Security Architect for Consumer Smart Home Device — OTA, Device Hardening, Privacy

Posted 4 weeks ago

Worldwide

Summary

Engagement:** Hourly, part-time advisory (est. 5–10 hrs/week to start), fully remote, flexible schedule. Strong potential to grow into an ongoing fractional role as we scale. ## About the project We're a small, well-connected hardware team taking an AI-powered, voice-interactive consumer device from working prototype to commercial launch. The device is an always-on, microphone-equipped Android-based unit that lives in users' homes. The device itself is thin — audio capture and display — with conversation handled server-side via modern AI APIs. Two things make security and privacy central for us rather than a checkbox: the conversations users have with the device are deeply personal, and our user base skews older and less technical. We're looking for someone who understands that combination — not a generic vulnerability scan. ## What you'd do - Build a practical threat model across the full system (device ↔ server ↔ data ↔ admin access) and a prioritized remediation plan suited to a pre-seed, capital-efficient startup - Harden the live platform: API authentication/authorization, secrets management, encryption and data-retention practices, hosting/deployment review - Design a secure OTA update pipeline (signed, authenticated, tamper-resistant) **before** it's built, plus a first-boot provisioning model so units can ship factory-direct without hand-flashing — and without the factory ever holding our code, credentials, or signing keys - Advise on device lockdown / kiosk-mode configuration on a clean AOSP image, and factory device-identity provisioning in coordination with our contract manufacturer - Help us redesign consumer onboarding: today Wi-Fi setup happens via remote control through stock Android settings, which is clunky for a non-technical audience. We want a friendlier, secure setup flow (e.g., BLE-assisted from a phone, SoftAP/captive portal, or QR-based) - Advise on privacy posture for sensitive personal data and a less-technical audience: policy, working data-deletion path, device reset for resold units, relevant US state privacy law - Scope and oversee a penetration test ahead of launch; help establish incident-response basics - Advise on AI-layer safeguards (prompt injection, persona manipulation) for a conversational product You don't need to personally execute every workstream — we're equally open to a "quarterback" who brings in specialists for pen testing or compliance. But the core device/OTA/manufacturing security expertise must be real. You'd own the security and OTA/provisioning architecture and work alongside a hardware/manufacturing consultant (who assesses factory feasibility and cost of your requirements) and our internal dev lead — one consistent set of requirements goes to each factory. First concrete milestone: our founder visits candidate factories in China in late June, and your first-pass provisioning and onboarding requirements feed directly into supplier selection — so we're looking for someone who can start within days, not weeks. ## Must-haves - You have **shipped security for a consumer hardware product that goes into homes** — ideally something with an always-on microphone, wireless connectivity (Wi-Fi/BT), and remote updates - Hands-on experience securing **OTA update pipelines** end to end - Comfortable working at prototype stage: pragmatic prioritization, not enterprise-program overkill - Experience with Android/AOSP-based or embedded Linux devices (we're on a Rockchip platform with a kiosk-mode launcher) - Strong written communication; able to work async with a distributed founding team (North America / Asia time zones) ## Nice-to-haves - Experience coordinating provisioning/security with Chinese contract manufacturers - Familiarity with FCC-certified consumer electronics bring-up - Exposure to LLM/conversational-AI product security - Experience designing consumer device-provisioning and onboarding flows (Wi-Fi setup, first-boot activation) - Privacy/compliance background (US state privacy laws, sensitive data categories) ## To apply, please answer briefly 1. Describe a consumer hardware product you helped secure that shipped into homes. What was your role? 2. How do you approach securing an OTA update pipeline end to end? 3. How would you handle highly sensitive personal data for a non-technical, older-skewing user base? 4. Do you cover both architecture/threat modeling and hands-on hardening yourself, or do you quarterback specialists? 5. How do you approach manufacturing/provisioning security with a contract manufacturer? 6. Your hourly rate and current weekly availability. We'll start with a focused initial engagement (threat model + top-priority remediation plan). If it goes well, this grows with us through pilot production and launch.

  • Less than 30 hrs/week
    Hourly
  • 6+ months
    Duration
  • Expert
    Experience Level
  • $40.00

    -

    $120.00

    Hourly
  • Remote Job
  • Ongoing project
    Project Type

Contract-to-hire opportunity

This lets talent know that this job could become full time.
Learn more
Skills and Expertise
Mandatory skills
Information Security
AI Security
Activity on this job
  • Proposals:5 to 10
  • Last viewed by client:3 weeks ago
  • Interviewing:
    3
  • Invites sent:
    3
  • Unanswered invites:
    0
About the client
Member since Apr 10, 2008
  • Hong Kong
    Kowloon1:12 AM
  • $28K total spent
    45 hires, 3 active
  • 1,542 hours
  • Manufacturing & Construction
    Mid-sized company (10-99 people)

Explore similar jobs on Upwork

UK Cybersecurity Sales ProfessionalHourly‐ Posted 3 weeks ago
Sales
Phone Communication
Telemarketing
Cold Calling
Help with cyber security photoshopHourly‐ Posted 10 months ago
Penetration Testing
System Security
Cybersecurity Management
Vulnerability Assessment
Security Assessment & Testing
Network Penetration Testing
Testing
Software Testing
Ethical Hacking
Threat Detection

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo