[Hiring] IoT Security Researcher @Redherd.io

Role Description

Our client is seeking an IoT Security Researcher to conduct advanced vulnerability research on embedded systems and connected devices. The role focuses on identifying and analyzing security weaknesses in firmware, device operating systems, and IoT communication protocols. This position is suited for researchers who enjoy low-level analysis, firmware reverse engineering, and vulnerability discovery across embedded platforms.

You will work with a team of experienced security researchers performing hands-on analysis of real-world devices, developing proof-of-concept exploits, and advancing internal research capabilities.

Responsibilities

• Conduct vulnerability research on IoT and embedded systems across multiple platforms and device types.
• Perform firmware extraction, unpacking, and reverse engineering.
• Analyze device firmware using static and dynamic analysis techniques.
• Identify vulnerabilities in device operating systems, network services, and communication protocols.
• Develop proof-of-concept exploits to demonstrate impact.
• Interact with device hardware using debugging and extraction interfaces such as UART, JTAG, SPI, or SWD.
• Analyze IoT network protocols and device communications.
• Document research findings and communicate technical discoveries to internal teams.
• Develop tools and automation to support ongoing research activities.

Qualifications

• Experience in vulnerability research or reverse engineering.
• Experience analyzing embedded systems, firmware, or IoT devices.
• Proficiency with reverse engineering tools such as Ghidra, IDA Pro, or Binary Ninja.
• Experience with Linux-based embedded environments.
• Scripting ability with Python or similar languages.
• Understanding of network protocols and embedded device architectures.
• Strong analytical and problem-solving skills.

Requirements

• Experience with hardware debugging or chip-level interfaces.
• Familiarity with IoT protocols such as MQTT, BLE, Zigbee, or proprietary device protocols.
• Experience with exploit development.
• Public vulnerability research, CVEs, or conference presentations.
• Participation in CTFs, bug bounty programs, or security research communities.