Job Openings Penetration Tester

About the job Penetration Tester

Our client is seeking a Penetration Tester to support application and product security testing across a global environment. This role focuses on conducting penetration testing, security monitoring, and auditing across a range of products, including embedded devices and cloud-based services.

The successful candidate will be responsible for identifying weaknesses in product design and implementation, carrying out detailed security assessments, and clearly documenting findings for engineering teams to address. This role requires strong technical breadth across different attack vectors, platforms, and testing methodologies, with the ability to assess both white-box and black-box environments.

You will work closely with engineering teams to perform security testing, communicate vulnerabilities, and help ensure alignment with internal security standards and processes. This role also involves contributing to the improvement of internal testing frameworks, methodologies, and security procedures.

Key Responsibilities

  • Perform penetration testing and security assessments across embedded systems, mobile applications, and web applications
  • Conduct threat assessments and evaluate products for design or implementation weaknesses
  • Research new vulnerabilities and help strengthen existing testing capabilities
  • Analyze and bypass security protections where relevant to testing objectives
  • Perform data bus monitoring, snooping, and data injection activities
  • Conduct protocol analysis across embedded products and applications
  • Perform wireless communication channel analysis, including snooping and data injection
  • Reverse engineer complex systems, software, and communication protocols
  • Produce detailed technical reports and proof-of-concept code to document findings
  • Break down systems or products before testing to identify requirements, scope, and resource needs
  • Work proactively with engineering teams on testing requirements, progress updates, and findings
  • Support issue management in GitLab and help guide junior team members on testing activities
  • Assist in driving testing activities across regions and support ongoing improvements to testing processes
  • Follow internal security, vulnerability management, and incident response requirements closely

Requirements

  • Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field
  • At least 3 years of experience in information security, application security, embedded product security, or IT risk management
  • Strong understanding of security protocols, cryptography, authentication, authorization, and general security principles
  • Good knowledge of current IT risks and experience implementing security controls or solutions
  • Ability to work with a wide range of stakeholders and clearly communicate technical security issues
  • Strong written and verbal communication skills
  • Able to contribute meaningfully to the secure development lifecycle of products, applications, or services
  • Security certifications such as CISSP, OSWE, or equivalent are preferred

Preferred Experience

  • Experience working with embedded systems, embedded software, or web-based applications
  • Familiarity with low-level development and analysis tools such as compilers, debuggers, and disassemblers
  • Exposure to tools such as IDA Pro, WinDbg, BinWalk, Valgrind, PIN, Panda, S2E, or similar
  • Working knowledge of common offensive security tools and techniques such as Metasploit, Nmap, Nessus, DNS poisoning, memory corruption exploits, and related methods
  • Experience with UNIX kernel internals, Windows internals, and reading x86/ARM assembly
  • Familiarity with program analysis techniques such as taint analysis, symbolic execution, program slicing, and dynamic instrumentation
  • Understanding of cryptographic algorithms, known weaknesses, and practical attack methods
  • Experience extracting software or firmware from hardware devices
  • Hands-on experience with GitHub or GitLab
  • Good understanding of network protocols and packet-level programming
  • Exposure to microcontroller tools, debugging interfaces, and embedded hardware testing
  • Knowledge of Layer 2/Layer 3 networking, firewalls, DPI, IDS/IPS, and related security concepts
  • Experience with Windows, Linux, Android, and iOS configuration
  • Understanding of boot processes and boot loaders
  • Hands-on embedded C/C++ development and debugging experience on target hardware is a plus

Or refer someone