[Remote] Principal Security Consultant (Hardware/Embedded Penetration Tester)

Remote role Full-time Open position

Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS), combining security expertise with AI and automation to enhance security measures. The Principal Security Consultant will focus on assessing the security of hardware and embedded systems, identifying vulnerabilities, and providing actionable recommendations for improvement while collaborating with clients and mentoring junior team members.

Responsibilities

Perform Hardware and/or firmware penetration tests
Lead in threat modeling exercises related to Embedded Systems
Create and deliver penetration test reports to clients
Collaborate with clients to create remediation strategies that will help improve their security posture
Conduct thorough penetration testing on hardware and embedded systems, including IoT devices, automotive systems, industrial control systems (ICS), and other critical infrastructure
Develop and execute comprehensive testing plans, methodologies, and tools tailored to specific hardware platforms
Identify, analyze, and document security vulnerabilities and exploits in hardware and firmware
Collaborate with cross-functional teams to review system architectures and design security solutions
Provide detailed reports and presentations to stakeholders, outlining findings and remediation strategies
Mentor junior team members and contribute to the development of best practices and testing standards
Stay current with the latest security trends, tools, and technologies in the hardware and embedded systems domain
Research and develop innovative techniques, tools, and methodologies for penetration testing services
Help define and document internal, technical, and service processes and procedures
Contribute to the community through the development of tools, presentations, white papers, and blogs

Skills

4 years of dedicated security consulting experience, with 2 of those years having a heavy concentration in embedded/hardware penetration and security designs
5 years of dedicated hardware/embedded systems design & development, with an additional 1-2 years of hardware/embedded security consulting and penetration testing
10+ years of dedicated hardware/embedded systems design, development & fabrications, with a strong understanding of security vulnerabilities and how they may apply to hardware/embedded systems
Hands-on experience with hardware penetration testing techniques, including soldering, probing chips, removing, and reworking components, and hardware debugging
Knowledge of Linux, Unix, QNX and/or Windows Operating Systems
Knowledge of Application and Network Protocols and design
Adept in reverse engineering, firmware analysis, and exploitation techniques
Strong understanding of embedded systems architectures, communication protocols (e.g., SPI, I2C, UART), and hardware debugging tools
Excellent problem-solving skills and the ability to think creatively to bypass security mechanisms
Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders
Self-motivated, detail-oriented, and capable of working independently with minimal supervision
Bachelor's degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience
Up to 25% travel
Designed hardware CTF or debugging tool
Programming experience in one or more of the following languages: C, C++
Familiarity with common embedded architectures such as: x86, ARM, PPC
Experience in automotive security testing and knowledge of CAN bus and related protocols
Experience with industrial control systems (ICS) and SCADA security
Experience testing medical devices
Knowledge of cryptographic algorithms and their implementation in hardware
Experience as an Embedded Hardware/Software engineer
Participated, won, organized, or otherwise developed Capture-The-Flag (CTF) competitions
Experience with Operating Systems design, or Compiler design
Experience with secure software development practices and code review
GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications

Company Overview

NetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services. It was founded in 2001, and is headquartered in Minneapolis, Minnesota, USA, with a workforce of 501-1000 employees. Its website is https://www.netspi.com.

Company H1B Sponsorship

NetSPI has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2024, 1 in 2023, 2 in 2022, 5 in 2021, 5 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply To This Job

Apply

[Remote] Principal Security Consultant (Hardware/Embedded Penetration Tester)

Further positions

[Remote] Revenue Operations Specialist: Sales Focus

[Remote] Mechanical Design Engineer

[Remote] Talent Acquisition and Human Resource Specialist

[Remote] Content Development Manager

[Remote] Senior Coding Data Quality Analyst - Provider Based

[Remote] Growth Marketing & Technology Senior Manager (Remote)

[Remote] Senior Applied ML Scientist

[Remote] Software Engineer at Uservoice

[Remote] Sr. Manager, Engineering — B2B Platform

[Remote] Legal Operations Associate

Remote Customer Support Representative – Flexible Home‑Based Role at arenaflex – $19/hr

Experienced Data Entry Specialist – Remote Opportunity at arenaflex

Senior Business Development Representative

Experienced Customer Service Representative – Work From Home Opportunity with arenaflex

Principal Medical Writer. Spain. FSP. Remote.

Experienced Remote Customer Support Specialist – Deliver Exceptional Service from the Comfort of Your Own Home

Darden Technical Research Assistant [Student Wage] (Remote)

Medicare Insurance Sales Agent (SQSR072026)

Attorney – Business and Real Estate Transactional

Experienced Part-Time Remote Data Entry Specialist – Join arenaflex's Operations Team and Thrive in a Flexible Work Environment