Product Security Engineer – Embedded / IoT Security

Type: Contract (6 months, Full-Time Equivalent)

Location: Remote (Only Latam)

We are seeking an experienced Product Security Engineer to join a high-impact security team supporting a confidential enterprise client in the semiconductor and IoT space.

This role is deeply technical and focused on embedded security, wireless protocol exploitation, and firmware vulnerability research , contributing directly to a global Product Security Incident Response Team (PSIRT).

About the Role

As a Product Security Engineer, you will operate as an embedded member of a corporate security organization, working alongside engineering teams to identify, validate, and remediate security vulnerabilities across complex hardware and software products.

You will play a key role in:

• Product Security Incident Response (PSIRT)
• Penetration testing of embedded systems and wireless devices
• Threat Analysis and Risk Assessment (TARA)
• Security-by-design initiatives across engineering teams

This is not a generalist security role — we are looking for a hands-on practitioner in embedded and wireless security research .

• Participate in PSIRT workflows and vulnerability triage
• Support cross-functional coordination (engineering, product, legal)
• Document vulnerabilities with severity, impact, and remediation guidance
• Track resolution progress and security metrics

Penetration Testing & Exploitation

• Conduct firmware, software, and hardware security testing
• Develop exploits for ARM/x86 embedded devices
• Perform fuzz testing on embedded targets
• Analyze wireless protocols (Z-Wave, Zigbee, Wi-Fi, BLE)
• Document findings with reproducible steps and risk analysis

• Conduct and support TARA exercises across product lines
• Participate in architecture and design security reviews
• Apply CVSS and risk-based scoring models
• Identify design-level security gaps early in development

• Train engineering teams on secure-by-design practices
• Share insights on emerging threats, CVEs, and exploit trends
• Support global teams across multiple time zones

Required Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or related field
• 4+ years of hands-on experience in wireless protocol security (Z-Wave, Zigbee, Wi-Fi, BLE, etc.)
• Strong experience in firmware and embedded penetration testing
• Proven ability to develop exploits for ARM or x86 architectures
• Experience with fuzzing tools (AFL++, LibFuzzer, Boofuzz, etc.)
• Strong programming skills in C/C++ and Python
• Deep understanding of vulnerability classes and mitigations
• Experience with PSIRT, incident response, or structured vulnerability workflows
• Ability to communicate technical findings to both engineers and leadership

Preferred Qualifications

• Experience with embedded hardware debugging tools (JTAG, UART, logic analyzers, etc.)
• Familiarity with IoT / industrial / medical device security
• Certifications such as OSCP, GPEN, GREM, CISSP (or equivalent)
• Experience with standards like IEC 62443, NIST SP 800-193, PSA Certified
• Background in semiconductor or IoT security environments
• Prior consulting or multi-client security experience

Tools & Technologies

• Firmware Analysis: Ghidra, IDA Pro, Binwalk, GDB
• Exploitation: Metasploit, custom exploit development
• Fuzzing: AFL++, LibFuzzer, Boofuzz
• Hardware: JTAG, SWD, UART, SPI/I2C tools
• Protocols: Z-Wave, Zigbee, Wi-Fi, Bluetooth LE
• Languages: C, C++, Python
• Workflow: Jira, ServiceNow (or equivalent)

Work Environment

• Distributed global engineering teams
• Embedded within a corporate security / PSIRT organization
• Fast-paced, engineering-driven culture
• Exposure to IoT, industrial, smart energy, and connected device ecosystems
• Occasional coordination with hardware lab environments

Apply Now

If you are a hands-on security researcher passionate about embedded systems, wireless exploitation, and product security at scale , we’d love to hear from you.

Contact: [email protected]