Hardware Penetration Tester

Seattle, WA
Technical Services (TS) – Technical Services /
Full-Time, Remote /
On-site
Apply for this job
About Us: 
Leviathan Security Group is a Risk Management and Information Security firm based in Seattle, WA. Over the last 17 years, we have built a strong team of cybersecurity professionals who have developed a reputation for in-depth penetration testing and deep technical assessments up-and-down the stack, from hardware to web applications. With clients ranging from startups to Fortune 50, our teams are retained to work on the most exciting, complex, and critical security projects with some of the top tech companies in the world. 
 
We exist to prevent the bad actors from doing bad things to good people by helping our clients identify and remediate security vulnerabilities within their environments.  
 
We are a consulting firm built by industry veterans who wanted to build a better consultancy for consultants. As a result, we have tried to build a team of people that you look forward to working with every day and try to provide you with the best work-life balance and benefits in the industry. While our HQ is based in Seattle, WA, our consultants enjoy the benefits of working remotely anywhere in the U.S. while doing meaningful and impactful work. We also pay the full insurance premium for your medical, dental, and vision coverage for you and your dependents and we do not claim ownership of non-client-owned intellectual property that you develop while at Leviathan.  
 
About The Job:
In this role as a Hardware Security Consultant, you will be focused on penetration testing and deep technical assessments of our client’s hardware and embedded devices. You will discover potential vulnerabilities in customer environments, catalog vulnerabilities, and highlight solutions to vulnerabilities and steps to remediate those findings.
 
We are looking to you to clearly explain security vulnerabilities and articulate business impact risk to both technical and non-technical audiences.
 
You will be working in project teams to ensure that all client deliverables are done right and on time and would occasionally handle customer-facing meetings in lieu of a project manager.
 
If you enjoy deep technical testing, reverse engineering, coaching/mentoring associate consultants, and driving new security initiatives then we want to speak with you!

This is a hybrid-remote position base in Tukwila, WA. You'll be expected to be onsite part time to utilize and mange our lab. You may be required to travel up to 35% per year as needed to support project delivery.

Experience Needed:

    • C/C++ programming proficiency (both reading and writing code)
    • Demonstrated experience capturing firmware images from embedded or IoT devices
    • Use of tools such as binwalk to unpack and examine the firmware
    • Demonstrated experience with soldering and removing board components
    • JTAG, SPI, I2C, and other serial-based connection creation experience
    • Firmware reverse engineering proficiency
    • Experience emulating software using tools (e.g., Qemu, ARM emulators)
    • Fault Injection experience
    • Experience analyzing side-channel attacks (e.g., power consumption, Electromagnetic Interference)

Knowledge Needed:

    • Knowledge of 32- or 64-bit architectures
    • Knowledge of exotic filesystems, or kernel-less OSes
    • Working knowledge of oscilloscopes, logic analyzers, and multi-meters
    • Reading schematics and tech design documents
    • Exposure to RTOS and other non-Linux environments

Understanding Needed:

    • Understand wireless protocols in the 802.1x family (e.g., Zigbee, Bluetooth)
    • Understand tamper-proofing of systems and potential circumvention methods
    • Understand the basics of fault injection and common side-channels
    • Understanding of bytecode and flashing a custom firmware
    • Arduino or Raspberry Pi development
    • Ability to use FPGAs and develop software for them

And if you have skills or experience in any of the items below, all the better! This list is not exhaustive and should not be thought of as a barrier to interview or work at Leviathan.

    • Mobile device testing experience
    • Ham Radio license or knowledge of RF, and software-defined radio (SDR)
    • Ability to design and assemble custom circuit boards
    • Ability to work with fine-pitch SMT/BGA components
    • Experience writing tools to enhance testing
    • Experience with testing web applications and web application frameworks
    • Bug bounty or capture the flag (CTF) experience and rankings/reputation (if you have a DefCon CTF black badge, we want to know!)
    • Industry leading certifications (e.g., OSCE, GIAC GREM, eCRE, CREA)
    • A college education (EE or CS degree ideal)

What’s In It for You? 

    • We are a people-first organization  
    • We respect work-life balance. We do our best to prevent unnecessary overtime and burnout. We care about your well-being  
    • We pay for 100% of your medical insurance premiums for you and 50% for your dependents 
    • We also include short/long term disability, accidental death coverage, 401k & stock options 
    • We provide an annual budget for your ongoing training, education, and professional development 
    • You will report to a technical manager and leadership team that understands the work you do and can provide technical guidance when needed 
    • Our friendly culture is built on trust, integrity, collaboration, and the desire to learn from and support each other 
$135,000 - $160,000 a year
Apply for this job

Leviathan Security Group Home Page

Jobs powered by Lever logo