Penetration Tester (IoT)

TL;DR

Penetration Tester (IoT): Securing IoT and SaaS ecosystems, from IoT devices to cloud infrastructure with an accent on identifying exploitable vulnerabilities and collaborating with stakeholders. Focus on validating security in the release process, conducting web and API penetration testing, and ensuring compliance with international standards.

Location: Must be based in Lisburn, United Kingdom

Company

hirify.global is a global technology leader bringing revolutionary products to life for a wide range of industries, including power and rail, and also has interests in a number of R&D projects in a variety of scientific sectors.

What you will do

• Conduct manual and automated testing of SaaS platforms and backend APIs against the OWASP Top 10 and API Security Top 10.
• Assess AWS/Azure environments for misconfigurations, IAM over-privileging, and container security vulnerabilities.
• Simulate real-world cyberattacks to identify weaknesses in SaaS infrastructures before exploitation.
• Validate products against international standards including IEC 62443-4-1/4-2, the EU Cyber Resiliency Act (CRA), and the Radio Equipment Directive (RED).
• Collaborate with Product and Engineering teams to embed security controls during the design phase, providing expert guidance on secure architecture.
• Document findings in clear technical reports and provide developers with actionable code-level recommendations.

Requirements

• 4+ years in a technical security role (Penetration Tester, AppSec Engineer, or Security-focused Developer).
• Proven expertise in testing both hardware/firmware (IoT) and web-based platforms (SaaS).
• Ability to automate tasks using Python, Bash, or similar.
• Expertise with Burp Suite, Metasploit, Nmap, and hardware-specific tools (Ghidra, Frida, Objection).
• OSCP, CREST (CRT/CCT), or GPEN (highly regarded).

Nice to have

• Deep understanding of Linux (Yocto)/Windows internals and modern application architectures.
• Experience with peripheral standards (I2C, SPI, PCI, PCIe, RS422, RS485, RS232, SATA, PATA, MMC
• Familiarity with Agile methodologies and DevSecOps practices.
• Working knowledge of security standards (OWASP, NIST, ISO 27001).
• AWS Security Toolchain.

Culture & Benefits

• We work together
• We believe in people
• We won’t accept the ‘way it has always been done’
• We listen to learn
• We’re trying to do the right thing