Senior Security Consultant; Hardware​/Embedded Penetration Tester

Overview

NetSPI is an award-winning pioneer of Penetration Testing as a Service (PTaaS) with its AI-powered platform supported by more than 350 in-house cybersecurity experts. Specializing in 50+ pentest types, attack surface visibility, vulnerability prioritization, and attack simulation, NetSPI delivers security testing with clarity, speed, and scale. We are seeking an experienced Senior Hardware/Embedded Penetration Tester to assess the security of hardware and embedded systems and provide actionable recommendations.

• Perform hardware and/or firmware penetration tests.
• Participate in threat models related to Embedded Systems.
• Create and deliver penetration test reports to clients.
• Collaborate with clients to create remediation strategies that improve security posture.
• Conduct thorough testing on hardware and embedded systems (e.g., IoT devices, automotive, ICS).
• Develop and execute testing plans, methodologies, and tools tailored to hardware platforms.
• Identify, analyze, and document vulnerabilities and exploits in hardware and firmware.
• Review system architectures with cross-functional teams and design security solutions.
• Provide detailed reports and presentations to stakeholders with findings and remediation strategies.
• Mentor junior team members and contribute to testing standards.
• Stay up to date with security trends, tools, and technologies in hardware/embedded domains.

• Research and develop innovative penetration testing techniques, tools, and methodologies.
• Help define and document internal technical and service processes and procedures.
• Contribute to the community through tools, presentations, white papers, and blogs.

• Experience in one of the following paths:
  • 2 years of dedicated security consulting with 1 year in embedded/hardware security; or
  • 3 years of hardware/embedded systems design & development, with 1–2 years in security consulting; or
  • 5+ years in hardware/embedded design, development, and fabrication with security knowledge.
• Hands-on hardware penetration testing techniques (soldering, probing, removing/reworking components, hardware debugging).
• Knowledge of Linux, Unix, QNX and/or Windows.
• Knowledge of application and network protocols.
• Proficiency in reverse engineering, firmware analysis, and exploitation techniques.
• Strong understanding of embedded architectures and hardware debugging tools (e.g., SPI, I2C, UART).
• Excellent problem-solving and creative thinking to bypass security mechanisms.
• Strong communication skills for technical and non-technical audiences.
• Self-motivated, detail-oriented, able to work independently.
• Bachelor’s degree or higher (or equivalent experience).
• Up to 25% travel.
• 8-hour workday with occasional evenings or weekends to meet deadlines.

• Mastery of reverse engineering skills.
• Programming in C, C++.
• Familiarity with embedded architectures such as x86, ARM, PPC.
• Experience in automotive security testing and CAN bus.
• Familiarity with ICS/SCADA security.
• Experience testing medical devices.
• Knowledge of cryptographic algorithms and their implementation in hardware.
• Experience as an Embedded Hardware/Software engineer.
• Participation in or organization of Capture-The-Flag (CTF) events.
• Experience with OS or compiler design.
• Experience with secure software development and code review.
• GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

• Seniority level:
  Mid-Senior level
• Employment type:
  
  Full-time
• Job function:
  Information Technology
• Industries:
  Computer and Network Security