Jobs · Engineering

Senior Consultant

Bureau Veritas · United States · Yesterday
RemoteRemoteEngineeringFull-time

Key Responsibilities

  • Execute and support delivery of product security consulting engagements, including:
    • Product security maturity assessments
    • CRA, IEC 62443, IoT security, automotive, medical device - standards and regulatory readiness and gap assessments
    • Threat modeling, abuse case analysis, and product risk assessments
    • Secure architecture review and security requirement definition for connected products
    • Secure product development lifecycle (PDL/SDL) and technical product technical requirements implementation support
    • Product security, maturity modelling, scoring, heatmaps, and remediation roadmaps
  • Translate regulatory and standard requirements into engineering actions, test cases, control frameworks, and evidence expectations
  • Produce structured, audit-defensible deliverables aligned to BV methodologies
  • Regulatory Harmonization & Product Security Compliance
    • Apply and operationalize product cybersecurity regulatory frameworks across engagements
    • Support harmonization and implementation across product security regulations and standards, including:
      • EU Cyber Resilience Act (CRA)
      • NIS2 Directive
      • Relevant North American IoT security initiatives (e.g., NIST, FCC, and related connected-device security expectations)
      • Secure Development Lifecycle & Process Standards: IEC 62443-4-1, NIST Secure Software Development Framework (SSDF), OWASP SAMM, ISO/IEC 27034, and secure software engineering practices
      • Technical Security Requirements & Baselines: EU Common Criteria, IEC 62443-4-2, ETSI EN 303 645 (IoT security), NIST IoT cybersecurity guidance, OWASP ASVS, and API security frameworks
      • Software Supply Chain & SBOM: SBOM standards and formats (SPDX, Cyclone-DX), NIST supply chain risk management guidance
      • Sector-Specific Frameworks (as applicable): ISO/SAE 21434 and UNECE R155/R156 (automotive), FDA and MDCG cybersecurity guidance (medical devices), ISO 14971 (medical risk management)
  • Develop and use: Control mappings, and CRA/IEC/sector-specific requirement crosswalks
  • Evidence matrices, assessment checklists, and regulatory traceability models
  • Compliance scoring models, maturity models, heatmaps, and remediation roadmaps
  • Help clients move from regulatory interpretation → implementation → verification → readiness
  • Product Security Engineering & Architecture Support
    • Support clients in securing connected product architectures, including:
      • Embedded systems and firmware, device operating systems, and product interfaces
      • Industrial and IoT devices, network equipment, and operational technology components
      • Software applications, APIs, and web management interfaces
      • Cloud-connected product backends, and supporting infrastructure
    • Contribute to: Threat models, security architecture definitions, identity, communication, and data protection strategies
    • Aid in defining aligned technical product security requirements and validation criteria mapped to EU CC, CRA, IEC 62443, OWASP, NIST, ETSI, and sector-specific expectations
    • Security Verification & Validation Support
      • Contribute to product and system-level security validation activities
      • Support development of test cases, validation frameworks and evidence packages aligned to regulatory and standard requirements
      • Help structure outputs into certification and regulations ready evidence packages
  • Business Development (Seller-Doer Expectation)
    • Support growth of product security, and regulatory compliance services through:
      • Client discussions, technical solutioning and discovery workshops
      • Proposal development and response support
      • Participation in discovery workshops and scoping sessions
      • Help position BV as a trusted partner for product security, CRA readiness, and connected-product assurance
      • Contribute to service offering development and reusable artifacts

    Required Experience

    • 6–10 years of experience in cybersecurity with exposure to product security, industrial systems, embedded systems, or connected devices
    • Hands-on involvement in security assessments, risk analysis, vulnerability management, or architecture engagements
    • Technical Competencies: Understanding of threat modeling and risk assessment methodologies, secure development lifecycle (SDL) concepts, product and system security architecture, software supply chain security (SBOM, SCA), knowledge of various laws and regulations related to cyber product security, as well as the current developments in this area.
    • Experience delivering IEC 62443, IoT security, automotive cybersecurity, medical-device cybersecurity
    • Experience in technical operations of areas such as SBOM, PSIRT, standards and regulatory readiness
    • Experience creating control mappings, evidence matrices, requirement crosswalks, assessment checklists, report templates, or regulatory-readiness frameworks
    • Relevant certifications such as CISSP, CSSLP, GICSP, ISA/IEC 62443 certificates, ISO 27001 Lead Implementer/Auditor, or equivalent practical experience are helpful but not mandatory

Similar jobs

Senior Consultant

PyrovioAkron, OH· 3 wk ago
Information Technologyapply on pyrovio.breezy.hr

Senior Consultant

QualusCarson City, NV· 1 wk ago
Consultingapply on careers-qualus.icims.com

Senior Consultant

RimkusWailuku, HI· 2 mo ago
RemoteOTHR$104k–$156k/yrapply on apply.workable.com

Senior Consultant

RimkusHonolulu, HI· 2 mo ago
RemoteOTHR$104k–$156k/yrapply on apply.workable.com

Senior Consultant

MGO (Macias Gini & O'Connell LLP)Chicago, IL· 3 wk ago
Consultingapply on careers-mgocpa.icims.com