• Initial Reconnaissance - Understand product’s internal as well as communication mechanism

• Threat Modelling - Identification of Actors and Entity Boundary

• Protocol Endpoints - Read/Understand Protocol Specification, Gather Sample Protocol Implementations & Protocol Simulators, Testing with the Simulators and ability to write Scripts to Interact with The device

• Firmware Vulnerability Analysis - Firmware Extraction and Analysing Firmware, Vulnerability Analysis, Manual Reversing of Binaries, Understand Firmware Update Process

• Hardware Vulnerability Analysis - Identify and analyse Hardware Debug ports, Memory extraction and analysis, Malicious data injection

• Manage all facets of Vulnerability Assessment and Penetration testing involving embedded devices.

• Perform attacks and identify vulnerabilities on interfaces like USB, Ethernet etc.

• Expertise/Familiarity with Hardware & Radio Security Testing:- UART, Wi-Fi testing, MQTT testing, Radio testing, JTAG etc.

Required Qualifications:

• Bachelor’s in Software/Electronics Engineering or equivalent degree.

• 2-7 years of hands-on experience in Vulnerability and Penetration Testing using tools like Kali, Nessus, Burpsuite, Qualys etc.

• Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python.

Preferred Qualifications:

• Understanding of Cloud based environments like Azure and AWS.

• At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.

• Must be flexible, independent and self-motivated.

• Excellent communication and interpersonal skills.

• Good to have: Prior work experience in medical devices.