RemoteLeaf Logo
Log in Sign up

IoT / ICS / OT Penetration Tester

1 month, 1 week ago
United States, Canada
Full-time
Senior
Penetration Tester
Cybersecurity
AWS Bash C C++ Penetration Testing Python
Apply Now
Finite State

Finite State

Finite State is a top provider of product cybersecurity solutions for connected devices, offering SBOM solutions and risk analysis to reduce supply chain risk.

Internet Software & Services
51-250
Founded 2017
$50M raised
View All Jobs 11

Description

  • Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets.
  • Perform hardware interaction, firmware extraction, and PCB soldering or rework to access debug interfaces.
  • Reverse engineer firmware to identify vulnerabilities such as memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms.
  • Assess wireless and vehicle protocols including BLE, Zigbee, Z-Wave, Wi-Fi, LTE/5G, CAN bus, LIN, and automotive Ethernet.
  • Review embedded source code in C, C++, and related languages to identify security weaknesses.
  • Conduct supply chain and software composition analysis, including SBOM review and third-party component analysis.
  • Evaluate products and programs for compliance with relevant IoT, automotive, and radio security regulations and standards.
  • Write clear technical reports with risk ratings and remediation guidance for technical and executive audiences.
  • Use AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting.
  • Collaborate with product, engineering, and research teams to feed findings back into the platform and improve detection capabilities.
  • Support customer engagements including scoping calls, technical debriefs, and remediation follow-up.
  • Contribute to internal knowledge sharing, tooling development, methodology improvement, and external research or conference activity.

Requirements

  • Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field.
  • 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security.
  • Demonstrated experience with hardware-level security assessments, including JTAG/SWD, SPI/I2C/UART, flash extraction, and PCB soldering or rework.
  • Proficiency with firmware reverse engineering tools such as Ghidra and/or Binary Ninja.
  • Ability to analyze ARM, MIPS, PPC, x86, and x64 architectures.
  • Experience testing IoT and automotive wireless protocols such as BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces.
  • Ability to read and review C and C++ source code for memory safety, authentication, and other embedded security issues.
  • Familiarity with SBOM concepts and formats such as CycloneDX and SPDX.
  • Working knowledge of relevant standards and regulations such as EU CRA, CE RED, EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark.
  • Excellent written and verbal communication skills with proven technical reporting and presentation ability.
  • Experience with scripting and automation using Python and Bash.
  • Familiarity with AI-assisted security tooling and interest in LLM-based workflows.
  • Preferred: hands-on automotive security experience such as OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation.
  • Preferred: experience with ICS/SCADA security assessments and protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA.
  • Preferred: CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets.
  • Preferred: relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials.
  • Preferred: familiarity with static and dynamic analysis platforms and SAST/DAST tooling for firmware and embedded software.
  • Preferred: experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines.
  • Preferred: experience working on small, fast-moving consulting or product security teams.
  • Preferred: comfort operating in AWS or similar cloud environments used for analysis pipelines or customer deliverables.

Benefits

  • Fully remote work with a high degree of autonomy and ownership.
  • Comprehensive benefits package.
  • Learning stipends to support professional development.
  • Equity participation to share in the company's growth and success.
  • Opportunity to work on mission-driven connected device cybersecurity challenges.
  • Fast-moving team culture focused on transparency, innovation, and impact.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Belmont Lavan

Oracle Security & Controls consultant 6 Months Contract

Belmont Lavan 11-50 Professional Services

Belmont Lavan Ltd is hiring an Oracle Security & Controls Consultant for a 6-month contract to assess, design, and implement security controls across Oracle environments that support data integrity, confidentiality, and regulatory compliance.

Sweden Denmark Contract Mid Level Database Administrator Penetration Tester
Oracle
20 hours, 28 minutes ago
BHG Financial

Senior Information Security GRC Specialist

BHG Financial 1K-5K Diversified Financial Services

BHG Financial is hiring a Senior Information Security GRC Specialist to lead enterprise business continuity and disaster recovery efforts while supporting risk and compliance initiatives for its financial services operations.

United States Full-time Senior Penetration Tester
20 hours, 28 minutes ago
Bridewell

Senior Penetration Tester

Bridewell 251-1K Internet Software & Services

Bridewell is hiring a Senior Penetration Tester to deliver client-facing offensive security assessments across web applications, APIs, and infrastructure while supporting reporting, pre-sales, and service development.

United Kingdom Full-time Senior Penetration Tester
AWS Azure Bash Cybersecurity GCP LLM Penetration Testing PowerShell Python
20 hours, 43 minutes ago
M

Pentester, Offensive Forward Deployment Engineer

Mistral AI 201-500 Artificial Intelligence

Mistral AI is hiring a hands-on Pentester for its Offensive Security team to run real client engagements, uncover vulnerabilities in Mistral’s systems and external targets, and help shape AI-assisted offensive security capabilities.

France United Kingdom Full-time Senior Penetration Tester
Active Directory AWS Azure CI/CD GCP Penetration Testing
20 hours, 58 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers