Senior Product Security Engineer - Device & Cloud

We’re building a new IoT platform from scratch - a connected parcel locker system that blends embedded devices, cloud services, and real-world interactions. Security is at the heart of this mission.

As a Senior Product Security Engineer - Device & Cloud, you’ll define and drive the security by design approach across both edge devices and cloud infrastructure. From setting governance standards to shaping secure architectures for communication, updates, and APIs, you’ll be the senior voice ensuring that our system is safe, resilient, and compliant with the latest standards.

If you’re excited about owning security strategy for a product that will be deployed at scale in the physical world, this is the role for you.

• Drive security by design across the parcel locker platform - from embedded devices to cloud backend
• Establish and maintain security governance, defining policies, standards, and controls that guide engineering teams
• Lead threat modeling and risk assessments for edge software, device connectivity, and backend services
• Define secure practices for device identity, data exchange, and OTA update pipelines in collaboration with engineering teams
• Ensure compliance with IoT security standards (ETSI EN 303 645, NISTIR 8259A) and readiness for upcoming regulations (EU Cyber Resilience Act, UK PSTI)
• Partner with product, engineering, and hardware teams to balance security, usability, and scalability in system design
• Support incident readiness by shaping monitoring, logging, and response processes for a distributed device fleet

• 7+ years of experience in product or IoT security, with exposure to connected device ecosystems
• Strong understanding of security governance, policies, and risk management in technology organizations
• Familiarity with IoT and embedded system security concepts (device hardening, secure communication, OTA updates)
• Experience with cloud API and data security in high-throughput environments
• Knowledge of compliance frameworks for connected devices (ETSI EN 303 645, NISTIR 8259A, or equivalent)
• Strong communication and stakeholder management skills to influence security decisions across diverse teams

• Experience aligning products with EU CRA, UK PSTI, or similar IoT security regulations
• Familiarity with MQTT and IoT fleet orchestration platforms (e.g., balena, Mender)
• Exposure to secure development lifecycle (SDL) practices and supply chain security

This is a greenfield opportunity to define the security architecture and governance for a new IoT platform at scale. You’ll shape the policies, standards, and principles that protect both the devices in the field and the services in the cloud, ensuring the system is secure by design and resilient in operation.