NetSPI LLC

Job DescriptionJob Description NetSPI pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security professionals with AI and automation, NetSPI delivers clarity, speed, and scale across 50+ pentest types, attack surface management, and vulnerability prioritization. The NetSPI platform streamlines workflows and accelerates remediation, enabling our experts to focus on deep dive testing that uncovers vulnerabilities others miss. Trusted by the top 10 U.S. banks and Fortune 500 companies worldwide, NetSPI has been driving security innovation since 2001. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at We are seeking an experienced professional with demonstrated technical depth and breadth in embedded and hardware systems, as well as the soft skills to effectively communicate with executive and technical teams. As a Principal Hardware/Embedded Systems Penetration Tester, you will be responsible for assessing the security of various hardware and embedded systems, identifying vulnerabilities, and providing actionable recommendations for improvement. You will largely work independently, demonstrating technical excellence and a positive, proactive approach on behalf of our practice of "Hardware & Integrated Systems". Our Hardware & Integrated Systems Practice operates globally in some of the largest and most critically situated industries. In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers. A day in the life of a NetSPI Principal Security consultant: Perform Hardware and/or firmware penetration tests. Lead in threat modeling exercises related to Embedded Systems. Create and deliver penetration test reports to clients. Collaborate with clients to create remediation strategies that will help improve their security posture. Conduct thorough penetration testing on hardware and embedded systems, including IoT devices, automotive systems, industrial control systems (ICS), and other critical infrastructure. Develop and execute comprehensive testing plans, methodologies, and tools tailored to specific hardware platforms. Identify, analyze, and document security vulnerabilities and exploits in hardware and firmware. Collaborate with cross-functional teams to review system architectures and design security solutions. Provide detailed reports and presentations to stakeholders, outlining findings and remediation strategies. Mentor junior team members and contribute to the development of best practices and testing standards. Stay current with the latest security trends, tools, and technologies in the hardware and embedded systems domain. Other important tasks you'll partake in: Research and develop innovative techniques, tools, and methodologies for penetration testing services. Help define and document internal, technical, and service processes and procedures. Contribute to the community through the development of tools, presentations, white papers, and blogs. The experience you'll need to be successful: Experience required (one of the following): 4 years of dedicated security consulting experience, with 2 of those years having a heavy concentration in embedded/hardware penetration and security designs. 5 years of dedicated hardware/embedded systems design & development, with an additional 1-2 years of hardware/embedded security consulting and penetration testing. 10+ years of dedicated hardware/embedded systems design, development & fabrications, with a strong understanding of security vulnerabilities and how they may apply to hardware/embedded systems. Hands-on experience with hardware penetration testing techniques, including soldering, probing chips, removing, and reworking components, and hardware debugging. Knowledge of Linux, Unix, QNX and/or Windows Operating Systems. Knowledge of Application and Network Protocols and design. Adept in reverse engineering, firmware analysis, and exploitation techniques. Strong understanding of embedded systems architectures, communication protocols (e.g., SPI, I2C, UART), and hardware debugging tools. Excellent problem-solving skills and the ability to think creatively to bypass security mechanisms. Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders. Self-motivated, detail-oriented, and capable of working independently with minimal supervision. Bachelor's degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience. Up to 25% travel If you have any of the below, that would be a plus: Designed hardware CTF or debugging tool. Programming experience in one or more of the following languages: C, C++ Familiarity with common embedded architectures such as: x86, ARM, PPC. Experience in automotive security testing and knowledge of CAN bus and related protocols. Experience with industrial control systems (ICS) and SCADA security. Experience testing medical devices. Knowledge of cryptographic algorithms and their implementation in hardware. Experience as an Embedded Hardware/Software engineer. Participated, won, organized, or otherwise developed Capture-The-Flag (CTF) competitions. Experience with Operating Systems design, or Compiler design. Experience with secure software development practices and code review. GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications.

