Featured Company
Convoy Corporation

0 jobs
Offensive Security Engineer, Product Security
over 3 years

Zoox, Inc. Foster City, CA

Part-Time Assistant Manager - Level 2
over 3 years

Box Lunch Altoona, PA

Forward Deployed Software Engineer
over 3 years

Palantir Technologies Inc Vilnius, Lithuania

Part-Time Assistant Manager - Level 2
over 3 years

Box Lunch Wauwatosa, WI

Sales Associate
over 3 years

Box Lunch Garland, TX

Part-Time Assistant Manager - Level 1
over 3 years

Box Lunch Garland, TX

Partnership Coordinator - Italian Market
over 3 years

Prozis Maia, Portugal

Senior Product Manager (Bangkok-based)
almost 4 years

Agoda Bangkok, Thailand

Senior Android Developer
almost 4 years

Lalamove Hong Kong, Hong Kong

Category Intelligence & Planning Professionals - NonFashion Category
almost 4 years

Trendyol Group Istanbul / Maslak

Senior DFT Engineer (copy)
almost 4 years

Omni Design Technologies, Inc. Milpitas, CA

FP&A Specialist
almost 4 years

INSIDER. İstanbul, Turkey

Sales Associate (Part-Time)
almost 4 years

Reiss Ltd Gatwick, GB

Sales Associate (Full-Time)
almost 4 years

Reiss Ltd Gatwick, GB

Corporate Sales Associate (SG)
almost 4 years

Lalamove Singapore, Singapore

Part-Time Assistant Manager - Level 2
almost 4 years

Box Lunch Morgantown, WV

Growth, CRM Analyst
almost 4 years

Trendyol Group Istanbul / Maslak

Customer Success Manager (SaaS)
almost 4 years

Zymewire Toronto, Canada

Production Team Member
almost 4 years

Blue Bottle Coffee Company Sacramento, CA

*Scout Search Quality Rater - English (located in India)
almost 4 years

Welocalize New Delhi, India

Offensive Security Engineer, Product Security

See more jobs from Zoox, Inc.

over 3 years old

Apply Now
Zoox is seeking an experienced Offensive Security Engineer with deep technical expertise in reviewing and testing Internet of Things (IoT) devices, robots, or autonomous systems. This individual will be responsible for performing security assessments across the full stack of connected devices, from embedded firmware to cloud APIs. You will simulate real-world adversaries, identify vulnerabilities, and provide technical insights that directly impact the security posture of our products.

Key Responsibilities Include:

  • Conduct offensive security assessments of IoT devices, including hardware, firmware, mobile apps, APIs, cloud backends, and communication protocols.
  • Reverse engineer firmware and perform static and dynamic analysis to identify security flaws.
  • Identify and exploit vulnerabilities in embedded systems, wireless protocols, bootloaders, secure boot implementations, and cryptographic mechanisms.
  • Build and execute proof-of-concept attacks to demonstrate real-world exploitability and business impact.
  • Collaborate with product, hardware, and software engineering teams to define secure development practices and improve product resilience.
  • Contribute to internal tooling, automation, and methodologies for IoT security testing.
  • Participate in threat modeling and architecture reviews of new products and features.
  • Stay up to date with emerging vulnerabilities, tools, and offensive research relevant to IoT ecosystems.

    • The ideal candidate has deep expertise in security engineering, cryptography, network security, and secure system design, with a proactive approach to securing complex platforms.

    Qualifications

  • 5+ years of hands-on experience in offensive security or penetration testing, with at least 2 years focused on IoT and embedded systems.
  • Strong knowledge of hardware hacking techniques (e.g., JTAG/SWD/UART debugging, side-channel analysis, fault injection).
  • Proficient in reverse engineering tools such as Ghidra, IDA Pro, Binary Ninja, and debugging tools like JTAGulator, OpenOCD, or Bus Pirate.
  • Experience analyzing and modifying firmware images (binwalk, Firmadyne, QEMU).
  • Familiarity with secure boot, TPM/TEE, flash encryption, and other embedded security technologies.
  • Deep understanding of wireless communication protocols (e.g., BLE, Zigbee, LoRa, Wi-Fi).
  • Programming and scripting proficiency in Python, C/C++, Bash, or similar languages.
  • Solid understanding of common vulnerabilities (e.g., memory corruption, logic flaws, insecure update mechanisms).

    • Bonus Qualifications

  • Experience with secure SDLC in embedded or hardware environments.
  • Knowledge of cloud security and mobile application security testing.
  • Contributions to open-source security tools or published research in IoT security.
  • Experience presenting technical research at security conferences or publishing security advisories, CVEs, or whitepapers.
    • About Zoox
    Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.


    Accommodations
    If you need an accommodation to participate in the application or interview process please reach out to [email protected] or your assigned recruiter.

    A Final Note:
    You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.
    Apply Now