model provenance, AI SBOM and MLOps security gates
  • Support conformity obligations for high-risk AI systems including technical documentation, human oversight mechanism design and audit trail architecture
  • Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act and DORA frameworks and deliver remediation roadmaps
  • Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross-functional alignment workshops
  • Contribute to external publications, white papers and industry forums to support practice capability-building
Requirements
  • 5+ years of experience in product security advisory for industrial product development
  • Knowledge of CRA, IEC 62443 and NIS2 regulatory frameworks
  • Expertise in threat modeling methodologies including STRIDE, PASTA and MITRE ATT&CK for ICS
  • Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
  • Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
  • Understanding of EU AI Act conformity obligations for high-risk AI systems
  • Background in DevSecOps pipeline integration including CI/CD compliance checks and MLOps security gates
  • Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
  • Capability to conduct engineering-level gap assessments and deliver remediation roadmaps across regulatory frameworks