Remotery

Ethical Hacker – Hardware

Posted 1 hour ago

This is a fully remote position, open to applicants in Texas.

📋 Description

• Develop and implement comprehensive hardware penetration tests on embedded and IoT devices, adhering to a specified scope and rules of engagement.

• Discover, access, and exploit on-board debugging interfaces such as JTAG, SWD, UART, and others to achieve code execution or memory access.

• Retrieve firmware through debug ports, in-circuit flash reads (SPI / I2C / NAND), or chip-off methods when necessary, and assess it for vulnerabilities.

• Capture and examine data on standard embedded buses (SPI, I2C, UART, CAN, USB) utilizing logic analyzers and protocol decoders.

• When applicable, conduct side-channel analysis and fault injection (power analysis, voltage/clock glitching) to circumvent secure boot, readout protection, or authentication processes.

• Reverse engineer firmware and embedded binaries (using tools like Ghidra, IDA, Binwalk, etc.) to uncover logic flaws, hardcoded secrets, and exploitable conditions.

• Evaluate the physical attack surface, assess tamper resistance, and analyze key/secret storage mechanisms.

• Differentiate between theoretical risks and those relevant to operational scenarios to ensure actionable findings.

• Produce high-quality technical reports and deliver presentations of findings to client stakeholders, both technical and non-technical.

• Provide practical, prioritized remediation advice that clients can implement.

• Foster client confidence through credibility, effective communication, and demonstrable impact.

• Develop and maintain lab tools, testing rigs, and internal methodologies.

• Participate in research, responsible disclosure, and internal knowledge-sharing initiatives.

• Remain updated on hardware attack methodologies, embedded architectures, and defensive measures.


⛳️ Requirements

• A degree in Information Security, Computer Science, or Computer/Electrical Engineering (or equivalent practical experience).

• Strong understanding of electronics fundamentals, with the ability to interpret schematics and datasheets to analyze a circuit board.

• Proficient in hands-on soldering, including surface-mount (SMD) rework and basic chip removal techniques.

• Proven experience in accessing debug interfaces (JTAG, SWD, UART) and extracting firmware from actual devices.

• Familiarity with essential bench instruments: logic analyzer, oscilloscope, and multimeter.

• Skills in firmware reverse-engineering and proficiency in scripting with Python, alongside sufficient C knowledge to interpret embedded code.

• Knowledge of common embedded architectures (ARM/Cortex-M, MIPS, AVR, RISC-V) and concepts pertaining to RTOS/bare-metal systems.

• Excellent written and verbal communication skills.

• Preferred qualifications (one or more would be beneficial): Experience in side-channel/fault-injection (e.g., ChipWhisperer), RF and wireless technologies: SDR, BLE, sub-GHz, Wi-Fi, understanding of secure boot chains, TEEs, secure elements, and HSMs, familiarity with PCB design (KiCad / Altium) for grasping target boards, published CVEs, conference presentations, CTF placements, or contributions to open-source tools, relevant certifications (e.g., OSCP for breadth, or hardware-centric training).


🏝️ Benefits

• GRRSP with corporate matching in Canada.

• Access to corporate benefit plans within Canada.

• A flexible work environment that empowers employees to perform at their best.

• Immediate and ongoing offensive security training, mentorship, and professional development opportunities to enhance your technical skills.

People also viewed

DATAGROUP47 min ago

Backoffice Information Security Associate – all genders

DE flagGermany OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
CrowdStrike47 min ago

Security Advisor I – Falcon Complete GovCloud

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$85k – $120k/year
ApplyView job
GitLab47 min ago

Senior Manager, Security Compliance

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$168k – $245k/year
ApplyView job
CrowdStrike47 min ago

Engineer III, Software Assurance – Product Security

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$120k – $180k/year
ApplyView job
Johnson Controls47 min ago

Senior Strategic Account Manager, Data Center – Security

US flagCalifornia, +3 more statesFull-timeCybersecurity / Security Engineer$100k – $150k/year
ApplyView job
Westernacher Consulting47 min ago

SAP Security Consultant

IN flagIndia OnlyFull-timeCybersecurity / Security Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers