Senior Consultant
Remote, Remote, US
A WORLD LEADER IN TESTING, INSPECTION & CERTIFICATION SERVICES
Bureau Veritas offers dynamic, exciting employment opportunities with an attractive salary/benefit package and an opportunity to play a vital role with a global organization. If you would enjoy working in a dynamic environment and are looking for an opportunity to become part of a stellar team of professionals, we invite you to apply online today.
Bureau Veritas is an Equal Opportunity Employer, and as such we recruit, hire, train, and promote persons in all job classifications without regard to race, color, religion, sex, national origin, disability, age, marital status, citizen status, sexual orientation, gender identity, genetics, status as a protected veteran, or any other non-job-related characteristics.
This position is responsible to ensure equal opportunity in employment in that all persons are treated equally and on the basis of merit, in decisions regarding selection, placement, promotions, training, work assignments, transfers and other personnel actions.
City: Remote
State: Remote
Senior Consultant – Product Security & Compliance (Connected Products)
Location: United States (Remote)
Business Unit: Cyber Security
Imagine your customer is a leading industrial component manufacturer, specializing in top-notch manufacturing and transportation equipment. You have ambitious goals: to streamline processes, ensure top-quality security for your client’s products, and assure cybersecurity. That’s where you come in. Our analysis will bridge any gaps across design, engineering, SDLC and technical control testing, and regulatory readiness, helping clients meet requirements such as the EU CRA, IEC 62443, and other product security standards.
With our expertise in testing, inspection and independent security validation services, you will assist your client in raising their cyber resilience like never before. Your success story? It's written in client readiness and satisfaction, secure products, and audit-defensible evidence. Now also imagine the same story, but for products such as vehicles, medical devices, ships, IoT products, network equipment, software products, etc. Doesn’t it sound like an exciting mission?
Bureau Veritas Cybersecurity provides cybersecurity services covering people, organization, technology, of products, and connected ecosystems.
We have reputable clients and they request expertise to increase their level of cybersecurity, and regulatory readiness.
Role Overview
The Senior Consultant – Product Security & Compliance is a doer role responsible for delivering product security and compliance engagements while supporting the growth of Bureau Veritas’ Cyber Security services across North America.
This role focuses on helping clients translate regulatory requirements for North American customers, into practical, engineering-aligned product security controls, harmonized with frameworks across sectors with current compliance standards and frameworks
The individual will work across industrial, IoT, embedded, software, medical technology, transportation, and cloud-connected product environments, supporting execution of engagements, development of repeatable offerings, and business development activities.
Key Responsibilities
1. Client Engagement Delivery
- Execute and support delivery of product security consulting engagements, including:
- Product security maturity assessments
- CRA, IEC 62443, IoT security, automotive, medical device,- standards and regulatory readiness and gap assessments
- Threat modeling, abuse case analysis, and product risk assessments
- Secure architecture review and security requirement definition for connected products
- Secure product development lifecycle (PDL/SDL) and technical product technical requirements implementation support
- Product security, maturity modelling, scoring, heatmaps, and remediation roadmaps
- Translate regulatory and standard requirements into engineering actions, test cases, control frameworks, and evidence expectations
- Produce structured, audit-defensible deliverables aligned to BV methodologies
2. Regulatory Harmonization & Product Security Compliance
- Apply and operationalize product cybersecurity regulatory frameworks across engagements
- Support harmonization and implementation across product security regulations and standards, including:
- Regulatory Standards and Frameworks:
- EU Cyber Resilience Act (CRA)
- NIS2 Directive
- Relevant North American IoT security initiatives (e.g., NIST, FCC, and related connected-device security expectations)
- Secure Development Lifecycle & Process Standards:
- IEC 62443-4-1
- NIST Secure Software Development Framework (SSDF)
- OWASP SAMM
- ISO/IEC 27034 and secure software engineering practices
- Technical Security Requirements & Baselines:
- EU Common Criteria
- IEC 62443-4-2
- ETSI EN 303 645 (IoT security)
- NIST IoT cybersecurity guidance
- OWASP ASVS and API security frameworks
- Software Supply Chain & SBOM:
- SBOM standards and formats (SPDX, Cyclone-DX)
- NIST supply chain risk management guidance
- Sector-Specific Frameworks (as applicable):
- ISO/SAE 21434 and UNECE R155/R156 (automotive)
- FDA and MDCG cybersecurity guidance (medical devices)
- ISO 14971 (medical risk management)
- Develop and use:
- Control mappings, and CRA/IEC/sector-specific requirement crosswalks
- Evidence matrices, assessment checklists, and regulatory traceability models
- Compliance scoring models, maturity models, heatmaps, and remediation roadmaps
- Help clients move from regulatory interpretation → implementation → verification → readiness
