Offensive Security Engineer, Device
Skills
About the Role
You will perform vulnerability assessments, penetration tests, and red team exercises against devices and systems. You will simulate advanced attacks on hardware, firmware, and software, develop proof-of-concept exploits, and demonstrate the impact of discovered vulnerabilities. You will review designs, code, and configurations with engineering teams and provide actionable recommendations to mitigate risks. You will manage third-party security audits and the bug bounty program and research emerging threats, techniques, and tools to keep device security capabilities current.
Requirements
- 5+ years of experience in offensive security roles such as penetration testing vulnerability research or red teaming with a focus on embedded systems or devices
- Strong understanding of hardware security concepts including secure boot JTAG SWD on-device tamper detection and SoC architectures
- Experience with reverse engineering tools such as IDA Pro Ghidra or Radare2 and debugging tools like GDB
- Familiarity with offensive security tooling such as Metasploit Burp Suite and Kali Linux
- Expertise in Linux security including secure configurations kernel hardening and system monitoring as well as OP-TEE and Android security frameworks
- In-depth knowledge of secure coding practices cryptographic principles and attack mitigation strategies
- Proven track record of identifying and exploiting vulnerabilities in embedded systems firmware or IoT devices
- Nice-to-have experience with hardware hacking techniques such as PCB analysis chip-off attacks or side-channel attacks
Responsibilities
- Perform vulnerability assessments and penetration testing of devices and systems
- Conduct red team exercises and simulate advanced attacks against hardware firmware and software
- Develop proof-of-concept exploits to demonstrate vulnerability impact
- Review designs code and system configurations and provide actionable security recommendations
- Manage third-party security audits and the bug bounty program
- Research emerging threats techniques and tooling to improve device security capabilities
Benefits
- Unlimited PTO
- Monthly phone reimbursement or company device
- Daily DoorDash credit for in-office meals
- Medical insurance
- Dental insurance
- Vision insurance
- Mental health benefits
- 401(k) plan with employer match
- Life insurance
- Commuter benefits
- Professional development stipend
- Flexible time off