Director, Product Security Services

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities. 

We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.

Role summary

We are seeking an experienced and customer-obsessed Director of Product Security Services to lead and deliver outcome-driven engagements focused on securing embedded and connected devices across industries. This role is ideal for someone who has built and led product security programs inside a device manufacturer and also delivered consulting services across multiple customers with a focus on compliance, security architecture, and program development.

This role requires a blend of strategic consulting expertise, technical depth in embedded security, and a strong understanding of the regulatory landscape. You will lead client engagements from scoping through delivery, help evolve our services portfolio, and contribute directly to improving the security posture of our clients and the connected ecosystem at large.

You must be based in and authorized to work in the US.

Research shows that women and those in underrepresented groups tend to apply only if they meet 100% of the requirements in a job description. If you think you have what it takes, but don’t check off every box - please still get in touch! We’d love to learn more about your experience and what motivates you to see if you’d be a great fit.

Responsibilities:

• Program Strategy & Delivery
• Lead engagements to design, assess, and mature product security programs for device manufacturers.
• Drive the creation and execution of gap assessments, control frameworks, threat models, and roadmap plans.
• Deliver tailored reporting and recommendations for key customer stakeholders and external regulators.
• Stakeholder Engagement & Regulatory Navigation
• Serve as a trusted advisor to customer engineering, product, and compliance leaders.
• Provide expert consultation on global regulatory mandates (e.g., Connected Vehicle Rule, CRA, FDA, EO 14028, Cyber Trust Mark).
• Guide customers in public/private stakeholder communication, including strategic reporting and reputation management.
• Security Testing & Control Validation
• Expand testing programs to cover firmware, hardware, SBOMs, and runtime environments.
• Oversee engagements involving advanced assessments, security control validation, and continuous monitoring.
• Translate testing results into business-aligned risk insights and action plans.
• DevSecOps & Automation Integration
• Consult with R&D and DevOps teams to embed security testing within CI/CD pipelines.
• Define and deliver integrations and automation strategies across SBOM, vulnerability, and compliance tooling.
• Guide clients in implementing APIs and workflows that support scalable DevSecOps.
• Security Metrics & Lifecycle Monitoring
• Design and deliver dashboards that provide real-time views of security posture, compliance gaps, and risk trends.
• Define KPIs for program success and continuous improvement.
• Support clients in communicating status and outcomes to executive and regulatory stakeholders.

What we’re looking for:

• 10+ years of experience in product security, including embedded systems, firmware security, or connected device platforms OR 8+ years with demonstrable experience in adjacent areas such as application security, cloud security, or security architecture with embedded systems, firmware security, or connected device platforms experience.
• Experience leading or co-leading a product security program at a hardware or IoT device manufacturer.
• Proven success delivering product security consulting services or cross-functional stakeholder engagement experience, including customer-facing roles in technical sales, solutions architecture, or internal consulting.
• Deep familiarity with regulatory mandates including (but not limited to) FDA Premarket Guidance, Cyber Resilience Act, NIST 800-53/82, or ISO 62443 and 26262
• Strong understanding of SBOMs, vulnerability management, binary/static analysis, and secure SDLC practices.
• Ability to communicate with technical, executive, and regulatory audiences in both written and verbal formats.

It’s a plus if you also have:

• Experience engaging directly with regulators, partners, or key customers on security posture or compliance standing.
• Familiarity with commercial or open-source tools for binary analysis, SCA, and vulnerability correlation.
• Prior experience integrating or consulting on security automation within CI/CD environments.
• Ability to influence product and platform roadmap based on customer feedback and services insights.

About Us

Built on two decades of cybersecurity experience, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

Finite State has a transparent, collaborative and supportive culture - we are looking for people who have a growth mindset, are curious and innovative, and drive results. Our team is smart, but humble, hard working with lots of fun sprinkled in. Above all, our team is driven by our noble mission and we hold ourselves accountable to delivering to our customers every single day.

The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software

We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.