• Analyze system requirements and develop test cases to validate them; • Plan and develop acceptance, integration, and system tests; • Document the system and detail the specifications; • Assess infrastructure and design stress, load, and maintainability tests for the system; • Automate integration and acceptance tests; • Manage the test environment and ensure execution of automated tests; • Perform manual and exploratory testing; • Promote a quality culture and identify improvements in the development process; • Work closely with developers, Design, and Product teams on product definition (requirements, features, and delivery) and its continuous improvement;

Role Description Finite State is seeking an experienced IoT / ICS / OT and Penetration Tester to join our growing Services team. In this role you will conduct hands-on security assessments of connected devices, embedded systems, industrial control systems, and automotive platforms on behalf of our customers. You will combine deep hardware and firmware expertise with a consultative mindset to deliver clear, actionable findings that help manufacturers and operators understand and reduce risk. Responsibilities - Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets, including connected consumer devices, industrial controllers, and automotive ECUs and telematics units. - Perform hardware interaction and firmware extraction using techniques such as JTAG, SWD, UART, SPI, I2C, eMMC, and NAND flash dumping; solder and rework PCBs as needed to gain access to debug interfaces. - Conduct firmware reverse engineering using tools such as Ghidra and Binary Ninja to identify vulnerabilities including memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms. - Assess wireless protocols common in IoT and automotive environments, including Bluetooth / BLE, Zigbee, Z-Wave, Wi-Fi, Cellular (LTE/5G), CAN bus, LIN, and automotive Ethernet. - Perform source code review, primarily in C, C++, and related embedded languages, to identify security weaknesses in firmware and embedded software. - Conduct supply chain and software composition analysis, including SBOM review and analysis of third-party open-source components, to identify known vulnerabilities and license risks. - Evaluate customer products and programs for compliance with relevant regulations and standards, including EN 303 645, the EU Cyber Resilience Act (CRA), EU Radio Equipment Directive (CE RED), UNECE WP.29 / ISO 21434 for automotive, and the US IoT Cyber Trust Mark. - Produce high-quality written reports that clearly communicate technical findings, risk ratings, and remediation guidance to both technical and executive audiences. - Leverage AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting; maintain awareness of evolving AI capabilities relevant to embedded security research. - Collaborate with the product, engineering, and research teams to feed pentesting findings back into the Finite State platform and improve detection capabilities. - Support customer-facing engagements including scoping calls, technical debriefs, and remediation follow-up. - Contribute to internal knowledge sharing, tooling development, and methodology improvement. - Participate in industry conferences, publish research, and represent Finite State externally as opportunities arise. Qualifications - Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field. - 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security. - Demonstrated experience performing hardware-level security assessments: JTAG/SWD debugging, SPI/I2C/UART communication, flash memory extraction, and PCB soldering and rework. - Proficiency with firmware reverse engineering tools, specifically Ghidra and/or Binary Ninja; ability to analyze ARM, MIPS, PPC, x86, and x64 architectures. - Experience testing IoT and automotive wireless protocols, including BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces. - Ability to read and review source code in C and C++ to identify memory safety issues, authentication flaws, and other security weaknesses in embedded software. - Familiarity with SBOM concepts, formats (CycloneDX, SPDX), and the use of SBOMs in vulnerability management. - Working knowledge of relevant regulations and standards, including at least a subset of: EU CRA, CE RED / EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark. - Excellent written and verbal communication skills; proven ability to write clear, well-structured technical reports and present findings to diverse audiences. - Experience with scripting and automation using Python and Bash to support tooling and workflow efficiency. - Familiarity with AI-assisted security tooling and an interest in applying LLM-based workflows to accelerate security analysis and reporting. Preferred Qualifications - Hands-on automotive security experience: OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation. - Experience with industrial control system (ICS/SCADA) security assessments and familiarity with protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA. - CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets. - Relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials. - Familiarity with static and dynamic analysis platforms and SAST/DAST tooling in the context of firmware and embedded software. - Experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines. - Experience working on small, fast-moving consulting or product security teams. - Comfort operating in AWS or similar cloud environments used to support analysis pipelines or customer deliverables. Benefits - Be part of building the leading platform for connected device cybersecurity. - Join a fast-moving team that values transparency, innovation and impact. - Work fully remotely with a high degree of autonomy and ownership. - Comprehensive benefits. - Investment: learning stipends to support your professional development. - Equity: share in our growth and success. - Help solve some of the most pressing cybersecurity challenges facing connected device manufacturers and the millions of people who depend on them.

• The ETL Tester will be responsible for designing, automating, and executing test cases for Enterprise Data Warehouse (EDW) ETL processes in a State Government Medicaid environment. • Responsible for ensuring the accuracy, integrity, and reliability of data as it moves through ETL processes. • Leverage expertise to design and execute test strategies that validate both functional and non-functional requirements of data pipelines. • Perform backend testing to compare data in source systems to target Medicaid EDW. • Verify source-to-target data mapping and transformation logic for Medicaid datasets. • Validate data quality, standardization rules, and loading accuracy. • Write complex SQL queries to validate ETL outputs against business rules. • Conduct row counts, null checks, duplicate checks, and referential integrity validation. • Design test plans, test cases, and test scenarios for ETL processes. • Document test results and provide detailed feedback to stakeholders, highlighting areas for improvement. • Execute manual and automated tests for both full-load and incremental-load cycles.

• Quality strategy for our clinical platform • Define what quality means at Heartbeat, how we measure it, and how we improve it - across partner-specific configurations, clinical decision support, workflow orchestration, and integration points. You own the quality outcomes, not just the test artifacts. • Validation architecture • Design the systems that make validation fast, reliable, and low-friction - test data strategies, environment management, automation frameworks, CI/CD integration. Give engineers back time by making quality infrastructure a force multiplier, not a tax. • Release confidence • Strengthen release predictability by systematizing validation earlier in the development lifecycle. When something ships, the team should know - with evidence - that it works. • Embedded cross-functional partnership • This is not a handoff role. You'll sit inside the development process - participating in refinement, influencing how work is scoped and acceptance criteria are defined, shaping what "done" means. You're a core member of a small, high-impact team where everyone has direct access to product, engineering, and clinical leadership. • Exploratory testing where it matters • Perform targeted exploratory testing on high-risk areas - new features, edge cases, partner-specific configuration behavior, clinical workflow paths. You know when automation is the right tool and when human judgment is the only tool.