Principal Security Consultant (Hardware/Embedded Penetration Tester)
Job Description
The Principal Hardware/Embedded Systems Penetration Tester will assess the security of hardware and embedded platforms and deliver actionable remediation guidance.
Responsibilities
- Conduct hardware and firmware penetration tests across devices including IoT, automotive, ICS, and other critical infrastructure.
- Lead threat modeling activities focused on embedded systems.
- Prepare and present penetration test reports to clients.
- Collaborate with clients to formulate remediation strategies that enhance security posture.
- Develop and execute comprehensive testing plans, methodologies, and tools tailored to specific hardware platforms.
- Identify, analyze, and document security vulnerabilities and exploits in hardware and firmware.
- Work with cross‑functional teams to review system architectures and design security solutions.
- Deliver detailed findings and remediation recommendations to stakeholders through reports and presentations.
- Mentor junior team members and contribute to testing standards and best practices.
- Stay current with security trends, tools, and technologies in hardware and embedded domains.
- Research and create innovative techniques, tools, and methodologies for penetration testing services.
- Help define and document internal technical and service processes and procedures.
- Contribute to the community via tooling, presentations, white papers, and blogs.
Requirements
- Four years of security consulting experience, with at least two years focused on embedded hardware penetration and security design.
- Five years of hardware/embedded design and development experience, plus 1–2 more years in hardware/embedded security consulting and penetration testing.
- Ten or more years in hardware/embedded design, development, and fabrication, with strong knowledge of hardware/embedded security vulnerabilities.
- Hands-on hardware penetration testing skills, including soldering, probing chips, component removal/rework, and hardware debugging.
- Experience with Linux, Unix, QNX, and/or Windows operating systems.
- Knowledge of application and network protocols and design principles.
- Proficiency in reverse engineering, firmware analysis, and exploitation techniques.
- Strong understanding of embedded system architectures, communication protocols (SPI, I2C, UART), and debugging tools.
- Creative problem-solving and the ability to bypass security mechanisms when appropriate.
- Excellent communication skills, capable of translating technical concepts for non-technical stakeholders.
- Self-motivated, detail-oriented, and able to work independently with minimal supervision.
- Bachelor’s degree or higher, preferably in Computer Science, Electrical/Computer Engineering, Mathematics, IT, or equivalent experience.
- Willingness to travel up to 25%.
Technologies
- Linux, Unix, QNX, and Windows operating systems
- Embedded hardware interfaces and protocols: SPI, I2C, UART
- Programming languages: C, C++
- Architectures: x86, ARM, PPC
- CAN bus and related hardware debugging tools
Similar Jobs
J