Role Description Finite State is seeking an experienced IoT / ICS / OT and Penetration Tester to join our growing Services team. In this role you will conduct hands-on security assessments of connected devices, embedded systems, industrial control systems, and automotive platforms on behalf of our customers. You will combine deep hardware and firmware expertise with a consultative mindset to deliver clear, actionable findings that help manufacturers and operators understand and reduce risk. Responsibilities - Plan and execute penetration tests and security assessments against IoT, ICS/OT, and automotive targets, including connected consumer devices, industrial controllers, and automotive ECUs and telematics units. - Perform hardware interaction and firmware extraction using techniques such as JTAG, SWD, UART, SPI, I2C, eMMC, and NAND flash dumping; solder and rework PCBs as needed to gain access to debug interfaces. - Conduct firmware reverse engineering using tools such as Ghidra and Binary Ninja to identify vulnerabilities including memory corruption, authentication bypasses, hard-coded credentials, and insecure update mechanisms. - Assess wireless protocols common in IoT and automotive environments, including Bluetooth / BLE, Zigbee, Z-Wave, Wi-Fi, Cellular (LTE/5G), CAN bus, LIN, and automotive Ethernet. - Perform source code review, primarily in C, C++, and related embedded languages, to identify security weaknesses in firmware and embedded software. - Conduct supply chain and software composition analysis, including SBOM review and analysis of third-party open-source components, to identify known vulnerabilities and license risks. - Evaluate customer products and programs for compliance with relevant regulations and standards, including EN 303 645, the EU Cyber Resilience Act (CRA), EU Radio Equipment Directive (CE RED), UNECE WP.29 / ISO 21434 for automotive, and the US IoT Cyber Trust Mark. - Produce high-quality written reports that clearly communicate technical findings, risk ratings, and remediation guidance to both technical and executive audiences. - Leverage AI-powered security tooling and LLM-assisted workflows to accelerate analysis, triage, and reporting; maintain awareness of evolving AI capabilities relevant to embedded security research. - Collaborate with the product, engineering, and research teams to feed pentesting findings back into the Finite State platform and improve detection capabilities. - Support customer-facing engagements including scoping calls, technical debriefs, and remediation follow-up. - Contribute to internal knowledge sharing, tooling development, and methodology improvement. - Participate in industry conferences, publish research, and represent Finite State externally as opportunities arise. Qualifications - Bachelor's degree in Computer Science, Electrical Engineering, Computer Engineering, or a related field. - 5+ years of hands-on experience in IoT, embedded, ICS/OT, or automotive security. - Demonstrated experience performing hardware-level security assessments: JTAG/SWD debugging, SPI/I2C/UART communication, flash memory extraction, and PCB soldering and rework. - Proficiency with firmware reverse engineering tools, specifically Ghidra and/or Binary Ninja; ability to analyze ARM, MIPS, PPC, x86, and x64 architectures. - Experience testing IoT and automotive wireless protocols, including BLE, Zigbee, Z-Wave, Wi-Fi, CAN bus, and cellular interfaces. - Ability to read and review source code in C and C++ to identify memory safety issues, authentication flaws, and other security weaknesses in embedded software. - Familiarity with SBOM concepts, formats (CycloneDX, SPDX), and the use of SBOMs in vulnerability management. - Working knowledge of relevant regulations and standards, including at least a subset of: EU CRA, CE RED / EN 303 645, UNECE WP.29, ISO 21434, or the US IoT Cyber Trust Mark. - Excellent written and verbal communication skills; proven ability to write clear, well-structured technical reports and present findings to diverse audiences. - Experience with scripting and automation using Python and Bash to support tooling and workflow efficiency. - Familiarity with AI-assisted security tooling and an interest in applying LLM-based workflows to accelerate security analysis and reporting. Preferred Qualifications - Hands-on automotive security experience: OBD-II assessment, ECU flashing and analysis, V2X protocols, or automotive HSM evaluation. - Experience with industrial control system (ICS/SCADA) security assessments and familiarity with protocols such as Modbus, DNP3, EtherNet/IP, or OPC-UA. - CVE or responsible disclosure history demonstrating original vulnerability research in embedded or IoT targets. - Relevant certifications such as OSCP, GPEN, GICSP, or vendor-specific automotive security credentials. - Familiarity with static and dynamic analysis platforms and SAST/DAST tooling in the context of firmware and embedded software. - Experience with ML-based vulnerability detection models or AI-augmented reverse engineering pipelines. - Experience working on small, fast-moving consulting or product security teams. - Comfort operating in AWS or similar cloud environments used to support analysis pipelines or customer deliverables. Benefits - Be part of building the leading platform for connected device cybersecurity. - Join a fast-moving team that values transparency, innovation and impact. - Work fully remotely with a high degree of autonomy and ownership. - Comprehensive benefits. - Investment: learning stipends to support your professional development. - Equity: share in our growth and success. - Help solve some of the most pressing cybersecurity challenges facing connected device manufacturers and the millions of people who depend on them.

• The ETL Tester will be responsible for designing, automating, and executing test cases for Enterprise Data Warehouse (EDW) ETL processes in a State Government Medicaid environment. • Responsible for ensuring the accuracy, integrity, and reliability of data as it moves through ETL processes. • Leverage expertise to design and execute test strategies that validate both functional and non-functional requirements of data pipelines. • Perform backend testing to compare data in source systems to target Medicaid EDW. • Verify source-to-target data mapping and transformation logic for Medicaid datasets. • Validate data quality, standardization rules, and loading accuracy. • Write complex SQL queries to validate ETL outputs against business rules. • Conduct row counts, null checks, duplicate checks, and referential integrity validation. • Design test plans, test cases, and test scenarios for ETL processes. • Document test results and provide detailed feedback to stakeholders, highlighting areas for improvement. • Execute manual and automated tests for both full-load and incremental-load cycles.

• Quality strategy for our clinical platform • Define what quality means at Heartbeat, how we measure it, and how we improve it - across partner-specific configurations, clinical decision support, workflow orchestration, and integration points. You own the quality outcomes, not just the test artifacts. • Validation architecture • Design the systems that make validation fast, reliable, and low-friction - test data strategies, environment management, automation frameworks, CI/CD integration. Give engineers back time by making quality infrastructure a force multiplier, not a tax. • Release confidence • Strengthen release predictability by systematizing validation earlier in the development lifecycle. When something ships, the team should know - with evidence - that it works. • Embedded cross-functional partnership • This is not a handoff role. You'll sit inside the development process - participating in refinement, influencing how work is scoped and acceptance criteria are defined, shaping what "done" means. You're a core member of a small, high-impact team where everyone has direct access to product, engineering, and clinical leadership. • Exploratory testing where it matters • Perform targeted exploratory testing on high-risk areas - new features, edge cases, partner-specific configuration behavior, clinical workflow paths. You know when automation is the right tool and when human judgment is the only tool.

Perform quality engineering for new product development, assess product risks and mitigation strategies, support design validation protocols, and troubleshoot production issues utilizing problem-solving techniques and statistical analysis.