Hardware Security Consultant in London

PTP works with clients globally providing cyber security consultancy and testing services. We work with the most cutting-edge industries, including consumer IoT, aerospace, maritime and autonomous vehicles. We are seeking a hardware security consultant, who is eager to learn, to join our team. Working alongside some of the best hacking minds in the country you'll be delivering a mixture of hardware and pen testing services to clients across all sectors.

You will need:

• Pen testing skills in web application, API and mobile applications
• Excellent ability to learn new technologies, systems, and languages
• A keen interest in embedded systems, IoT and hardware
• Demonstrated hardware security skills either in professional or hobbyist sphere
• Strong network protocol analysis using tools such as Wireshark
• An understanding of reverse engineering, experience using tools such as Ghidra, with particular focus on ARM and x86 architectures
• Ability to script in appropriate languages to facilitate testing
• Awareness of typical Industrial Control Systems (ICS)/Operational Technology (OT) architectures, components and protocols
• An understanding of cryptography and common mistakes made
• Experience in analysing RF protocols such as BLE, Zigbee, LoRa, Wi-Fi, and proprietary ISM band protocols
• Threat modelling knowledge, being able to determine which attacks and assets are highest risk for different classes of system
• Experience working in industrial or maritime environments, either as a pen tester, IT, or other role

We recognise that the tasks carried out by members of the hardware team are varied and challenging and we do not expect any member of the team to know everything. We operate as a team, providing advice, guidance and mentoring to each other.

You’ll be:

• Reporting into the Head of Hardware delivering hardware, ICS/OT and pen testing services, from presales through to delivery and debrief
• Contributing towards research and our development of internal tools and processes
• Helping to upskill others into the hardware team

Here are some examples of the services you may provide to clients:

• Penetration testing of a cloud-connected consumer IoT system including the device, messaging platforms, infrastructure, and mobile application
• Producing a threat model for a complex system such as a crypto wallet, aiming to uncover inherent outstanding risks in the design and implementation
• Reviewing custom cryptographic systems to identify common issues such as hardcoded keys, use of insecure block modes, unauthenticated encryption, and use of deprecated algorithms
• Testing routers and other networking equipment before they are deployed across Critical National Infrastructure, to ensure that they are suitably protected from physical attack and contain no secrets that can impact the wider system
• Performing lab-based testing of complex control systems used in Critical National Infrastructure, allowing more aggressive and invasive techniques to be used than in traditional ICS environments
• Reverse engineering the protocol used in a legacy specialised machine tool to allow it to be serviceable long into the future
• Attempting to bypass a custom digital rights management system to provide assurance that their product is adequately secure
• Testing network segmentation and infrastructure on a variety of ships, including cruise ships and oil rigs
• Working in ICS environments using a risk-averse methodology using document review, visual survey and low-risk techniques to find security issues

Knowledge development is part of our culture. We take professional development seriously and as a member of the team you will receive:

• 24 development days per year
• Time to go to conferences
• Access to Internal workshops, HTB, TryHackMe and many more resources
• Paid training & exams
• Access to our blog bounty programme

Although you’ll mostly work from home, we may ask you into the lab to work on pieces of hardware such as vehicles. Onsite travel to client sites (including international) will also be required for maritime, ICS and aerospace work. PTP are mindful that people have a life outside of work and onsite work is distributed across the team appropriately. Around 25% of your days will be onsite over a year.

Although we are a remote working company, our teams meet regularly throughout the year holding local and company meet ups.

As an employee you’ll also have access to:

• 25 days holiday + 8 bank holidays
• An opportunity to buy and sell holiday each year
• Private Medical Insurance and Healthcare Benefit
• 4 x salary life insurance
• Financing for training and conference attendance
• An environment where you can flourish, learn, and grow, as a person not just as an employee

This is a UK role, so you must live and be eligible to work in the UK.