Embedded Penetration Tester – IoT

Apply now

Active job offers

Embedded Penetration Tester – IoT

  • Embedded


Job description

You will play a crucial role in ensuring the security and resilience of embedded systems across automation, IoT, and medical industries, contributing to the development of robust and compliant Solutions.


  • In-depth knowledge of Automation, IoT and medical industry communication protocols.
  • Understanding of relevant automotive standards and specifications such us IEC62443.
  • Familiarity with the security mechanisms and vulnerabilities associated with various embedded systems.
  • Knowledge of secure boot processes and firmware update mechanisms.
  • Expertise in analysing and securing different type of networks.
  • Ability to assess the security of communication buses and identify potential attack vectors.
  • Ability to assess vulnerabilities in various types of interfaces, systems, and communication interfaces.
  • Proficiency in reverse engineering and analysing firmware running on various device types.
  • Capability to identify and exploit vulnerabilities within device firmware.
  • Familiarity with diagnostic and testing tools used in developing embedded solutions.
  • Ability to use tools for debugging, sniffing, and analyzing network traffic.
  • Understanding of security challenges associated with device-to-cloud communication.
  • Ability to assess the security of cloud-connected services and backend systems.
  • Proficiency in using penetration testing tools tailored for embedded systems.
  • Experience with tools specific to analyzing and exploiting security vulnerabilities.
  • Capability to perform risk assessments and threat modeling specific to Automation, IoT or medical environments.
  • Understanding of potential threats and their impact on device security.
  • Awareness of legal and compliance considerations in penetration testing.
  • Clear and concise communication skills to convey findings to both technical and non-technical stakeholders.
  • Ability to generate detailed penetration testing reports with actionable recommendations.


  • Maintaining awareness of legal and compliance considerations in penetration testing activities.
  • Ensuring adherence to relevant regulations and ethical guidelines
  • Performing risk assessments and threat modeling specific to automation, IoT, or medical environments.
  • Proficiently analyzing and securing firmware running on various device types.
  • Identifying and exploiting vulnerabilities within device firmware to enhance overall security.


More reasons to work with us


Work from home or the office

Depending on the position, you can work remotely, from the office or in a hybrid model.


Top-of-the-line equipment

We provide the equipment that best suits your needs and the requirements of your role.


Training budget

Use your personal training budget to gain new skills and knowledge.


Internal initiatives

Take part in our knowledge-sharing meetups organised by and for tech enthusiasts.


Private health insurance

Keep your health in check with easy access to medical professionals.

Recruitment process

It only takes a few steps

Different roles have different requirements, so the recruitment process depends on the specific position you are applying for.


Checking your CV

We read every resume we receive carefully. If you meet our requirements, we will call you to learn more about your expertise and needs.

Evaluating your qualifications

After an initial phone call, we check your skills with a task related to your position and provide you with feedback afterwards.

Making an appointment

The next step is a meeting at our office or online, where you can learn more about the team and our work culture from a Spyrosoft manager and/or partner.

Getting the answer

At Spyrosoft, we contact every person participating in the recruitment process. Upon acceptance, we will provide a list of the next steps.

Meet the recruiter

Karolina Kwaśnik Spyrosoft

At Spyrosoft, we focus on your professional development. You have influence on how and what you work on.

Karolina Kwasnik

Lead Recruitment Specialist


Apply for
Embedded Penetration Tester – IoT

If this offer seems to be perfect for you - don't wait, send us your CV

    Please note that we accept PDF, .doc, .docx or .odt format only.

    By agreeing to one of the following statements, I confirm that I provide my data voluntarily and accept the information contained in the Communication.
    See Communication text
    At the same time, I declare that I voluntarily provide my personal data and I acknowledge that the Controller of my personal data is Spyrosoft S.A. with its registered office in Wrocław, Plac Nowy Targ 28, the recipients of my data can be companies related with the Data Controller: in particular:
    a) dominant companies within the meaning of art. 4 § 1 point 4 of the Commercial Companies Code of 15 September 2000,
    b) affiliated companies within the meaning of art. provisions of the Commercial Companies Code of 15 September 2000,
    c) companies associated personally with the Administrator, i.e. those in which persons discharging functions in the Administrator's bodies hold at least 20% of votes or shares,
    as well as the Customers of these companies or the entities providing services in favour of the Data Controller who may act as data controllers and processors and my personal data shall be processed pursuant to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, pursuant to Art. 6 (1) (a) of this Regulation, during the period not exceeding 6 months

    At the same time, I acknowledge that I have the right to access and rectify my personal data, its erasure, limitation of processing, the right to object to the processing of data, the right to transfer data, the right to withdraw the consent at any time (without impact on the lawfulness of the processing carried out before the withdrawal), as well as the right to lodge a complaint to a supervisory body. Withdrawal of the consent and willingness to exercise other rights can be reported via e-mail: rodo@spyro-soft.com or by post to the following address: Spyrosoft S.A., Plac Nowy Targ 28, 50-141 Wrocław.

    I acknowledge that personal data is not subject to the automated decision making, including profiling.