IoT & Hardware Test Engineer - Penetration Testing (6-8 yrs)

Key Responsibilities :

- Conduct penetration tests and vulnerability assessments on IoT devices, embedded systems, hardware platforms, and associated software to identify security flaws.

- Assess the security of hardware designs, firmware, communication protocols, and APIs for IoT systems.

- Develop and execute tests to exploit weaknesses in IoT devices, embedded systems, and hardware, such as authentication bypass, buffer overflows, and firmware analysis.

- Reverse-engineer IoT hardware and firmware to uncover vulnerabilities.

- Simulate real-world cyber-attacks on IoT devices, wireless communication protocols (e.g., Bluetooth, Zigbee, Wi-Fi, etc.), and network infrastructure.

- Identify and document findings, provide actionable recommendations, and collaborate with development teams to mitigate identified risks.

- Review and analyze hardware schematics, circuit boards, and component-level vulnerabilities.

- Stay up-to-date with the latest IoT and embedded device security trends, vulnerabilities, and hacking techniques.

- Write clear and comprehensive reports on vulnerabilities found, exploit methods, and potential impacts.

- Assist in the development of security testing methodologies, tools, and frameworks for hardware and IoT penetration testing.

Required Qualifications :

- Proven experience in IoT, embedded systems, and hardware penetration testing.

- Strong understanding of IoT architecture, embedded systems, and associated protocols (e.g., MQTT, CoAP, Zigbee, BLE, etc.).

- Hands-on experience with tools and techniques for IoT and hardware penetration testing, including but not limited to:

- Chip-off analysis and debugging (e.g., JTAG, UART, SPI, etc.)

- Reverse engineering (e.g., using tools like IDA Pro, Ghidra, Binary Ninja)

- Firmware analysis and manipulation

- Wireless security testing (e.g., using tools like Kali Linux, Wireshark, aircrack-ng)

- Vulnerability scanning and fuzzing

- Proficiency with programming/scripting languages (e.g., Python, C, Bash, Assembly).

- Experience with hardware security tools (e.g., Bus Pirate, Raspberry Pi, JTAG/SWD Debuggers).

- In-depth understanding of cryptographic algorithms and security best practices for IoT devices.

- Familiarity with industry standards and frameworks, such as OWASP IoT Top Ten, NIST, and ISO 27001.

- Hands-on experience with common embedded hardware platforms (e.g., Arduino, Raspberry Pi, etc.) and microcontrollers.