Hardware Penetration Tester
Technical Services (TS) – Technical Services /
Leviathan Security Group is a premier Risk Management and Information Security consultancy headquartered in Seattle, WA. With a history of 17 years, we've assembled an elite team of cybersecurity professionals specializing in comprehensive penetration testing and multi-layered technical assessments. Our expertise covers the entire technology stack, from hardware to web applications. We serve a diverse clientele, ranging from emerging startups to Fortune 50 companies, and are trusted with their most critical and complex security challenges. Our mission is to safeguard good people from bad actors by identifying and remedying security vulnerabilities for our clients.
Founded by industry veterans, we've cultivated a work culture that values both expertise and work-life balance. Our team is not just highly skilled but also passionate about their work, making every project meaningful and impactful. While our headquarters is in Seattle, we offer the flexibility of remote work across the U.S. and an industry-leading benefits package. We cover 100% of medical, dental, and vision insurance premiums for you and your dependents. Additionally, any non-client-owned intellectual property you create remains yours. At Leviathan, we're more than just consultants; we're your trusted partners in cybersecurity.
The Role: Hardware Penetration Tester
Step into a Hardware Penetration Tester role with us, where you'll spearhead penetration testing and in-depth technical assessments for hardware and embedded systems. Your expertise will be crucial in identifying vulnerabilities, offering actionable remediation steps, and conveying the business impact to a diverse audience. While your core responsibility lies in hardware security, the role extends to other penetration testing facets, including web, network, cloud, and mobile platforms. Team collaboration is key, as you'll work together to meet project deadlines and may occasionally assume the lead in client interactions. This hybrid-remote position is based in Seattle, WA, and will require part-time on-site presence for lab management.
- Execute penetration tests and technical evaluations on client hardware and embedded systems.
- Discover, document, and propose solutions for vulnerabilities.
- Articulate security risks to stakeholders, both technical and non-technical.
- Collaborate effectively to meet project deliverables within deadlines.
- Step in to lead client meetings as needed.
- Guide and mentor junior consultants while driving new security initiatives.
- Manage and utilize the on-site lab for part-time, in-person work in Seattle, WA.
Core Technical Competencies
- Programming & Development: Proficiency in C/C++ and experience with Arduino or Raspberry Pi.
- Firmware & Reverse Engineering: Experience in capturing, unpacking, and reverse-engineering firmware images from embedded or IoT devices.
- Hardware Skills: Proficiency in soldering, component removal, and use of oscilloscopes, logic analyzers, and multi-meters.
- Connectivity & Protocols: Experience with JTAG, SPI, I2C, and understanding of wireless protocols like the 802.1x family.
- Vulnerability Analysis: Experience in fault injection, side-channel attacks, and system tamper-proofing.
- Software Emulation & Testing: Proficiency in using emulation tools and experience in mobile and web application testing.
- Technical Architecture: Understanding of 32- or 64-bit architectures, exotic filesystems, and non-Linux environments like RTOS.
- Documentation & Design: Ability to read technical schematics and design documents.
- Advanced Hardware: Experience with FPGAs and fine-pitch SMT/BGA components.
- Radio & Circuitry: Ham Radio license, knowledge of RF, and ability to design custom circuit boards.
- Certifications & Education: Industry certifications and a college degree in EE or CS.
- Competitive & Community Involvement: Bug bounty or CTF experience, tool development for testing.
$140,000 - $160,000 a year
We are committed to a people-first culture and work-life balance. Our comprehensive benefits package includes full medical insurance coverage, disability and accidental death coverage, as well as 401k and stock options. An annual budget for ongoing training and professional development is also provided.
Penetration Testing, Hardware Security, C/C++ Programming, Firmware Analysis, Embedded Devices, IoT Security, Serial-based Connections (JTAG, SPI, I2C), Reverse Engineering, Fault Injection, Side-Channel Attacks, Risk Assessment, Vulnerability Remediation, Team Collaboration, Client Communication, Web Application Security, Network Security, Cloud Security, Mobile Security.