Senior Product Security Engineer - Device & Cloud

We’re building a new IoT platform from scratch - a connected parcel locker system that blends embedded devices, cloud services, and real-world interactions. Security is at the heart of this mission.As a Senior Product Security Engineer - Device & Cloud, you’ll define and drive the security by design approach across both edge devices and cloud infrastructure. From setting governance standards to shaping secure architectures for communication, updates, and APIs, you’ll be the senior voice ensuring that our system is safe, resilient, and compliant with the latest standards.If you’re excited about owning security strategy for a product that will be deployed at scale in the physical world, this is the role for you.TasksDrive security by design across the parcel locker platform - from embedded devices to cloud backendEstablish and maintain security governance, defining policies, standards, and controls that guide engineering teamsLead threat modeling and risk assessments for edge software, device connectivity, and backend servicesDefine secure practices for device identity, data exchange, and OTA update pipelines in collaboration with engineering teamsEnsure compliance with IoT security standards (ETSI EN 303 645, NISTIR 8259A) and readiness for upcoming regulations (EU Cyber Resilience Act, UK PSTI)Partner with product, engineering, and hardware teams to balance security, usability, and scalability in system designSupport incident readiness by shaping monitoring, logging, and response processes for a distributed device fleetRequirements7+ years of experience in product or IoT security, with exposure to connected device ecosystemsStrong understanding of security governance, policies, and risk management in technology organizationsFamiliarity with IoT and embedded system security concepts (device hardening, secure communication, OTA updates)Experience with cloud API and data security in high-throughput environmentsKnowledge of compliance frameworks for connected devices (ETSI EN 303 645, NISTIR 8259A, or equivalent)Strong communication and stakeholder management skills to influence security decisions across diverse teamsBonus PointsExperience aligning products with EU CRA, UK PSTI, or similar IoT security regulationsFamiliarity with MQTT and IoT fleet orchestration platforms (e.g., balena, Mender)Exposure to secure development lifecycle (SDL) practices and supply chain securityThis is a greenfield opportunity to define the security architecture and governance for a new IoT platform at scale. You’ll shape the policies, standards, and principles that protect both the devices in the field and the services in the cloud, ensuring the system is secure by design and resilient in operation.