Product Security Technical Consultant
Remote in Poland
Security Compliance Assurance& 3 others
Looking for something else?
Find a vacancy that works for you. Send us your CV to receive a personalized offer.
Find me a jobWe are seeking a Product Security Technical Consultant to advise industrial product development teams on security requirements, regulatory compliance and AI-driven secure development practices across large, federated product portfolios.
Responsibilities
- Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows and risk acceptance procedures
- Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations and vulnerability handling procedures
- Perform OT/ICS security level assessments including SL-T vs SL-A gap analysis, zone/conduit modeling and component requirement mapping
- Lead threat modeling workshops with engineering teams using STRIDE, PASTA or MITRE ATT&CK for ICS
- Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration and secure coding standards
- Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
- Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
- Integrate AI security controls into DevSecOps pipelines including model provenance, AI SBOM and MLOps security gates
- Support conformity obligations for high-risk AI systems including technical documentation, human oversight mechanism design and audit trail architecture
- Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act and DORA frameworks and deliver remediation roadmaps
- Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross-functional alignment workshops
- Contribute to external publications, white papers and industry forums to support practice capability-building
Requirements
- 5+ years of experience in product security advisory for industrial product development
- Knowledge of CRA, IEC 62443 and NIS2 regulatory frameworks
- Expertise in threat modeling methodologies including STRIDE, PASTA and MITRE ATT&CK for ICS
- Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
- Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
- Understanding of EU AI Act conformity obligations for high-risk AI systems
- Background in DevSecOps pipeline integration including CI/CD compliance checks and MLOps security gates
- Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
- Capability to conduct engineering-level gap assessments and deliver remediation roadmaps across regulatory frameworks
