Sr. Product Security Consultant

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities. 

We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.

Senior Product Security Consultant

We are seeking a Senior Product Security Consultant to join our Product Security Services team and deliver outcome-driven, end-to-end consulting engagements focused on securing embedded and connected devices.

This is a high-priority, senior individual contributor role, ideal for someone who has both deep product security experience and a strong consulting presence. You'll be responsible for owning the full lifecycle of service engagements — including scoping, proposal development, execution, delivery, and post-engagement support.

You’ll work directly with engineering and security leaders across industries, offering practical, actionable guidance around secure product development, testing, risk reduction, and compliance. While not a leadership role in title, this position requires the presence and expertise to advise CSOs and senior stakeholders, acting as the face of product security delivery for our clients.

If you're a product security expert with a consultative mindset who thrives in fast-paced environments, knows how to command a room, and enjoys delivering real results, this could be a strong fit.

Responsibilities

• Own and lead product security consulting engagements end-to-end — including client scoping, proposal writing, delivery, and outcomes.
• Deliver product security services such as security control validation, policy implementation, secure development lifecycle integration, penetration testing advisory, and risk assessments.
• Translate security findings into business-aligned, actionable recommendations for both technical and executive audiences.
• Serve as a trusted advisor to clients — including CSOs, compliance leaders, and engineering teams — helping them mature their product security posture.
• Consult on global regulatory mandates relevant to connected systems (e.g., FDA 524B, CRA, Department of Commerce Connected Vehicle Rule, NIST, EO 14028), translating those into practical implementation plans.
• Guide clients on security integration into DevOps pipelines, including tooling strategy and SBOM/vulnerability workflows.
• Drive urgency and accountability across all engagements — from early discovery through program handoff and beyond.
• Take ownership of program management and delivery outcomes — maintaining high standards for communication, execution, and customer satisfaction.
  
  

What We’re Looking For

• 8–10+ years of hands-on experience in product security and/or product security consulting — including embedded systems, connected device platforms, or firmware security.
• Demonstrated experience delivering product security services as a consultant or internal lead — not just advising, but doing.
• Background in startups or fast paced consulting environments with high accountability and direct client engagement.
• Proven ability to scope, lead, and execute consulting projects independently.
• Strong understanding of product security controls, penetration testing, secure product design, and related regulatory frameworks.
• Experience operating as a solo consultant or lead contributor, capable of managing multiple high-urgency priorities.
• Ability to credibly advise senior stakeholders and CSOs — grounded in knowledge, presence, and delivery over polish.
• Strong program management discipline — with a focus on execution, timelines, and business impact.
  
  

It’s a Plus If You Also Have

• Experience in industries such as Automotive, Industrial Control Systems, or Consumer Electronics.
• Familiarity with regulatory standards like FDA Premarket Guidance, Cyber Resilience Act, US Department of Commerce Connected Vehicle Rule, NIST 800-53/82, or ISO 26262/62443.
• Hands-on experience with SBOMs, vulnerability management, and secure SDLC practices.
• Experience engaging directly with regulators, key customers, or partners around security posture and compliance.
• Familiarity with commercial or open-source tools for binary/static analysis, SCA, or CI/CD security automation.

Why Finite State?

• Be a part of building the leading platform for connected device cybersecurity.
• Join a fast-moving team that values transparency, innovation, and impact.
• Work fully remotely with a high degree of autonomy and ownership.
• Comprehensive Benefits
• Investment: We offer learning stipends to support your professional development
• Equity: We offer equity so you can share in our growth and success
• Help solve some of the most pressing cybersecurity challenges facing connected device  manufacturers and the millions of people who depend on them

About Finite State

At Finite State, we're on a mission to secure the connected world. Our platform empowers product security teams to detect vulnerabilities, manage software supply chain risks, and ensure compliance across complex device ecosystems. From IoT to critical infrastructure, we provide unparalleled visibility into firmware and software components, helping organizations protect their products and customers.

We move with urgency and intent — we’re transparent, own outcomes, put customers first, speak up, and learn fast — turning evidence into action. CLARITY is how we move fast without breaking trust.

• C - Customer first - Learn from customers. Ship with urgency.
• L - Leverage - Outsource the routine. Own the result.
• A - Agency - We take responsibility—end to end.
• R - Results - Ship value. Improve fast.
• I - Integrity - Speak up. Experiment boldly. Be kind.
• T - Transparency - Clear context. Faster decisions.
• Y - "Why" - Our mission—securing the connected products humanity depends on—is the reason Finite State exists. CLARITY is how we make that mission real, every day, at speed

Bold Innovation – We push boundaries, explore new ideas, and take initiative to solve complex problems.

The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software

We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.