Ethical Hacker – Hardware
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Ethical Hacker - Hardware conducting security assessments of embedded and IoT devices at cybersecurity firm Packetlabs. Engaging with clients to improve security through hands-on penetration testing and reporting.
Responsibilities:
- Plan and execute end-to-end hardware penetration tests on embedded and IoT devices, against a defined scope and rules of engagement
- Identify, access, and exploit on-board debug interfaces: JTAG, SWD, UART, and similar, to gain code execution or memory access
- Extract firmware via debug ports, in-circuit flash reads (SPI / I2C / NAND), or chip-off when required, and analyze it for vulnerabilities
- Intercept and analyze data on common embedded buses (SPI, I2C, UART, CAN, USB) using logic analyzers and protocol decoders
- Where in scope, perform side-channel analysis and fault injection (power analysis, voltage/clock glitching) to bypass secure boot, readout protection, or authentication
- Reverse engineer firmware and embedded binaries (Ghidra, IDA, Binwalk, etc.) to find logic flaws, hardcoded secrets, and exploitable conditions
- Assess physical attack surface, tamper resistance, and key/secret storage
- Distinguish between theoretical and operationally relevant risk to keep findings actionable
- Write high-quality technical reports and present findings to client stakeholders, both technical and non-technical
- Advise on practical, prioritized remediation that clients can act on
- Build client confidence through credibility, clear communication, and proven impact
- Build and maintain lab tooling, test rigs, and internal methodology
- Contribute to research, responsible disclosure, and internal knowledge-sharing
- Stay current on hardware attack techniques, embedded architectures, and defensive controls
Requirements:
- A graduate of an Information Security, Computer Science, or Computer/Electrical Engineering degree program (or equivalent hands-on experience)
- Strong electronics fundamentals. Able to read schematics and datasheets and reason about a board from them
- Hands-on soldering ability, including surface-mount (SMD) rework and basic chip removal
- Demonstrated experience accessing debug interfaces (JTAG, SWD, UART) and extracting firmware from real devices
- Comfort with core bench instruments: logic analyzer, oscilloscope, and multimeter
- Firmware reverse-engineering skills and scripting proficiency in Python, plus enough C to read embedded code
- Familiarity with common embedded architectures (ARM/Cortex-M, MIPS, AVR, RISC-V) and RTOS/bare-metal concepts
- Clear written and verbal communication.
- Nice to have (one or more would be an asset): Side-channel / fault-injection experience (e.g., ChipWhisperer) RF and wireless work: SDR, BLE, sub-GHz, Wi-Fi Knowledge of secure boot chains, TEEs, secure elements, and HSMs PCB design familiarity (KiCad / Altium) for understanding target boards Published CVEs, conference talks, CTF placements, or open-source tooling Relevant certifications (e.g., OSCP for breadth, or hardware-focused training)
Benefits:
- GRRSP with corporate matching in Canada
- Participation in corporate benefit plans within Canada
- Flexible work environment that empowers employees to do their best work
- Immediate and ongoing offensive security training, mentorship, and professional development to advance your technical capabilities
Similar Jobs
IT & Security Engineer
IT & Security Engineer responsible for architecture, hands-on delivery, and technical leadership at GovWorx. Focused on security operations, identity management, and compliance in a remote setting.
Security Controls Assessor
Senior Security Controls Assessor evaluating MARAD information systems for compliance with cybersecurity standards. Supporting ATO decisions and developing assessment documentation in the United States.
Head of Infrastructure – Security
Head of Infrastructure & Security at Albert, focusing on enterprise-grade infrastructure and security. Establishing a cloud architecture strategy while managing a global SRE organization.
AI Security Consultant
AI Security Consultant identifying and mitigating risks in AI models and data pipelines at IOActive. Collaborating with technical teams to secure AI systems and deliver best practices.
Cybersecurity Executive
Cybersecurity Executive driving growth, operational excellence, and product innovation at Partner One. Leading cybersecurity organization serving enterprise and government customers worldwide.
Security Engineer, TS/SCI Required
Security Engineer responsible for integrating Accrete AI products into client environments with rigorous security protocols and processes. Collaborating closely with cloud security management and addressing unique client security needs.
Director, Cybersecurity Engineering
Director of Cybersecurity Engineering leading enterprise cybersecurity design and strategy at Convera. Operating in a highly regulated financial environment with a focus on advanced security practices.
Director, Security Delivery – Physical Security
Director overseeing end-to-end post-sale security delivery operations for Genea. Leading teams for physical security and access control while driving growth and customer success.
Information System Security Officer – Cloud Data Platform
Information System Security Officer responsible for cybersecurity and compliance in Microsoft Azure cloud platform for federal client. Leading security activities and ensuring compliance with federal frameworks.
Security Compliance Policy and Guide Writer
Seeking Security Compliance Policy and Guide Writer to document cybersecurity controls for government client. A role ensuring compliance with federal security requirements and producing operational documentation.
Information Systems Security Officer – Part-time
Information Systems Security Officer managing IT security and protecting sensitive information for federal clients. Leading risk management and compliance efforts while collaborating with various stakeholders.
Security & Compliance Engineer
Security & Compliance Engineer for ARGO-HYTOS Group. Ensuring information security and compliance in a global IT environment.
Virtual Chief Information Security Officer – vCISO
Virtual Chief Information Security Officer leading information security and compliance initiatives at a healthcare platform. Ensuring secure technology systems and serving as a strategic advisor to leadership.
Senior Security Engineer
Senior Security Engineer focused on securing infrastructure through technology deployment and incident response for a digital asset protection at ARC-One Solutions.
Azure Solutions, Security Architect
Azure Solutions Architect leading security-focused Azure cloud solutions at Ascend Technologies. Designing scalable architectures, ensuring compliance, and mentoring teams in Agile environments.
Presales Security Expert – National Partners
Presales Security Expert supporting and enabling Fortinet's Canadian partners with solutions and technical improvements. Involving multi-team collaboration and direct partner engagement for effective results.
Senior Information Security Engineer
Senior Information Security Engineer responsible for implementing security solutions for enterprise environments. Collaborating with teams to enhance security architecture and manage stakeholder relationships.
Intern, Blue Team
Internship position in Cyber Security at It4us focusing on Blue Team operations and security analysis. Supporting various tasks involving Linux, development, and threat monitoring.
Security Engineer – Client Consulting
Threat Protection Security Engineer at Cyclotron deploying Microsoft Defender and Sentinel for enterprise organizations. Collaborating with security engineers to improve protection of Microsoft-based assets in cloud and on-premises environments.
Security Controls Assessor – OSCAL, Part Time
Security Controls Assessor conducting security compliance assessments and reports for U.S. Government and Commercial clients. Required experience with OSCAL and NIST guidelines.