Apply on Employer Site

Finite State · 13 hours ago

Sr. Product Security Consultant

United States

Full-time

Remote

Senior Level, Lead/Staff

8+ years exp

Finite State is a fast-growing series-B company focused on product security for connected devices and supply chains. They are seeking a Senior Product Security Consultant to lead consulting engagements that secure embedded and connected devices, providing actionable guidance to clients across various industries.

Cyber SecurityInternet of ThingsRisk ManagementSecuritySupply Chain Management

Comp. & Benefits

Responsibilities

Own and lead product security consulting engagements end-to-end — including client scoping, proposal writing, delivery, and outcomes

Deliver product security services such as security control validation, policy implementation, secure development lifecycle integration, penetration testing advisory, and risk assessments

Translate security findings into business-aligned, actionable recommendations for both technical and executive audiences

Serve as a trusted advisor to clients — including CSOs, compliance leaders, and engineering teams — helping them mature their product security posture

Consult on global regulatory mandates relevant to connected systems (e.g., FDA 524B, CRA, Department of Commerce Connected Vehicle Rule, NIST, EO 14028), translating those into practical implementation plans

Guide clients on security integration into DevOps pipelines, including tooling strategy and SBOM/vulnerability workflows

Drive urgency and accountability across all engagements — from early discovery through program handoff and beyond

Take ownership of program management and delivery outcomes — maintaining high standards for communication, execution, and customer satisfaction

Qualification

Product security consultingEmbedded systems securityPenetration testingRegulatory complianceSecure development lifecycleProgram managementClient engagementRisk assessmentsSecurity control validationPolicy implementation

Required

8–10+ years of hands-on experience in product security and/or product security consulting — including embedded systems, connected device platforms, or firmware security

Demonstrated experience delivering product security services as a consultant or internal lead — not just advising, but doing

Background in startups or fast paced consulting environments with high accountability and direct client engagement

Proven ability to scope, lead, and execute consulting projects independently

Strong understanding of product security controls, penetration testing, secure product design, and related regulatory frameworks

Experience operating as a solo consultant or lead contributor, capable of managing multiple high-urgency priorities

Ability to credibly advise senior stakeholders and CSOs — grounded in knowledge, presence, and delivery over polish

Strong program management discipline — with a focus on execution, timelines, and business impact

Preferred

Experience in industries such as Automotive, Industrial Control Systems, or Consumer Electronics

Familiarity with regulatory standards like FDA Premarket Guidance, Cyber Resilience Act, US Department of Commerce Connected Vehicle Rule, NIST 800-53/82, or ISO 26262/62443

Hands-on experience with SBOMs, vulnerability management, and secure SDLC practices

Experience engaging directly with regulators, key customers, or partners around security posture and compliance

Familiarity with commercial or open-source tools for binary/static analysis, SCA, or CI/CD security automation