We’re building a new IoT platform from scratch - a connected parcel locker system that blends embedded devices, cloud services, and real-world interactions. Security is at the heart of this mission.

As a Senior Product Security Engineer - Device & Cloud, you’ll define and drive the security by design approach across both edge devices and cloud infrastructure. From setting governance standards to shaping secure architectures for communication, updates, and APIs, you’ll be the senior voice ensuring that our system is safe, resilient, and compliant with the latest standards.

If you’re excited about owning security strategy for a product that will be deployed at scale in the physical world, this is the role for you.

Tasks

Drive security by design across the parcel locker platform - from embedded devices to cloud backend
Establish and maintain security governance, defining policies, standards, and controls that guide engineering teams
Lead threat modeling and risk assessments for edge software, device connectivity, and backend services
Define secure practices for device identity, data exchange, and OTA update pipelines in collaboration with engineering teams
Ensure compliance with IoT security standards (ETSI EN 303 645, NISTIR 8259A) and readiness for upcoming regulations (EU Cyber Resilience Act, UK PSTI)
Partner with product, engineering, and hardware teams to balance security, usability, and scalability in system design
Support incident readiness by shaping monitoring, logging, and response processes for a distributed device fleet

Requirements

7+ years of experience in product or IoT security, with exposure to connected device ecosystems
Strong understanding of security governance, policies, and risk management in technology organizations
Familiarity with IoT and embedded system security concepts (device hardening, secure communication, OTA updates)
Experience with cloud API and data security in high-throughput environments
Knowledge of compliance frameworks for connected devices (ETSI EN 303 645, NISTIR 8259A, or equivalent)
Strong communication and stakeholder management skills to influence security decisions across diverse teams

Bonus Points

Experience aligning products with EU CRA, UK PSTI, or similar IoT security regulations
Familiarity with MQTT and IoT fleet orchestration platforms (e.g., balena, Mender)
Exposure to secure development lifecycle (SDL) practices and supply chain security

This is a greenfield opportunity to define the security architecture and governance for a new IoT platform at scale. You’ll shape the policies, standards, and principles that protect both the devices in the field and the services in the cloud, ensuring the system is secure by design and resilient in operation.

Jobs at GLS NXT

Job recommendations