Senior Penetration Tester – IoT & Embedded Devices
Description
Enphase Energy is a global energy technology company and a leading provider of solar, battery, and electric vehicle charging products. Founded in 2006, our innovative microinverter technology revolutionized solar power, making it a safer, more reliable, and scalable energy source. Today, the Enphase Energy System enables users to make, use, save, and sell their own power. Enphase is also one of the most successful and innovative clean energy companies in the world, with more than 80 million products shipped across 160 countries.
Join our dynamic teams designing and developing next-gen energy technologies and help drive a sustainable future!
This role at Enphase requires working onsite 3 days a week, with plans to transition back to a full 5 day in office schedule over time.
About the role:
As a Senior Penetration Tester – IoT & Embedded Devices, you will be part of a cutting-edge cybersecurity team focused on securing our connected energy ecosystem, including IQ Gateway, IQ Microinverters, IQ Batteries, and EV Chargers deployed across 4M+ homes in 150+ countries. These devices rely on bidirectional powerline communication, Wi-Fi and cellular networking, and cloud-managed over-the-air (OTA) firmware updates.
You will lead offensive security testing across hardware, firmware, and software layers, while partnering closely with the CISO’s office to drive vulnerability lifecycle management from discovery to remediation.
What you will be doing:
- Perform hardware security testing: PCB teardown, component identification, bus sniffing and injection on UART/SPI/I²C, and logic-analyzer/oscilloscope signal capture
- Reverse-engineer firmware — dump SPI/eMMC flash, unpack with Binwalk, perform static analysis in Ghidra/IDA, and emulate with QEMU to surface logic flaws and hardcoded secrets
- Capture, analyze, and fuzz RF/wireless traffic with SDR tooling (HackRF/RTL-SDR) across BLE, Wi-Fi, sub-GHz, and cellular protocols
- Test cloud APIs and backend services (REST, gRPC, MQTT) for authentication bypass, IDOR, injection, and broken access control
- Lead end-to-end red-team exercises that chain device, network, and cloud footholds — lateral movement, privilege escalation, and persistence on embedded Linux/ARM platforms
- Document findings with reproducible PoCs, CVSS scoring, and remediation guidance, and retest fixes through closure
- Collaborate with internal security and engineering teams to strengthen product security
- Ensure compliance with industry security standards and best practices
- Perform JTAG/SWD debug-port attacks to extract, analyze, and modify device firmware
- Assess the security of Wi-Fi, cellular, and bidirectional powerline (PLC) communication interfaces
- Evaluate cloud-managed OTA firmware update mechanisms for integrity, authentication, and rollback protection
What you bring:
- BE/BTech/MS/MTech in Computer Science, Electrical Engineering, or a related field.
- A minimum of 6+ years of experience in IoT/embedded penetration testing
- Strong expertise in hardware and bus-level analysis (UART, SPI, I²C, JTAG/SWD), logic analyzers, and an understanding of fault-injection/glitching and side-channel techniques
- Hands-on firmware reverse engineering and binary analysis across ARM and MIPS, including bootloader and RTOS internals
- Proficiency with Ghidra/IDA Pro, Binwalk, QEMU, Burp Suite, and SDR/logic-analyzer hardware tools
- Experience in RF/wireless fuzzing and API exploitation
- Strong understanding of embedded Linux systems and ARM architectures
- Knowledge of CVE disclosure processes and OWASP IoT Top 10
- Familiarity with standards such as IEC 62443 and EU Cyber Resilience Act
- Excellent analytical, problem-solving, and communication skills
- Familiarity with Wi-Fi/cellular networking and bidirectional powerline (PLC) communication security
- Experience with cloud-managed OTA update pipelines and full-stack red-team engagements spanning device, network, and cloud layers
- Proficiency in Python and C/C++ for automation, tooling, and exploit development
Nice to have:
- Published CVEs, security advisories, or competitive Capture-the-Flag (CTF) experience
- Exploit development and custom tooling for embedded and ARM targets
- Relevant certifications such as OSCP, OSCE, GXPN, or GIAC GPEN
What we offer:
- Competitive compensation and comprehensive employee benefits
- Opportunity to work on securing large-scale global IoT ecosystems
- Exposure to cutting-edge technologies in embedded security
- Collaborative and innovation-driven work environment
- Career growth and development opportunities
#ITSecurity