Job Application for Sr. Product Security Consultant at Finite State

New

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities.

We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.

Senior Product Security Consultant

Remote – United States

Role Summary

We are seeking a Senior Product Security Consultant to join our Product Security Services team and deliver outcome-driven, end-to-end consulting engagements focused on securing embedded and connected devices.

This is a high-priority, senior individual contributor role, ideal for someone who has both deep product security experience and a strong consulting presence. You'll be responsible for owning the full lifecycle of service engagements — including scoping, proposal development, execution, delivery, and post-engagement support.

You’ll work directly with engineering and security leaders across industries, offering practical, actionable guidance around secure product development, testing, risk reduction, and compliance. While not a leadership role in title, this position requires the presence and expertise to advise CSOs and senior stakeholders, acting as the face of product security delivery for our clients.

If you're a product security expert with a consultative mindset who thrives in fast-paced environments, knows how to command a room, and enjoys delivering real results, this could be a strong fit.

Responsibilities

Own and lead product security consulting engagements end-to-end — including client scoping, proposal writing, delivery, and outcomes.
Deliver product security services such as security control validation, policy implementation, secure development lifecycle integration, penetration testing advisory, and risk assessments.
Translate security findings into business-aligned, actionable recommendations for both technical and executive audiences.
Serve as a trusted advisor to clients — including CSOs, compliance leaders, and engineering teams — helping them mature their product security posture.
Consult on global regulatory mandates relevant to connected systems (e.g., FDA 524B, CRA, Department of Commerce Connected Vehicle Rule, NIST, EO 14028), translating those into practical implementation plans.
Guide clients on security integration into DevOps pipelines, including tooling strategy and SBOM/vulnerability workflows.
Drive urgency and accountability across all engagements — from early discovery through program handoff and beyond.
Take ownership of program management and delivery outcomes — maintaining high standards for communication, execution, and customer satisfaction.

What We’re Looking For

8–10+ years of hands-on experience in product security and/or product security consulting — including embedded systems, connected device platforms, or firmware security.
Demonstrated experience delivering product security services as a consultant or internal lead — not just advising, but doing.
Background in startups or fast paced consulting environments with high accountability and direct client engagement.
Proven ability to scope, lead, and execute consulting projects independently.
Strong understanding of product security controls, penetration testing, secure product design, and related regulatory frameworks.
Experience operating as a solo consultant or lead contributor, capable of managing multiple high-urgency priorities.
Ability to credibly advise senior stakeholders and CSOs — grounded in knowledge, presence, and delivery over polish.
Strong program management discipline — with a focus on execution, timelines, and business impact.

It’s a Plus If You Also Have

Experience in industries such as Automotive, Industrial Control Systems, or Consumer Electronics.
Familiarity with regulatory standards like FDA Premarket Guidance, Cyber Resilience Act, US Department of Commerce Connected Vehicle Rule, NIST 800-53/82, or ISO 26262/62443.
Hands-on experience with SBOMs, vulnerability management, and secure SDLC practices.
Experience engaging directly with regulators, key customers, or partners around security posture and compliance.
Familiarity with commercial or open-source tools for binary/static analysis, SCA, or CI/CD security automation.

About Us

Built on two decades of cybersecurity experience, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

Finite State has a transparent, collaborative and supportive culture - we are looking for people who have a growth mindset, are curious and innovative, and drive results. Our team is smart, but humble, hard working with lots of fun sprinkled in. Above all, our team is driven by our noble mission and we hold ourselves accountable to delivering to our customers every single day.

The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software

We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.

Create a Job Alert

Interested in building your career at Finite State? Get future opportunities sent straight to your email.