Packetlabs is looking for an Ethical Hacker - Hardware to lead security assessments of embedded and IoT devices, the physical products where a vulnerability lives in silicon, firmware, and board layout, rather than in a web request. The Ethical Hacker - Hardware is a specialized technical role focused on assessing embedded systems across all industries, from consumer IoT to industrial and connected devices. This role involves getting hands-on with a device, opening it up, and proving what an attacker with physical or local access can really do.
This role requires the rare combination of offensive security instinct and genuine hardware fundamentals. You will work directly with clients to understand their devices and deliver findings that improve security posture.
Who we are looking for
No egos, ever. Egos don't belong at Packetlabs. The more you learn, the less you know. You stay humble, ask questions, and work to help clients improve their security.
Customer-first mentality. You are an excellent communicator with clients, project managers, and teammates. You are responsive, reliable, and professional throughout every engagement.
You deliver work that you take pride in. Your work is an autograph of your excellence. You hold yourself to a high standard, and it shows in what you produce.
Digs deeper into every finding. You don't stop until impact is proven, while understanding that restraint is the right call in sensitive OT environments where high-risk activity is not appropriate.
Comfortable being uncomfortable. You move toward obstacles, not away from them. Consulting is not a typical job and requires adapting to rapidly changing environments.
Always learning. Cybersecurity changes every day, and you keep up because you want to. You are deeply aware of your skillset and committed to improving it.
Self-motivated and dependable. You take ownership of your work and your outcomes without needing to be managed into them.
What you’ll be doing
Hardware Penetration Testing
Plan and execute end-to-end hardware penetration tests on embedded and IoT devices, against a defined scope and rules of engagement
Identify, access, and exploit on-board debug interfaces: JTAG, SWD, UART, and similar, to gain code execution or memory access
Extract firmware via debug ports, in-circuit flash reads (SPI / I2C / NAND), or chip-off when required, and analyze it for vulnerabilities
Intercept and analyze data on common embedded buses (SPI, I2C, UART, CAN, USB) using logic analyzers and protocol decoders
Where in scope, perform side-channel analysis and fault injection (power analysis, voltage/clock glitching) to bypass secure boot, readout protection, or authentication
Firmware Analysis & Reverse Engineering
Reverse engineer firmware and embedded binaries (Ghidra, IDA, Binwalk, etc.) to find logic flaws, hardcoded secrets, and exploitable conditions
Assess physical attack surface, tamper resistance, and key/secret storage
Distinguish between theoretical and operationally relevant risk to keep findings actionable
Client Advisory & Remediation
Write high-quality technical reports and present findings to client stakeholders, both technical and non-technical
Advise on practical, prioritized remediation that clients can act on
Build client confidence through credibility, clear communication, and proven impact
Methodology, Research & Continuous Improvement
Build and maintain lab tooling, test rigs, and internal methodology
Contribute to research, responsible disclosure, and internal knowledge-sharing
Stay current on hardware attack techniques, embedded architectures, and defensive controls
Help raise the standard of hardware security work across the firm
What success looks like
Clients gain a clear, accurate understanding of their hardware risk, backed by proven, reproducible impact
Findings are credible, actionable, and land for both technical and leadership audiences
Engagements are delivered to a consistently high standard with strong client confidence
Scope and rules of engagement are managed well as engagements evolve, with risk surfaced early and clearly
Packetlabs' hardware testing methodology and lab capability continue to mature through your contribution
Clients trust Packetlabs as the partner that can break their hardware before someone else does
Education and Experience
A graduate of an Information Security, Computer Science, or Computer/Electrical Engineering degree program (or equivalent hands-on experience)
Strong electronics fundamentals. Able to read schematics and datasheets and reason about a board from them
Hands-on soldering ability, including surface-mount (SMD) rework and basic chip removal
Demonstrated experience accessing debug interfaces (JTAG, SWD, UART) and extracting firmware from real devices
Comfort with core bench instruments: logic analyzer, oscilloscope, and multimeter
Firmware reverse-engineering skills and scripting proficiency in Python, plus enough C to read embedded code
Familiarity with common embedded architectures (ARM/Cortex-M, MIPS, AVR, RISC-V) and RTOS/bare-metal concepts
Clear written and verbal communication.
Nice to have (one or more would be an asset):
Side-channel / fault-injection experience (e.g., ChipWhisperer)
RF and wireless work: SDR, BLE, sub-GHz, Wi-Fi
Knowledge of secure boot chains, TEEs, secure elements, and HSMs
PCB design familiarity (KiCad / Altium) for understanding target boards
Published CVEs, conference talks, CTF placements, or open-source tooling
Relevant certifications (e.g., OSCP for breadth, or hardware-focused training)
Why us?
The opportunity to work on high-stakes hardware engagements where your judgment and bench skills genuinely matter
Receive immediate and ongoing offensive security training, mentorship, and professional development to advance your technical capabilities
Play a key role in shaping the growth, direction, and methodology of Packetlabs' expanding hardware practice
A leadership team that values substance, quality, and disciplined execution
Collaboration with a highly skilled team of security professionals who are passionate about technical excellence and raising the bar
Competitive compensation and growth opportunity
GRRSP with corporate matching in Canada
Participation in corporate benefit plans within Canada
Flexible work environment that empowers employees to do their best work
Fully remote within Canada or Texas