RemoteLeaf Logo
Log in Sign up

IoT / ICS / OT Penetration Tester

3 hours, 47 minutes ago
United States, Canada
Full-time
Senior
Penetration Tester
Cybersecurity
AWS Bash C C++ Penetration Testing Python
Apply Now
Finite State

Finite State

Finite State is a top provider of product cybersecurity solutions for connected devices, offering SBOM solutions and risk analysis to reduce supply chain risk.

Internet Software & Services
51-250
Founded 2017
$50M raised
View All Jobs 8

Description

  • Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets.
  • Perform hardware interaction, firmware extraction, and PCB soldering or rework to access debug interfaces.
  • Reverse engineer firmware to identify vulnerabilities such as memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms.
  • Assess wireless and vehicle protocols including BLE, Zigbee, Z-Wave, Wi-Fi, LTE/5G, CAN bus, LIN, and automotive Ethernet.
  • Review embedded source code in C, C++, and related languages to identify security weaknesses.
  • Conduct supply chain and software composition analysis, including SBOM review and third-party component analysis.
  • Evaluate products and programs for compliance with relevant IoT, automotive, and radio security regulations and standards.
  • Write clear technical reports with risk ratings and remediation guidance for technical and executive audiences.
  • Use AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting.
  • Collaborate with product, engineering, and research teams to feed findings back into the platform and improve detection capabilities.
  • Support customer engagements including scoping calls, technical debriefs, and remediation follow-up.
  • Contribute to internal knowledge sharing, tooling development, methodology improvement, and external research or conference activity.

Requirements

  • Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field.
  • 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security.
  • Demonstrated experience with hardware-level security assessments, including JTAG/SWD, SPI/I2C/UART, flash extraction, and PCB soldering or rework.
  • Proficiency with firmware reverse engineering tools such as Ghidra and/or Binary Ninja.
  • Ability to analyze ARM, MIPS, PPC, x86, and x64 architectures.
  • Experience testing IoT and automotive wireless protocols such as BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces.
  • Ability to read and review C and C++ source code for memory safety, authentication, and other embedded security issues.
  • Familiarity with SBOM concepts and formats such as CycloneDX and SPDX.
  • Working knowledge of relevant standards and regulations such as EU CRA, CE RED, EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark.
  • Excellent written and verbal communication skills with proven technical reporting and presentation ability.
  • Experience with scripting and automation using Python and Bash.
  • Familiarity with AI-assisted security tooling and interest in LLM-based workflows.
  • Preferred: hands-on automotive security experience such as OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation.
  • Preferred: experience with ICS/SCADA security assessments and protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA.
  • Preferred: CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets.
  • Preferred: relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials.
  • Preferred: familiarity with static and dynamic analysis platforms and SAST/DAST tooling for firmware and embedded software.
  • Preferred: experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines.
  • Preferred: experience working on small, fast-moving consulting or product security teams.
  • Preferred: comfort operating in AWS or similar cloud environments used for analysis pipelines or customer deliverables.

Benefits

  • Fully remote work with a high degree of autonomy and ownership.
  • Comprehensive benefits package.
  • Learning stipends to support professional development.
  • Equity participation to share in the company's growth and success.
  • Opportunity to work on mission-driven connected device cybersecurity challenges.
  • Fast-moving team culture focused on transparency, innovation, and impact.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Cobalt

Cobalt Core Pentester - UK, Germany, Nordics

Cobalt 251-1K Internet Software & Services

Cobalt is seeking a mid-level freelance pentester in the UK, Germany, or the Nordics to join its Core community and perform manual security assessments on client applications and networks.

Germany United Kingdom Freelance Mid Level Penetration Tester
AWS
32 minutes ago
Cobalt

Cobalt Core Pentester

Cobalt 251-1K Internet Software & Services

Cobalt is hiring an experienced freelance pentester to join the Cobalt Core and contribute to manual security assessments across web, API, network, and mobile engagements.

United States Freelance Mid Level Penetration Tester
AWS Network Security Penetration Testing
2 hours, 32 minutes ago
Anduril Industries

Executive Protection Manager

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring an Executive Protection Manager to safeguard executive leadership by planning, coordinating, and delivering protection operations for travel, events, and daily activities within a fast-moving defense technology environment.

United States Full-time Senior Operations Manager Penetration Tester
$146k-$194k
4 hours, 47 minutes ago
Moniepoint

IT General Control Officer

Moniepoint 1K-5K Diversified Financial Services

Moniepoint is hiring a remote IT General and Application Control Manager to lead internal control assessments across IT and cybersecurity domains, with the goal of strengthening control effectiveness, risk management, and business continuity.

Nigeria Full-time Senior Penetration Tester
Cybersecurity
4 hours, 47 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers