Director – Product Security Services

Role summary

We are seeking an experienced and customer-obsessed Director of Product Security Services to lead and deliver outcome-driven engagements focused on securing embedded and connected devices across industries. This role is ideal for someone who has built and led product security programs inside a device manufacturer and also delivered consulting services across multiple customers with a focus on compliance, security architecture, and program development.

This role requires a blend of strategic consulting expertise, technical depth in embedded security, and a strong understanding of the regulatory landscape. You will lead client engagements from scoping through delivery, help evolve our services portfolio, and contribute directly to improving the security posture of our clients and the connected ecosystem at large.

You must be based in and authorized to work in the US.

Research shows that women and those in underrepresented groups tend to apply only if they meet 100% of the requirements in a job description. If you think you have what it takes, but don’t check off every box - please still get in touch! We’d love to learn more about your experience and what motivates you to see if you’d be a great fit.

Responsibilities:

• Program Strategy & Delivery
• Lead engagements to design, assess, and mature product security programs for device manufacturers.
• Drive the creation and execution of gap assessments, control frameworks, threat models, and roadmap plans.
• Deliver tailored reporting and recommendations for key customer stakeholders and external regulators.
• Stakeholder Engagement & Regulatory Navigation
• Serve as a trusted advisor to customer engineering, product, and compliance leaders.
• Provide expert consultation on global regulatory mandates (e.g., Connected Vehicle Rule, CRA, FDA, EO 14028, Cyber Trust Mark).
• Guide customers in public/private stakeholder communication, including strategic reporting and reputation management.
• Security Testing & Control Validation
• Expand testing programs to cover firmware, hardware, SBOMs, and runtime environments.
• Oversee engagements involving advanced assessments, security control validation, and continuous monitoring.
• Translate testing results into business-aligned risk insights and action plans.
• DevSecOps & Automation Integration
• Consult with R&D and DevOps teams to embed security testing within CI/CD pipelines.
• Define and deliver integrations and automation strategies across SBOM, vulnerability, and compliance tooling.
• Guide clients in implementing APIs and workflows that support scalable DevSecOps.
• Security Metrics & Lifecycle Monitoring
• Design and deliver dashboards that provide real-time views of security posture, compliance gaps, and risk trends.
• Define KPIs for program success and continuous improvement.
• Support clients in communicating status and outcomes to executive and regulatory stakeholders.

What we’re looking for:

• 10+ years of experience in product security, including embedded systems, firmware security, or connected device platforms OR 8+ years with demonstrable experience in adjacent areas such as application security, cloud security, or security architecture with embedded systems, firmware security, or connected device platforms experience.
• Experience leading or co-leading a product security program at a hardware or IoT device manufacturer.
• Proven success delivering product security consulting services or cross-functional stakeholder engagement experience, including customer-facing roles in technical sales, solutions architecture, or internal consulting.
• Deep familiarity with regulatory mandates including (but not limited to) FDA Premarket Guidance, Cyber Resilience Act, NIST 800-53/82, or ISO 62443 and 26262
• Strong understanding of SBOMs, vulnerability management, binary/static analysis, and secure SDLC practices.
• Ability to communicate with technical, executive, and regulatory audiences in both written and verbal formats.

It’s a plus if you also have:

• Experience engaging directly with regulators, partners, or key customers on security posture or compliance standing.
• Familiarity with commercial or open-source tools for binary analysis, SCA, and vulnerability correlation.
• Prior experience integrating or consulting on security automation within CI/CD environments.
• Ability to influence product and platform roadmap based on customer feedback and services insights.