More jobs:
Product Security Technical Consultant
Job in
Town of Poland, Jamestown, Chautauqua County, New York, 14701, USA
Listed on 2026-07-14
Listing for:
EPAM Systems
Full Time
position Listed on 2026-07-14
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
We are seeking a Product Security Technical Consultant to advise industrial product development teams on security requirements, regulatory compliance and AI-driven secure development practices across large, federated product portfolios.
Responsibilities- Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows and risk acceptance procedures
- Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations and vulnerability handling procedures
- Perform OT/ICS security level assessments including SL‑T vs SL‑A gap analysis, zone/conduit modeling and component requirement mapping
- Lead threat modeling workshops with engineering teams using STRIDE, PASTA or MITRE ATT&CK for ICS
- Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration and secure coding standards
- Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
- Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
- Integrate AI security controls into Dev Sec Ops pipelines including model provenance, AI SBOM and MLOps security gates
- Support conformity obligations for high‑risk AI systems including technical documentation, human oversight mechanism design and audit trail architecture
- Conduct engineering‑level regulatory gap assessments across CRA, NIS2, EU AI Act and DORA frameworks and deliver remediation roadmaps
- Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross‑functional alignment workshops
- Contribute to external publications, white papers and industry forums to support practice capability‑building
- 5+ years of experience in product security advisory for industrial product development
- Knowledge of CRA, IEC 62443 and NIS2 regulatory frameworks
- Expertise in threat modeling methodologies including STRIDE, PASTA and MITRE ATT&CK for ICS
- Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
- Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
- Understanding of EU AI Act conformity obligations for high‑risk AI systems
- Background in Dev Sec Ops pipeline integration including CI/CD compliance checks and MLOps security gates
- Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
- Capability to conduct engineering‑level gap assessments and deliver remediation roadmaps across regulatory frameworks
- We gather like‑minded people:
- Engineering community of industry professionals
- Friendly team and enjoyable working environment
- Flexible schedule and opportunity to work remotely within Poland
- Chance to work abroad for up to 60 days annually
- Business‑driven relocation opportunities
- Outstanding career roadmap
- Leadership development, career advising, soft skills, and well‑being programs
- Unlimited access to Linked In Learning, Get Abstract, Cloud Guru
- We cover it all:
- Stable income (Employment Contract or B2B)
- Participation in the Employee Stock Purchase Plan
- Benefits package (health insurance, multisport, shopping vouchers)
- Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
- Referral bonuses
- Corporate, social and well‑being events
- Please, note:
- The set of bonuses might vary based on the role you apply for – specifics will be discussed with our recruiter during the general interview.
- We will reach out to selected candidates exclusively.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×