IoT / ICS / OT Penetration Tester

About The Position

Requirements

• Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field
• 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security.
• Demonstrated experience performing hardware-level security assessments: JTAG/SWD debugging, SPI/I2C/UART communication, flash memory extraction, and PCB soldering and rework.
• Proficiency with firmware reverse engineering tools, specifically Ghidra and/or Binary Ninja; ability to analyze ARM, MIPS, PPC, x86, and x64 architectures.
• Experience testing IoT and automotive wireless protocols, including BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces.
• Ability to read and review source code in C and C++ to identify memory safety issues, authentication flaws, and other security weaknesses in embedded software.
• Familiarity with SBOM concepts, formats (CycloneDX, SPDX), and the use of SBOMs in vulnerability management.
• Working knowledge of relevant regulations and standards, including at least a subset of: EU CRA, CE RED / EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark.
• Excellent written and verbal communication skills; proven ability to write clear, well-structured technical reports and present findings to diverse audiences.
• Experience with scripting and automation using Python and Bash to support tooling and workflow efficiency.
• Familiarity with AI-assisted security tooling and an interest in applying LLM-based workflows to accelerate security analysis and reporting.

Nice To Haves

• Hands-on automotive security experience: OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation.
• Experience with industrial control system (ICS/SCADA) security assessments and familiarity with protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA.
• CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets.
• Relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials.
• Familiarity with static and dynamic analysis platforms and SAST/DAST tooling in the context of firmware and embedded software.
• Experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines.
• Experience working on small, fast-moving consulting or product security teams.
• Comfort operating in AWS or similar cloud environments used to support analysis pipelines or customer deliverables.

Responsibilities

• Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets, including connected consumer devices, industrial controllers, and automotive ECUs and telematics units.
• Perform hardware interaction and firmware extraction using techniques such as JTAG, SWD, UART, SPI, I2C, eMMC, and NAND flash dumping; solder and rework PCBs as needed to gain access to debug interfaces.
• Conduct firmware reverse engineering using tools such as Ghidra and Binary Ninja to identify vulnerabilities including memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms.
• Assess wireless protocols common in IoT and automotive environments, including Bluetooth / BLE, Zigbee, Z-Wave, Wi-Fi, Cellular (LTE/5G), CAN bus, LIN, and automotive Ethernet.
• Perform source code review, primarily in C, C++, and related embedded languages, to identify security weaknesses in firmware and embedded software.
• Conduct supply chain and software composition analysis, including SBOM review and analysis of third-party open-source components, to identify known vulnerabilities and license risks.
• Evaluate customer products and programs for compliance with relevant regulations and standards, including EN 303 645, the EU Cyber Resilience Act (CRA), EU Radio Equipment Directive (CE RED), UNECE WP.29 / ISO 21434 for automotive, and the US IoT Cyber Trust Mark.
• Produce high-quality written reports that clearly communicate technical findings, risk ratings, and remediation guidance to both technical and executive audiences.
• Leverage AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting; maintain awareness of evolving AI capabilities relevant to embedded security research.
• Collaborate with the product, engineering, and research teams to feed pentesting findings back into the Finite State platform and improve detection capabilities.
• Support customer-facing engagements including scoping calls, technical debriefs, and remediation follow-up.
• Contribute to internal knowledge sharing, tooling development, and methodology improvement.
• Participate in industry conferences, publish research, and represent Finite State externally as opportunities arise.

Benefits

• Comprehensive benefits
• learning stipends to support your professional development
• Equity: share in our growth and success