Job DescriptionJob Description NetSPI pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security professionals with AI and automation, NetSPI delivers clarity, speed, and scale across 50+ pentest types, attack surface management, and vulnerability prioritization. The NetSPI platform streamlines workflows and accelerates remediation, enabling our experts to focus on deep dive testing that uncovers vulnerabilities others miss. Trusted by the top 10 U.S. banks and Fortune 500 companies worldwide, NetSPI has been driving security innovation since 2001. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at We are seeking an experienced professional with demonstrated technical depth and breadth in Cloud Penetration Testing as well as the soft skills to effectively communicate with executive and technical teams. In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers. Responsibilities: Execute cloud penetration tests against Google Cloud Platform environments. Develop innovative TTPs in support of Cloud testing. Create attack narratives and findings-based penetration test reports for clients. Collaborate with clients to create remediation strategies that will help improve their security posture. Act as a resource for internal team members as it relates to in-depth technical questions or best practices in Cloud. Assist in QA review of Cloud engagements. Help define and document internal processes and TTPs. Contribute to the information security community through the development of tools, presentations, white papers, and blogs. Minimum Qualifications: Bachelor's degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience. 3 - 5 years experience performing offensive/attack-oriented penetration tests against GCP environments and External/Internal networks. Recognized Penetration Testing specific qualifications such as GXPN, OSCP, OSCE, or similar certifications. Strong communication, presentation, and writing skills. Experience performing security focused cloud configuration reviews. Experience with offensive toolkits for both cloud and network penetration testing. Demonstrable knowledge in the following areas: Exploiting security misconfigurations for core cloud services such as Compute, Storage, Databases, Networking, Kubernetes, and other PAAS services IAM security fundamentals and how to leverage excessive permissions for lateral movement and privilege escalation within the cloud Testing external cloud attack surfaces Testing internal cloud attack surfaces Preferred Qualifications: Programming experience in one or more of the following languages: Python, PowerShell, C#, Go. Experience researching new cloud service offerings with the goal of identifying misconfigurations and vulnerabilities. Web Application pentesting experience. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Job DescriptionJob Description NetSPI pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security professionals with AI and automation, NetSPI delivers clarity, speed, and scale across 50+ pentest types, attack surface management, and vulnerability prioritization. The NetSPI platform streamlines workflows and accelerates remediation, enabling our experts to focus on deep dive testing that uncovers vulnerabilities others miss. Trusted by the top 10 U.S. banks and Fortune 500 companies worldwide, NetSPI has been driving security innovation since 2001. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at We are seeking an experienced professional with demonstrated technical depth and breadth in Cloud Penetration Testing as well as the soft skills to effectively communicate with executive and technical teams. In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers. Responsibilities: Execute cloud penetration tests against AWS environments. Develop innovative TTPs in support of Cloud testing. Create attack narratives and findings-based penetration test reports for clients. Collaborate with clients to create remediation strategies that will help improve their security posture. Act as a resource for internal team members as it relates to in-depth technical questions or best practices in Cloud. Assist in QA review of Cloud engagements. Help define and document internal processes and TTPs. Contribute to the information security community through the development of tools, presentations, white papers, and blogs. Minimum Qualifications: Bachelor's degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience. 3 - 5 years experience performing offensive/attack-oriented penetration tests against AWS environments and External/Internal networks. Recognized Penetration Testing specific qualifications such as GXPN, OSCP, OSCE, or similar certifications. Strong communication, presentation, and writing skills. Experience performing security focused cloud configuration reviews. Experience with offensive toolkits for both cloud and network penetration testing. Demonstrable knowledge in the following areas: Exploiting security misconfigurations for core cloud services such as Compute, Storage, Databases, Networking, Kubernetes, and other PAAS services IAM security fundamentals and how to leverage excessive permissions for lateral movement and privilege escalation within the cloud Testing external cloud attack surfaces Testing internal cloud attack surfaces Preferred Qualifications: Programming experience in one or more of the following languages: Python, PowerShell, C#, Go. Experience researching new cloud service offerings with the goal of identifying misconfigurations and vulnerabilities. Web Application pentesting experience. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.