RemoteLeaf Logo
Log in Sign up

IoT / ICS / OT Penetration Tester

3 weeks, 1 day ago
United States, Canada
Full-time
Senior
Penetration Tester
Cybersecurity
AWS Bash C C++ Penetration Testing Python
Apply Now
Finite State

Finite State

Finite State is a top provider of product cybersecurity solutions for connected devices, offering SBOM solutions and risk analysis to reduce supply chain risk.

Internet Software & Services
51-250
Founded 2017
$50M raised
View All Jobs 11

Description

  • Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets.
  • Perform hardware interaction, firmware extraction, and PCB soldering or rework to access debug interfaces.
  • Reverse engineer firmware to identify vulnerabilities such as memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms.
  • Assess wireless and vehicle protocols including BLE, Zigbee, Z-Wave, Wi-Fi, LTE/5G, CAN bus, LIN, and automotive Ethernet.
  • Review embedded source code in C, C++, and related languages to identify security weaknesses.
  • Conduct supply chain and software composition analysis, including SBOM review and third-party component analysis.
  • Evaluate products and programs for compliance with relevant IoT, automotive, and radio security regulations and standards.
  • Write clear technical reports with risk ratings and remediation guidance for technical and executive audiences.
  • Use AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting.
  • Collaborate with product, engineering, and research teams to feed findings back into the platform and improve detection capabilities.
  • Support customer engagements including scoping calls, technical debriefs, and remediation follow-up.
  • Contribute to internal knowledge sharing, tooling development, methodology improvement, and external research or conference activity.

Requirements

  • Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field.
  • 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security.
  • Demonstrated experience with hardware-level security assessments, including JTAG/SWD, SPI/I2C/UART, flash extraction, and PCB soldering or rework.
  • Proficiency with firmware reverse engineering tools such as Ghidra and/or Binary Ninja.
  • Ability to analyze ARM, MIPS, PPC, x86, and x64 architectures.
  • Experience testing IoT and automotive wireless protocols such as BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces.
  • Ability to read and review C and C++ source code for memory safety, authentication, and other embedded security issues.
  • Familiarity with SBOM concepts and formats such as CycloneDX and SPDX.
  • Working knowledge of relevant standards and regulations such as EU CRA, CE RED, EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark.
  • Excellent written and verbal communication skills with proven technical reporting and presentation ability.
  • Experience with scripting and automation using Python and Bash.
  • Familiarity with AI-assisted security tooling and interest in LLM-based workflows.
  • Preferred: hands-on automotive security experience such as OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation.
  • Preferred: experience with ICS/SCADA security assessments and protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA.
  • Preferred: CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets.
  • Preferred: relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials.
  • Preferred: familiarity with static and dynamic analysis platforms and SAST/DAST tooling for firmware and embedded software.
  • Preferred: experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines.
  • Preferred: experience working on small, fast-moving consulting or product security teams.
  • Preferred: comfort operating in AWS or similar cloud environments used for analysis pipelines or customer deliverables.

Benefits

  • Fully remote work with a high degree of autonomy and ownership.
  • Comprehensive benefits package.
  • Learning stipends to support professional development.
  • Equity participation to share in the company's growth and success.
  • Opportunity to work on mission-driven connected device cybersecurity challenges.
  • Fast-moving team culture focused on transparency, innovation, and impact.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

GuidePoint Security

Jr. Identity Security Metrics Consultant & Databricks Analyst

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is seeking a Jr. Identity Security Metrics Consultant & Databricks Analyst to support federal identity security initiatives and produce data-driven reporting from identity platforms and Databricks.

United States Full-time Junior Data Analyst Penetration Tester
Cybersecurity Databricks Machine Learning
5 hours, 37 minutes ago
Label Your Data

Head of Security

Label Your Data 51-250 Internet Software & Services

Label Your Data is hiring a Head of Security to establish and lead its standalone security function, shaping operations and strategy for the company while collaborating with the group security team.

Ukraine Full-time Senior Penetration Tester
Cybersecurity SIEM
5 hours, 51 minutes ago
iT1

Director, Security Practice

iT1 51-250 Internet Software & Services

iT1 is seeking a Director of Security Practice to lead and grow its Tempe-based security services business across consulting, professional services, and managed security delivery.

United States Full-time Executive Penetration Tester Program Manager
Cisco Cloudflare Cybersecurity Palo Alto SOC
6 hours, 6 minutes ago
Anduril Industries

Contractor Special Security Officer

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Contractor Special Security Officer (CSSO) to support SCI programs for the Intelligence Community and manage the security program for its secure work environment.

United States Full-time Mid Level Penetration Tester
$129k-$171k
6 hours, 21 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers