← all jobs

[Remote] Principal Security Consultant (Hardware/Embedded Penetration Tester)

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS) and is seeking a Principal Security Consultant specializing in Hardware/Embedded Penetration Testing. The role involves assessing the security of hardware and embedded systems, identifying vulnerabilities, and providing actionable recommendations, while collaborating with clients to enhance their security posture.

Responsibilities

  • Perform Hardware and/or firmware penetration tests
  • Lead in threat modeling exercises related to Embedded Systems
  • Create and deliver penetration test reports to clients
  • Collaborate with clients to create remediation strategies that will help improve their security posture
  • Conduct thorough penetration testing on hardware and embedded systems, including IoT devices, automotive systems, industrial control systems (ICS), and other critical infrastructure
  • Develop and execute comprehensive testing plans, methodologies, and tools tailored to specific hardware platforms
  • Identify, analyze, and document security vulnerabilities and exploits in hardware and firmware
  • Collaborate with cross-functional teams to review system architectures and design security solutions
  • Provide detailed reports and presentations to stakeholders, outlining findings and remediation strategies
  • Mentor junior team members and contribute to the development of best practices and testing standards
  • Stay current with the latest security trends, tools, and technologies in the hardware and embedded systems domain
  • Research and develop innovative techniques, tools, and methodologies for penetration testing services
  • Help define and document internal, technical, and service processes and procedures
  • Contribute to the community through the development of tools, presentations, white papers, and blogs

Skills

  • 4 years of dedicated security consulting experience, with 2 of those years having a heavy concentration in embedded/hardware penetration and security designs
  • 5 years of dedicated hardware/embedded systems design & development, with an additional 1-2 years of hardware/embedded security consulting and penetration testing
  • 10+ years of dedicated hardware/embedded systems design, development & fabrications, with a strong understanding of security vulnerabilities and how they may apply to hardware/embedded systems
  • Hands-on experience with hardware penetration testing techniques, including soldering, probing chips, removing, and reworking components, and hardware debugging
  • Knowledge of Linux, Unix, QNX and/or Windows Operating Systems
  • Knowledge of Application and Network Protocols and design
  • Adept in reverse engineering, firmware analysis, and exploitation techniques
  • Strong understanding of embedded systems architectures, communication protocols (e.g., SPI, I2C, UART), and hardware debugging tools
  • Excellent problem-solving skills and the ability to think creatively to bypass security mechanisms
  • Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders
  • Self-motivated, detail-oriented, and capable of working independently with minimal supervision
  • Bachelor's degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience
  • Up to 25% travel
  • Designed hardware CTF or debugging tool
  • Programming experience in one or more of the following languages: C, C++
  • Familiarity with common embedded architectures such as: x86, ARM, PPC
  • Experience in automotive security testing and knowledge of CAN bus and related protocols
  • Experience with industrial control systems (ICS) and SCADA security
  • Experience testing medical devices
  • Knowledge of cryptographic algorithms and their implementation in hardware
  • Experience as an Embedded Hardware/Software engineer
  • Participated, won, organized, or otherwise developed Capture-The-Flag (CTF) competitions
  • Experience with Operating Systems design, or Compiler design
  • Experience with secure software development practices and code review
  • GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications

Company Overview

  • NetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services. It was founded in 2001, and is headquartered in Minneapolis, Minnesota, USA, with a workforce of 501-1000 employees. Its website is https://www.netspi.com.
  • Company H1B Sponsorship

  • NetSPI has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2024, 1 in 2023, 2 in 2022, 5 in 2021, 5 in 2020. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Principal User Experience Designer

    Work from home Full-time role

    [Remote] Sr Technical Program Manager

    Work from home Full-time role

    [Remote] Software Engineer (Backend), GTM Tooling

    Work from home Full-time role

    [Remote] Senior Account Technology Strategist

    Work from home Full-time role

    [Remote] AI Project - QA Automation Engineer

    Work from home Full-time role

    Subject Matter Expert – Robotics (Bengali) – Remote

    Work from home Full-time role

    Technical Director for Rigaku Semiconductor Metrology Division

    Work from home Full-time role

    Remote Audiologist Diagnostics (5)

    Work from home Full-time role

    Experienced Customer Service Representative – Remote Opportunity at careerzynith

    Work from home Full-time role

    Area Developement Manager-Honeywell Sensing

    Work from home Full-time role

    Flexible Market Research Panelist: Earn Extra Money From Home (Hiring Immediately)

    Work from home Full-time role

    Customer Service Associate – Delivering Exceptional Experiences at careerzynith

    Work from home Full-time role

    Remote Finance/Stock Trader Job in Derry, IRL | Full Time

    Work from home Full-time role

    Senior Lead, Australia Escalations Support (Square & Afterpay)

    Work from home Full-time role

    Director, Governance Risk and Compliance

    Work from home Full-time role

    [Remote] Field Service Engineer 2 - 2nd Shift

    Work from home Full-time role

    Compliance Analyst I

    Work from home Full-time role

    Associate Archivist - Scholarly & Research Technologies - Hybrid

    Work from home Full-time role

    Remote Data Entry Specialist – Precise Database Management for careerzynith’s Global Retail Operations

    Work from home Full-time role

    [Remote] Senior Manager, Go-to-Market Marketing (Data & AI)

    Work from home Full-time role

    Remote Family Benefits Advisor / Continued Training

    Work from home Full-time role