RemoteLeaf Logo
Log in Sign up

IoT / ICS / OT Penetration Tester

1 week, 3 days ago
United States, Canada
Full-time
Senior
Penetration Tester
Cybersecurity
AWS Bash C C++ Penetration Testing Python
Apply Now
Finite State

Finite State

Finite State is a top provider of product cybersecurity solutions for connected devices, offering SBOM solutions and risk analysis to reduce supply chain risk.

Internet Software & Services
51-250
Founded 2017
$50M raised
View All Jobs 8

Description

  • Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets.
  • Perform hardware interaction, firmware extraction, and PCB soldering or rework to access debug interfaces.
  • Reverse engineer firmware to identify vulnerabilities such as memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms.
  • Assess wireless and vehicle protocols including BLE, Zigbee, Z-Wave, Wi-Fi, LTE/5G, CAN bus, LIN, and automotive Ethernet.
  • Review embedded source code in C, C++, and related languages to identify security weaknesses.
  • Conduct supply chain and software composition analysis, including SBOM review and third-party component analysis.
  • Evaluate products and programs for compliance with relevant IoT, automotive, and radio security regulations and standards.
  • Write clear technical reports with risk ratings and remediation guidance for technical and executive audiences.
  • Use AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting.
  • Collaborate with product, engineering, and research teams to feed findings back into the platform and improve detection capabilities.
  • Support customer engagements including scoping calls, technical debriefs, and remediation follow-up.
  • Contribute to internal knowledge sharing, tooling development, methodology improvement, and external research or conference activity.

Requirements

  • Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field.
  • 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security.
  • Demonstrated experience with hardware-level security assessments, including JTAG/SWD, SPI/I2C/UART, flash extraction, and PCB soldering or rework.
  • Proficiency with firmware reverse engineering tools such as Ghidra and/or Binary Ninja.
  • Ability to analyze ARM, MIPS, PPC, x86, and x64 architectures.
  • Experience testing IoT and automotive wireless protocols such as BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces.
  • Ability to read and review C and C++ source code for memory safety, authentication, and other embedded security issues.
  • Familiarity with SBOM concepts and formats such as CycloneDX and SPDX.
  • Working knowledge of relevant standards and regulations such as EU CRA, CE RED, EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark.
  • Excellent written and verbal communication skills with proven technical reporting and presentation ability.
  • Experience with scripting and automation using Python and Bash.
  • Familiarity with AI-assisted security tooling and interest in LLM-based workflows.
  • Preferred: hands-on automotive security experience such as OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation.
  • Preferred: experience with ICS/SCADA security assessments and protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA.
  • Preferred: CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets.
  • Preferred: relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials.
  • Preferred: familiarity with static and dynamic analysis platforms and SAST/DAST tooling for firmware and embedded software.
  • Preferred: experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines.
  • Preferred: experience working on small, fast-moving consulting or product security teams.
  • Preferred: comfort operating in AWS or similar cloud environments used for analysis pipelines or customer deliverables.

Benefits

  • Fully remote work with a high degree of autonomy and ownership.
  • Comprehensive benefits package.
  • Learning stipends to support professional development.
  • Equity participation to share in the company's growth and success.
  • Opportunity to work on mission-driven connected device cybersecurity challenges.
  • Fast-moving team culture focused on transparency, innovation, and impact.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Klaviyo

Director of Security Risk & Trust

Klaviyo 1K-5K IT Services

Klaviyo is hiring a Director of Security Risk and Trust to lead its security, governance, risk, and compliance program across cloud, product, and AI-driven environments as the company expands into new markets and regulated industries.

United States Full-time Executive Penetration Tester Program Manager
$234k-$350k
AWS Azure CloudFormation Encryption GCP Go HIPAA Machine Learning Python Terraform
1 minute ago
Grafana

Senior Risk Management Engineer

Grafana 1K-5K IT Services

Grafana Labs is hiring a Senior Risk Management Engineer to strengthen its enterprise risk management program across a fast-scaling, remote-first cloud platform.

United Kingdom Full-time Senior Penetration Tester
$104k-$125k
16 minutes ago
Grafana

Senior Risk Management Engineer

Grafana 1K-5K IT Services

Grafana Labs is hiring a Senior Risk Management Engineer to mature its enterprise risk management program across a remote global organization supporting Grafana Cloud.

United States Full-time Senior Penetration Tester
$143k-$173k
31 minutes ago
Grafana

Senior Risk Management Engineer

Grafana 1K-5K IT Services

Grafana Labs is hiring a Senior Risk Management Engineer to mature its enterprise risk program across a fast-scaling, remote-first observability platform.

Germany Full-time Senior Penetration Tester
$92k-$111k
31 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers