All roles

Open role

[Remote] Principal Security Consultant (Hardware/Embedded Penetration Tester)

Remote · Peru Full-time

Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS), combining security expertise with AI and automation to enhance security measures. The Principal Security Consultant will focus on assessing the security of hardware and embedded systems, identifying vulnerabilities, and providing actionable recommendations for improvement while collaborating with clients and mentoring junior team members.

Responsibilities

  • Perform Hardware and/or firmware penetration tests
  • Lead in threat modeling exercises related to Embedded Systems
  • Create and deliver penetration test reports to clients
  • Collaborate with clients to create remediation strategies that will help improve their security posture
  • Conduct thorough penetration testing on hardware and embedded systems, including IoT devices, automotive systems, industrial control systems (ICS), and other critical infrastructure
  • Develop and execute comprehensive testing plans, methodologies, and tools tailored to specific hardware platforms
  • Identify, analyze, and document security vulnerabilities and exploits in hardware and firmware
  • Collaborate with cross-functional teams to review system architectures and design security solutions
  • Provide detailed reports and presentations to stakeholders, outlining findings and remediation strategies
  • Mentor junior team members and contribute to the development of best practices and testing standards
  • Stay current with the latest security trends, tools, and technologies in the hardware and embedded systems domain
  • Research and develop innovative techniques, tools, and methodologies for penetration testing services
  • Help define and document internal, technical, and service processes and procedures
  • Contribute to the community through the development of tools, presentations, white papers, and blogs

Skills

  • 4 years of dedicated security consulting experience, with 2 of those years having a heavy concentration in embedded/hardware penetration and security designs
  • 5 years of dedicated hardware/embedded systems design & development, with an additional 1-2 years of hardware/embedded security consulting and penetration testing
  • 10+ years of dedicated hardware/embedded systems design, development & fabrications, with a strong understanding of security vulnerabilities and how they may apply to hardware/embedded systems
  • Hands-on experience with hardware penetration testing techniques, including soldering, probing chips, removing, and reworking components, and hardware debugging
  • Knowledge of Linux, Unix, QNX and/or Windows Operating Systems
  • Knowledge of Application and Network Protocols and design
  • Adept in reverse engineering, firmware analysis, and exploitation techniques
  • Strong understanding of embedded systems architectures, communication protocols (e.g., SPI, I2C, UART), and hardware debugging tools
  • Excellent problem-solving skills and the ability to think creatively to bypass security mechanisms
  • Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders
  • Self-motivated, detail-oriented, and capable of working independently with minimal supervision
  • Bachelor's degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience
  • Up to 25% travel
  • Designed hardware CTF or debugging tool
  • Programming experience in one or more of the following languages: C, C++
  • Familiarity with common embedded architectures such as: x86, ARM, PPC
  • Experience in automotive security testing and knowledge of CAN bus and related protocols
  • Experience with industrial control systems (ICS) and SCADA security
  • Experience testing medical devices
  • Knowledge of cryptographic algorithms and their implementation in hardware
  • Experience as an Embedded Hardware/Software engineer
  • Participated, won, organized, or otherwise developed Capture-The-Flag (CTF) competitions
  • Experience with Operating Systems design, or Compiler design
  • Experience with secure software development practices and code review
  • GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications

Company Overview

  • NetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services. It was founded in 2001, and is headquartered in Minneapolis, Minnesota, USA, with a workforce of 501-1000 employees. Its website is https://www.netspi.com.
  • Company H1B Sponsorship

  • NetSPI has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2024, 1 in 2023, 2 in 2022, 5 in 2021, 5 in 2020. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Revenue Operations Specialist: Sales Focus

    Work from home Full-time role

    [Remote] Mechanical Design Engineer

    Work from home Full-time role

    [Remote] Talent Acquisition and Human Resource Specialist

    Work from home Full-time role

    [Remote] Content Development Manager

    Work from home Full-time role

    [Remote] Senior Coding Data Quality Analyst - Provider Based

    Work from home Full-time role

    Middle School English Teacher; Work From Home

    Work from home Full-time role

    Podcast Editor (End-to-End Production) – Remote Raven | Podwires Marketplace

    Work from home Full-time role

    [Remote] Account Executive

    Work from home Full-time role

    Semiconductor Software Engineer

    Work from home Full-time role

    Experienced Part-Time Remote Data Entry Clerk – Join careerzynith Team and Deliver Excellence

    Work from home Full-time role

    Experienced Online Chat Representative - OCR at careerzynith: Deliver Exceptional Customer Service and Drive Success

    Work from home Full-time role

    RF Engineer I

    Work from home Full-time role

    Experienced Data Entry Specialist – Remote Opportunity for Career Growth and Development at careerzynith

    Work from home Full-time role

    Digital Marketing Specialist

    Work from home Full-time role

    Experienced Online Chat Support Specialist – Delivering Exceptional Customer Experiences in a Dynamic Remote Environment

    Work from home Full-time role

    [Remote] Senior Strategic Growth Associate, Advisor Recruiting

    Work from home Full-time role

    Remote Data Entry Specialist – Work From Home Opportunity for Detail-Oriented Entry-Level Professionals

    Work from home Full-time role

    NY - Remote Mortgage Loan Originator - High Commission

    Work from home Full-time role

    Part-Time Remote Data Entry Specialist – Flexible Work-From-Home Opportunity in Information Management & Digital Operations

    Work from home Full-time role

    Billing & Insurance Follow-up Specialist – Physician Billing

    Work from home Full-time role

    Clinical Account Associate, Georgia, Alabama, Mississippi

    Work from home Full-time role