Back to Jobs
United States or Canada Remote (Global) Employment

Finite State is hiring an IoT / ICS / OT Penetration Tester

Responsibilities

  • Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets, including connected consumer devices, industrial controllers, and automotive ECUs and telematics units.
  • Perform hardware interaction and firmware extraction using techniques such as JTAG, SWD, UART, SPI, I2C, eMMC, and NAND flash dumping; solder and rework PCBs as needed to gain access to debug interfaces.
  • Conduct firmware reverse engineering using tools such as Ghidra and Binary Ninja to identify vulnerabilities including memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms.
  • Assess wireless protocols common in IoT and automotive environments, including Bluetooth / BLE, Zigbee, Z-Wave, Wi-Fi, Cellular (LTE/5G), CAN bus, LIN, and automotive Ethernet.
  • Perform source code review, primarily in C, C++, and related embedded languages, to identify security weaknesses in firmware and embedded software.
  • Conduct supply chain and software composition analysis, including SBOM review and analysis of third-party open-source components, to identify known vulnerabilities and license risks.
  • Evaluate customer products and programs for compliance with relevant regulations and standards, including EN 303 645, the EU Cyber Resilience Act (CRA), EU Radio Equipment Directive (CE RED), UNECE WP.29 / ISO 21434 for automotive, and the US IoT Cyber Trust Mark.
  • Produce high-quality written reports that clearly communicate technical findings, risk ratings, and remediation guidance to both technical and executive audiences.
  • Leverage AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting; maintain awareness of evolving AI capabilities relevant to embedded security research.
  • Collaborate with the product, engineering, and research teams to feed pentesting findings back into the Finite State platform and improve detection capabilities.
  • Support customer-facing engagements including scoping calls, technical debriefs, and remediation follow-up.
  • Contribute to internal knowledge sharing, tooling development, and methodology improvement.
  • Participate in industry conferences, publish research, and represent Finite State externally as opportunities arise.

Work Arrangement

Remote (Worldwide)

Additional Information

  • Comprehensive benefits
  • Investment: learning stipends to support your professional development
  • Equity: share in our growth and success
About company
Finite State

Finite State is the Product Security Automation Platform for connected devices, uniting firmware and source intelligence with automated workflows that prioritize real exposure and produce audit-ready security and compliance outcomes.

The platform connects firmware, binaries, source code, and product documentation into a single, continuous system of record grounded in what actually ships. It reduces vulnerability noise by up to 90% through reachability and execution context analysis, enabling teams to focus on real risks.

Finite State automates threat modeling, requirements mapping, and verification workflows, enabling continuous compliance proof for regulations like FDA and EU CRA. It generates SBOMs, VEX, and traceable evidence packs on demand, replacing manual processes with a defensible, automated workflow.

All jobs at Finite State Visit website
Job Details
Department Services
Category security
Posted a month ago