Penetration Tester

Job Title: IoT/Embedded Security Device Penetration Tester

Location: Travel required to Denver, CO or Charlotte, NC (1 week remote, 3-4 weeks on-site, 1 week remote)

Duration: 1 month+ contract

Telecom sector experience preferred

Key Responsibilities:

• Conduct penetration testing on telecom/customer premises equipment, including routers, modems, WiFi access points, and embedded devices, to identify vulnerabilities.
• Evaluate attack vectors against connected telecom/customer premises equipment in line with current security trends.
• Execute security testing engagements using established methodologies, tools, and rules of engagement.
• Identify and exploit security vulnerabilities across various systems and scenarios.
• Analyze testing results and produce reports detailing findings, exploitation methods, risks, and recommendations.
• Communicate complex technical security concepts to both technical and non-technical audiences, including executives.
• Familiarize with various testing phases, including:
• Information Gathering: Conduct OSINT analysis, identify I/O connections, and establish a threat landscape through passive device analysis and PCB indexing.
• Vulnerability Identification: Assess device functionality with automated/manual tools and perform PCB analysis and firmware extraction.
• Device Exploitation: Validate vulnerabilities through targeted tests and device exploitation.

Qualifications:

• Minimum of 5 years of experience in embedded devices, IoT, or customer premises equipment, with a focus on hardware hacking.
• Preferred experience with telecom cable clients.
• Background in Electrical Engineering or Computer Engineering.
• Experience with manual attack and penetration testing.
• Proficiency with reverse engineering/debugging tools (e.g. JTAG, SPI, UART).
• Knowledge of communication protocols (e.g. DOCSIS, WiFi, Bluetooth, etc).
• Understanding of web-based application/API vulnerabilities (OWASP Top 10)
• Familiarity with embedded Linux and real-time operating systems.
• Understanding of embedded systems architecture and microprocessors.
• Experience in protocol fuzzing and communication analysis.
• Experience in vulnerability or reverse engineering assessments.
• Knowledge of cryptography and security protocols.
• Ability to work with a technical team to conduct security assessments within defined rules of engagement.

Best Regards,

-------

David Roy #LI-DR1 | Accounts Manager US Staffing | Charter Global Inc. |