Job Description
The Staff Security Engineer is responsible for identifying and mitigating security risks within IoT device ecosystems through hands-on testing, reverse engineering, and security research, while developing and maintaining security policies and solutions to enhance overall IoT security.
Key Responsibilities
- Perform IoT penetration testing, including firmware extraction, reverse engineering, and vulnerability discovery
- Conduct security research, analysis, and testing through threat modeling, vulnerability assessment, penetration testing, and social engineering
- Assess risks and circumvent security mechanisms using manual and automated techniques
- Oversee and manage deployment, integration, and configuration of security solutions for IoT infrastructure
- Document security policies, procedures, and test findings, including risk impacts
- Test, triage, and drive remediation of security issues reported by external parties
- Partner with stakeholders to ensure security solutions minimize risks
Requirements
- Perform IoT penetration testing, including firmware extraction, reverse engineering, and vulnerability discovery.
- Conduct security research, analysis, and testing via threat modeling, vulnerability assessment, penetration testing, and/or social engineering across a wide variety of applications, platforms, and systems.
- Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
- Oversee and manage the deployment, integration, and configuration of security solutions and enhancements to existing IoT infrastructure and the enterprise's security documents.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall IoT enterprise security.
- Clearly outline and document risk impacts of test findings in reports.
- Test, triage, and drive remediation of security issues reported by external parties.
- Actively partner with infrastructure, application, product, and other stakeholders to ensure deployed solutions minimize security and privacy risks.
- Hold a B.A. or B.S. or higher degree in Computer Science, Electrical Engineering, or a related engineering program with strong academic performance.
- Have 10 years of information security experience, with a strong focus on offensive security, penetration testing, or vulnerability research.
- Have prior experience performing security testing and assessment in IoT, embedded, or firmware-based environments.
- Possess working knowledge of embedded system design and constraints; development experience is a plus but not required.
- Be familiar with using hardware debugging equipment such as oscilloscopes, logic analyzers, and other tools.
- Be familiar with interface protocols such as UART, I2C, SPI, JTAG, and related tooling.
- Have experience analyzing embedded Linux systems and firmware images.
- Be familiar with ARM CPU architectures, with exposure to x86, RISC-V, or others as a plus.
- Have experience with reverse-engineering tools such as IDA Pro, Ghidra, and/or Binary Ninja.
- Possess certification in one or more Information Security disciplines or demonstrate the ability to obtain such certifications.
- Be a self-starter, analytical, and a tenacious problem solver.
- Have strong verbal and written communication skills suitable for a highly collaborative environment.
- Demonstrate rigorous attention to detail and focus on quality of deliverables.
- Have proven team experience and comfort working in a team-oriented environment.
Benefits & Perks
Medical plans with company subsidies
Health Savings Account (HSA) with a company contribution
401(k) plan with an employer match
Paid vacation that increases with tenure
Paid holidays
Wellness time
Paid maternity and bonding leave
Company-paid disability insurance
Company-paid life insurance
Ready to Apply?
Join Alarm.com and make an impact in renewable energy
Stay Updated on Sustainability Jobs
Get the latest renewable energy jobs and career tips delivered to your inbox.
Job Alerts
Get notified about new sustainability jobs