Skip to content
Cybersecurity Active

IoT / Hardware Security Pentester

Poland (Remote)
Project-based
5+ years experience
Apply

About the Role

We are looking for an experienced IoT and hardware security specialist to take part in advanced penetration testing projects targeting product ecosystems. Projects involve comprehensive security assessments of physical devices, wireless communication, mobile applications, and supporting cloud services.

We work with clients in the MedTech, automotive, and industrial sectors, where product security directly impacts end-user safety.

Responsibilities

  • Penetration testing of IoT devices and embedded systems
  • Bluetooth / BLE security analysis — sniffing, MITM, fuzzing
  • Firmware reverse engineering (extraction, static and dynamic analysis, modification)
  • Analysis of proprietary protocols and communication interfaces
  • Testing firmware update mechanisms (OTA) and software supply chain security
  • Identifying debug interfaces (JTAG, SWD, UART) and assessing hardware attack surface
  • Security testing of related mobile applications (iOS, Android) and thick clients (Windows)
  • Preparing technical reports in English
  • Collaborating with web/mobile/cloud pentest team members on ecosystem-wide projects

Requirements

  • Minimum 5 years of experience in offensive security, including at least 2 years in IoT / hardware / embedded testing
  • Hands-on experience with Bluetooth / BLE protocol analysis
  • Firmware reverse engineering skills (Ghidra, IDA Pro, Binwalk, radare2)
  • Knowledge of hardware interfaces (JTAG, SWD, UART, SPI, I2C)
  • Experience with wireless analysis tools (Ubertooth, SDR, BT sniffer)
  • Programming skills in Python and C/C++
  • Fluent English (reports and client communication)
  • Ability to independently lead complex projects

Nice to Have

  • Certifications: OSCP, OSWE, GICSP, GRID, OffSec IoT (OSED/OSEE)
  • Experience in MedTech, automotive, or industrial sectors (IEC 62443, ISO 21434, FDA cybersecurity guidance)
  • Experience with side-channel analysis and fault injection
  • Publications, CVEs, or conference talks (Black Hat, DEF CON, Hardwear.io)
  • Participation in hardware/embedded CTF challenges
  • Familiarity with platforms: ARM Cortex-M, ESP32, Nordic nRF

What We Offer

  • Project-based collaboration (B2B contract)
  • Compensation matching this rare specialization
  • Fully remote work
  • Projects for international clients in regulated sectors
  • Access to lab equipment and specialized tools
  • Collaboration with an experienced offensive security team
  • Opportunity to co-build IoT security capabilities at nFlo

Apply for Collaboration

Send your profile or portfolio. We'll respond within 7 business days.

Click to select a file or drag and drop

PDF, DOC, DOCX (max 10MB)

Have questions? Email us at: wspolpraca@nflo.pl