NEURA Robotics builds cognitive robots and AI systems that operate in the real world — and the security surface that comes with that is as complex as the products themselves. You will join and strengthen a growing cybersecurity team, providing technical guidance to product engineers and security specialists across our verticals while helping expand our horizontal InfoSec function into a mature, enterprise-wide capability. Working across IT and product engineering, you will refine what is already in place, raise the bar where it matters, and make security a genuine competitive advantage rather than a bottleneck.
Shape and evolve security architecture across IT and product — reviewing designs, identifying weaknesses, and driving hands-on improvements across embedded systems, cloud services, and enterprise IT
Develop and maintain reference architectures for the highest-risk areas: secure OTA update pipelines, Zero Trust network design, cloud-native security, embedded and firmware security, IAM, and secrets management
Lead threat modelling for high-impact initiatives across product verticals and IT infrastructure — producing prioritised risk maps, not lengthy audit reports
Own and maintain the organisation-wide security risk register, translating technical findings into business-relevant assessments that leadership can act on
Establish the security standards every team is expected to meet and drive adoption without creating friction for developers — guardrails, not gates
Integrate security into the development lifecycle: select and tune SAST/DAST tooling, secrets scanning, and dependency scanning across CI/CD pipelines
Own vulnerability management: CVE triage process, remediation SLAs, and coordination across product verticals and IT operations
Map NEURA's product and IT landscape against regulatory requirements — EU Cyber Resilience Act, NIS2, ISO 27001, IEC 62443 — and close gaps proactively
Define the security bar for third-party components, libraries, and vendor integrations entering the supply chain
Scope and coordinate external penetration tests; validate that findings are remediated, not just acknowledged
Define what good looks like for future Product Security Engineers embedded in our product verticals — shaping their hiring profiles, mandates, and onboarding
Serve as the technical bridge between security and engineering: review major architectural decisions, communicate trade-offs, and translate risk into terms both developers and leadership can act on
7+ years in cybersecurity, with a track record that spans both IT infrastructure security and product or application security — you are comfortable on both sides
Hands-on experience with threat modelling methodologies such as STRIDE or PASTA, and the ability to run sessions independently with engineering teams
Strong working knowledge of DevSecOps tooling: SAST, DAST, secrets scanning, software composition analysis, and CI/CD pipeline integration
Experience designing or assessing cloud security architecture on AWS, Azure, or GCP
Solid understanding of embedded and IoT security principles: secure boot, firmware integrity, OTA update security, and hardware trust anchors
Working knowledge of relevant frameworks and regulations: ISO 27001, IEC 62443, NIS2, and the EU Cyber Resilience Act
The communication range to explain a risk register to the CEO and a threat model to an embedded engineer — in the same day
Degree in Computer Science, IT Security, Electrical Engineering, or a comparable field — or equivalent demonstrated experience
CISSP, CISM, or a comparable certification is a strong plus
Experience in robotics, industrial automation, connected hardware, or AI system environments is particularly welcome
Awareness of emerging AI and ML security risks — adversarial inputs, model theft, training data integrity — is a differentiator at NEURA