Penetration Tester

Our client is seeking a Penetration Tester to support application and product security testing across a global environment. This role focuses on conducting penetration testing, security monitoring, and auditing across a range of products, including embedded devices and cloud-based services. The successful candidate will be responsible for identifying weaknesses in product design and implementation, carrying out detailed security assessments, and clearly documenting findings for engineering teams to address. This role requires strong technical breadth across different attack vectors, platforms, and testing methodologies, with the ability to assess both white-box and black-box environments. You will work closely with engineering teams to perform security testing, communicate vulnerabilities, and help ensure alignment with internal security standards and processes. This role also involves contributing to the improvement of internal testing frameworks, methodologies, and security procedures. Key ResponsibilitiesPerform penetration testing and security assessments across embedded systems, mobile applications, and web applicationsConduct threat assessments and evaluate products for design or implementation weaknessesResearch new vulnerabilities and help strengthen existing testing capabilitiesAnalyze and bypass security protections where relevant to testing objectivesPerform data bus monitoring, snooping, and data injection activitiesConduct protocol analysis across embedded products and applicationsPerform wireless communication channel analysis, including snooping and data injectionReverse engineer complex systems, software, and communication protocolsProduce detailed technical reports and proof-of-concept code to document findingsBreak down systems or products before testing to identify requirements, scope, and resource needsWork proactively with engineering teams on testing requirements, progress updates, and findingsSupport issue management in GitLab and help guide junior team members on testing activitiesAssist in driving testing activities across regions and support ongoing improvements to testing processesFollow internal security, vulnerability management, and incident response requirements closely RequirementsBachelor's degree in Computer Science, Information Technology, Engineering, or a related fieldAt least 3 years of experience in information security, application security, embedded product security, or IT risk managementStrong understanding of security protocols, cryptography, authentication, authorization, and general security principlesGood knowledge of current IT risks and experience implementing security controls or solutionsAbility to work with a wide range of stakeholders and clearly communicate technical security issuesStrong written and verbal communication skillsAble to contribute meaningfully to the secure development lifecycle of products, applications, or servicesSecurity certifications such as CISSP, OSWE, or equivalent are preferred Preferred ExperienceExperience working with embedded systems, embedded software, or web-based applicationsFamiliarity with low-level development and analysis tools such as compilers, debuggers, and disassemblersExposure to tools such as IDA Pro, WinDbg, BinWalk, Valgrind, PIN, Panda, S2E, or similarWorking knowledge of common offensive security tools and techniques such as Metasploit, Nmap, Nessus, DNS poisoning, memory corruption exploits, and related methodsExperience with UNIX kernel internals, Windows internals, and reading x86/ARM assemblyFamiliarity with program analysis techniques such as taint analysis, symbolic execution, program slicing, and dynamic instrumentationUnderstanding of cryptographic algorithms, known weaknesses, and practical attack methodsExperience extracting software or firmware from hardware devicesHands-on experience with GitHub or GitLabGood understanding of network protocols and packet-level programmingExposure to microcontroller tools, debugging interfaces, and embedded hardware testingKnowledge of Layer 2/Layer 3 networking, firewalls, DPI, IDS/IPS, and related security conceptsExperience with Windows, Linux, Android, and iOS configurationUnderstanding of boot processes and boot loadersHands-on embedded C/C++ development and debugging experience on target hardware is a plusOriginally posted on Himalayas