Senior Product Security Consultant

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Engage in architecture and design evaluations throughout the AMI product spectrum — including metering devices, RF/cellular modules, gateways, cloud pipelines, and SaaS portals — offering security insights from the initial phases of the development lifecycle.

• Conduct threat modeling (STRIDE, PASTA) within the AMI architecture, pinpointing attack surfaces and trust boundaries extending from the meter to the cloud.

• Assist in establishing firmware security standards and oversee security testing of metering hardware, which involves firmware extraction/analysis and reviewing supply chain components.

• Collaborate with Cloud and DevOps teams to integrate security measures into Infrastructure as Code (IaC) templates and CI/CD pipelines.

• Execute or oversee SAST, DAST, and SCA testing within the CI/CD pipelines of NTG’s utility management applications and consumer-facing portals.

• Evaluate authentication, authorization, and API security in multi-tenant SaaS portals designed for utility administrators, end users, and integration partners.

• Act as the lead liaison between Security & Compliance and Product Development, ensuring that requirements are not only documented but also effectively implemented, while supporting evidence gathering for audits across firmware, cloud, and SaaS.

• Offer technical assistance during product security incidents and post-incident evaluations, transforming findings into architectural enhancements or engineering backlog tasks.

⛳️ Requirements

• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Information Security, or a related discipline (or equivalent experience).

• Over 5 years of experience in product security, application security, or embedded/IoT security.

• Practical experience with SAST, DAST, SCA, and manual code reviews for web applications, APIs, or embedded software.

• Capability to engage technically with firmware engineers, hardware designers, and SaaS developers.

• Proficient in English - Essential.

• Strong knowledge of AWS.

🏝️ Benefits

• Competitive market-aligned salary;

• Performance-based bonus;

• Health plan - Unipart Flex;

• Dental plan - Bradesco;

• Flash card - R$55.00 per day;

• Day off;

• English course - reimbursement modality;

• Well-being benefits – Total Pass, Clude, and C4Life.