Ethical Hacker - Hardware

Packetlabs is looking for an Ethical Hacker - Hardware to lead security assessments of embedded and IoT devices, the physical products where a vulnerability lives in silicon, firmware, and board layout, rather than in a web request. The Ethical Hacker - Hardware is a specialized technical role focused on assessing embedded systems across all industries, from consumer IoT to industrial and connected devices. This role involves getting hands-on with a device, opening it up, and proving what an attacker with physical or local access can really do. This role requires the rare combination of offensive security instinct and genuine hardware fundamentals. You will work directly with clients to understand their devices and deliver findings that improve security posture. Who we are looking for No egos, ever. Egos don't belong at Packetlabs. The more you learn, the less you know. You stay humble, ask questions, and work to help clients improve their security. Customer-first mentality. You are an excellent communicator with clients, project managers, and teammates. You are responsive, reliable, and professional throughout every engagement. You deliver work that you take pride in. Your work is an autograph of your excellence. You hold yourself to a high standard, and it shows in what you produce. Digs deeper into every finding. You don't stop until impact is proven, while understanding that restraint is the right call in sensitive OT environments where high-risk activity is not appropriate. Comfortable being uncomfortable. You move toward obstacles, not away from them. Consulting is not a typical job and requires adapting to rapidly changing environments. Always learning. Cybersecurity changes every day, and you keep up because you want to. You are deeply aware of your skillset and committed to improving it. Self-motivated and dependable. You take ownership of your work and your outcomes without needing to be managed into them. What you’ll be doing Hardware Penetration Testing Plan and execute end-to-end hardware penetration tests on embedded and IoT devices, against a defined scope and rules of engagement Identify, access, and exploit on-board debug interfaces: JTAG, SWD, UART, and similar, to gain code execution or memory access Extract firmware via debug ports, in-circuit flash reads (SPI / I2C / NAND), or chip-off when required, and analyze it for vulnerabilities Intercept and analyze data on common embedded buses (SPI, I2C, UART, CAN, USB) using logic analyzers and protocol decoders Where in scope, perform side-channel analysis and fault injection (power analysis, voltage/clock glitching) to bypass secure boot, readout protection, or authentication Firmware Analysis & Reverse Engineering Reverse engineer firmware and embedded binaries (Ghidra, IDA, Binwalk, etc.) to find logic flaws, hardcoded secrets, and exploitable conditions Assess physical attack surface, tamper resistance, and key/secret storage Distinguish between theoretical and operationally relevant risk to keep findings actionable Client Advisory & Remediation Write high-quality technical reports and present findings to client stakeholders, both technical and non-technical Advise on practical, prioritized remediation that clients can act on Build client confidence through credibility, clear communication, and proven impact Methodology, Research & Continuous Improvement Build and maintain lab tooling, test rigs, and internal methodology Contribute to research, responsible disclosure, and internal knowledge-sharing Stay current on hardware attack techniques, embedded architectures, and defensive controls Help raise the standard of hardware security work across the firm What success looks like Clients gain a clear, accurate understanding of their hardware risk, backed by proven, reproducible impact Findings are credible, actionable, and land for both technical and leadership audiences Engagements are delivered to a consistently high standard with strong client confidence Scope and rules of engagement are managed well as engagements evolve, with risk surfaced early and clearly Packetlabs' hardware testing methodology and lab capability continue to mature through your contribution Clients trust Packetlabs as the partner that can break their hardware before someone else does Education and Experience A graduate of an Information Security, Computer Science, or Computer/Electrical Engineering degree program (or equivalent hands-on experience) Strong electronics fundamentals. Able to read schematics and datasheets and reason about a board from them Hands-on soldering ability, including surface-mount (SMD) rework and basic chip removal Demonstrated experience accessing debug interfaces (JTAG, SWD, UART) and extracting firmware from real devices Comfort with core bench instruments: logic analyzer, oscilloscope, and multimeter Firmware reverse-engineering skills and scripting proficiency in Python, plus enough C to read embedded code Familiarity with common embedded architectures (ARM/Cortex-M, MIPS, AVR, RISC-V) and RTOS/bare-metal concepts Clear written and verbal communication. Nice to have (one or more would be an asset): Side-channel / fault-injection experience (e.g., ChipWhisperer) RF and wireless work: SDR, BLE, sub-GHz, Wi-Fi Knowledge of secure boot chains, TEEs, secure elements, and HSMs PCB design familiarity (KiCad / Altium) for understanding target boards Published CVEs, conference talks, CTF placements, or open-source tooling Relevant certifications (e.g., OSCP for breadth, or hardware-focused training) Why us? The opportunity to work on high-stakes hardware engagements where your judgment and bench skills genuinely matter Receive immediate and ongoing offensive security training, mentorship, and professional development to advance your technical capabilities Play a key role in shaping the growth, direction, and methodology of Packetlabs' expanding hardware practice A leadership team that values substance, quality, and disciplined execution Collaboration with a highly skilled team of security professionals who are passionate about technical excellence and raising the bar Competitive compensation and growth opportunity GRRSP with corporate matching in Canada Participation in corporate benefit plans within Canada Flexible work environment that empowers employees to do their best work Fully remote within Canada or Texas Apply To This Job