3. Product Security Engineering & Architecture Support
- Support clients in securing connected product architectures, including:
- Embedded systems and firmware, device operating systems, and product interfaces
- Industrial and IoT devices, network equipment, and operational technology components
- Software applications, APIs, and web management interfaces
- Cloud-connected product backends, and supporting infrastructure
- Contribute to:
- Threat models
- Security architecture definitions
- Identity, communication, and data protection strategies
- Assist in defining aligned technical product security requirements and validation criteria mapped to EU CC, CRA, IEC 62443, OWASP, NIST, ETSI, and sector-specific expectations
4. Security Verification & Validation Support
- Contribute to product and system-level security validation activities,
- Support development of test cases, validation frameworks and evidence packages aligned to regulatory and standard requirements
- Help structure outputs into certification and regulations ready evidence packages
5. Business Development (Seller-Doer Expectation)
- Support growth of product security, and regulatory compliance services through:
- Client discussions, technical solutioning and discovery workshops
- Proposal development and response support
- Participation in discovery workshops and scoping sessions
- Help position BV as a trusted partner for product security, CRA readiness, and connected-product assurance
- Contribute to service offering development and reusable artifacts
6. Capability Development & Team Contribution
- Contribute to building repeatable product security, and compliance methodologies and templates
- Support development of:
- Regulatory aligned frameworks
- Product security assessment models
- Testing and validation structures
- Mentor junior consultants and support team knowledge development
- Collaborate with global BV teams and technical specialists
Required Experience
Core Experience
- 6–10 years of experience in cybersecurity with exposure to product security, industrial systems, embedded systems, or connected devices
- Experience working in consulting or client-facing delivery roles
- Hands-on involvement in security assessments, risk analysis, vulnerability management, or architecture engagements
Technical Competencies
- Understanding of:
- Threat modeling and risk assessment methodologies
- Secure development lifecycle (SDL) concepts
- Product and system security architecture
- Software supply chain security (SBOM, SCA)
- Knowledge of various laws and regulations related to cyber product security, as well as the current developments in this area.
- Exposure to security testing techniques across device, firmware, application, hardware, or system layers is a strong plus
Consulting & Personal Attributes
- Strong structured problem-solving, evidence review, and documentation skills
- Ability to balance technical depth with client communication, and engineering practicality
- Results-oriented with a seller-doer mindset, and ability to support business development
- Comfortable working across multiple industries, product types, and stakeholder groups
- Willingness to travel for onsite engagements as needed
Preferred Experience
- Experience delivering IEC 62443, IoT security, automotive cybersecurity, medical-device cybersecurity,
- Experience in technical operations of areas such as SBOM, PSIRT, standards and regulatory readiness,
- Experience creating control mappings, evidence matrices, requirement crosswalks, assessment checklists, report templates, or regulatory-readiness frameworks
- Relevant certifications such as CISSP, CSSLP, GICSP, ISA/IEC 62443 certificates, ISO 27001 Lead Implementer/Auditor, or equivalent practical experience are helpful but not mandatory
WHAT CAN YOU EXPECT FROM US?
We are an organization with a strong focus on technical cybersecurity, delivering high-quality technical services in the field of digital security. You will be part of a team of motivated international specialists, where knowledge exchange is highly valued.
At Bureau Veritas Cybersecurity, we provide an environment for you to develop your talents and stimulate your professional growth. Together, we work to safeguard the security and integrity of valuable data while facing the challenges of the ever-evolving digital world. Bureau Veritas Cybersecurity is a fast-growing company with ambitious goals. You will have the opportunity to grow along with us and shape your career allowing you to become an expert in your field.
In terms of content, we offer you a diverse portfolio of exciting clients and projects. We are part of Bureau Veritas, which means that international opportunities are expanding, both for project work and for advancing your career.
ARE YOU THE PRODUCT SECURITY CONSULTANT WE ARE LOOKING FOR? We would love to hear from you. Do you have questions or do you want to submit your CV? You can reach us through our website or reach out to us on jobs.cybersecurity@bureauveritas.com
If you are an individual with a disability and you would like us to assist you with searching the Careers Page site for employment opportunities and/or assistance with completing your profile and application, please contact us at 1-888-357-7020 or email us with your request to NorthAmericaTA@bureauveritas.com.
We are happy to assist you and encourage you to consider Bureau Veritas for your next great career opportunity!
If you would like additional information regarding Bureau Veritas' federal obligations in regards to equal employment opportunity, please click the link below:
https://www.dol.gov/agencies/ofccp/posters