Logo

Offensive Security Engineer, Device

World
The Device Security Team at TFH is seeking an Offensive Security Engineer to protect cutting-edge technologies. This role involves vulnerability assessments, penetration testing, and collaborating with engineering teams to improve security defenses.

Overview

Department

IT

Job type

Full time

Compensation

$280,000 - $320,000 per year

Location

San Francisco, United States, North America

Resume Assistance

See how well your resume matches this job role with our AI-powered score. By uploading your resume, you agree to our Terms of Service

Ready to apply?

You're one step away - it takes less than a minute to upload your resume

Requirements

  • 5+ years of experience in offensive security roles, such as penetration testing, vulnerability research, or red teaming, with a focus on embedded systems or devices.
  • Strong understanding of hardware security concepts, including secure boot, JTAG/SWD, on-device tamper detection and response, and SoC architectures.
  • Experience with reverse engineering tools such as IDA Pro, Ghidra, or Radare2, and debugging tools like GDB or common offensive security tools (e.g., Metasploit, Burp Suite, Kali Linux, or custom tooling).
  • Expertise in Linux security, including secure configurations, kernel hardening, and system monitoring tools, OP-TEE, Android security frameworks
  • In-depth knowledge of secure coding practices, cryptographic principles, and attack mitigation strategies.
  • Proven track record of identifying and exploiting vulnerabilities in embedded systems, firmware, or IoT devices.

    • Responsibilities

  • Perform vulnerability assessments, penetration testing, or red team exercises to evaluate the security of devices and systems.
  • Simulate advanced attacks against hardware, firmware, and software to identify weaknesses and areas of improvement.
  • Develop proof-of-concept exploits to demonstrate the impact of discovered vulnerabilities.
  • Collaborate with engineering teams to review designs, code, and system configurations for potential security flaws, then provide actionable recommendations to mitigate risks and improve security defenses.
  • Manage 3rd party security auditing exercises or bug bounty program
  • Research emerging threats, techniques, and tools to ensure our device security capabilities remain at the cutting edge.

    • Benefits

  • An open and collaborative office space in downtown SF
  • Unlimited PTO
  • Monthly Phone Reimbursement or a company device
  • Daily DoorDash credit for in-office meals
  • Top-tier medical, dental, vision insurance
  • 401k + employer match program
    • Company
    About
    Academy
    Pricing
    Partnerships
    Legal
    Terms
    Privacy
    Cookies
    Contact
    © All rights reserved.