IoT / ICS / OT Penetration Tester

About the role

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities. We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture. Role Summary Finite State is seeking an experienced IoT / ICS / OT and Penetration Tester to join our growing Services team. In this role you will conduct hands-on security assessments of connected devices, embedded systems, industrial control systems, and automotive platforms on behalf of our customers. You will combine deep hardware and firmware expertise with a consultative mindset to deliver clear, actionable findings that help manufacturers and operators understand and reduce risk. Responsibilities Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets, including connected consumer devices, industrial controllers, and automotive ECUs and telematics units. Perform hardware interaction and firmware extraction using techniques such as JTAG, SWD, UART, SPI, I2C, eMMC, and NAND flash dumping; solder and rework PCBs as needed to gain access to debug interfaces. Conduct firmware reverse engineering using tools such as Ghidra and Binary Ninja to identify vulnerabilities including memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms. Assess wireless protocols common in IoT and automotive environments, including Bluetooth / BLE, Zigbee, Z-Wave, Wi-Fi, Cellular (LTE/5G), CAN bus, LIN, and automotive Ethernet. Perform source code review, primarily in C, C++, and related embedded languages, to identify security weaknesses in firmware and embedded software. Conduct supply chain and software composition analysis, including SBOM review and analysis of third-party open-source components, to identify known vulnerabilities and license risks. Evaluate customer products and programs for compliance with relevant regulations and standards, including EN 303 645, the EU Cyber Resilience Act (CRA), EU Radio Equipment Directive (CE RED), UNECE WP.29 / ISO 21434 for automotive, and the US IoT Cyber Trust Mark. Produce high-quality written reports that clearly communicate technical findings, risk ratings, and remediation guidance to both technical and executive audiences. Leverage AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting; maintain awareness of evolving AI capabilities relevant to embedded security research. Collaborate with the product, engineering, and research teams to feed pentesting findings back into the Finite State platform and improve detection capabilities. Support customer-facing engagements including scoping calls, technical debriefs, and remediation follow-up. Contribute to internal knowledge sharing, tooling development, and methodology improvement. Participate in industry conferences, publish research, and represent Finite State externally as opportunities arise. Required Qualifications Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security. Demonstrated experience performing hardware-level security assessments: JTAG/SWD debugging, SPI/I2C/UART communication, flash memory extraction, and PCB soldering and rework. Proficiency with firmware reverse engineering tools, specifically Ghidra and/or Binary Ninja; ability to analyze ARM, MIPS, PPC, x86, and x64 architectures. Experience testing IoT and automotive wireless protocols, including BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces. Ability to read and review source code in C and C++ to identify memory safety issues, authentication flaws, and other security weaknesses in embedded software. Familiarity with SBOM concepts, formats (CycloneDX, SPDX), and the use of SBOMs in vulnerability management. Working knowledge of relevant regulations and standards, including at least a subset of: EU CRA, CE RED / EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark. Excellent written and verbal communication skills; proven ability to write clear, well-structured technical reports and present findings to diverse audiences. Experience with scripting and automation using Python and Bash to support tooling and workflow efficiency. Familiarity with AI-assisted security tooling and an interest in applying LLM-based

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Finite State? Share your experience