At Finite State, our mission is to protect the devices that power our modern lives by illuminating the vulnerabilities and threats within their complex software supply chains. We do this by leveraging massive data analysis to provide transparency to device manufacturers and their customers - enabling them to understand and mitigate their risks before they are compromised. We are seeking a Firmware Vulnerability Analyst to help us in that mission by identifying known and 0-day vulnerabilities in these critical devices at a scale that’s never been done before. If you are an experienced self-starter who enjoys working in a fast-paced, collaborative environment, then we want to talk to you! This position is fully remote.
Primary responsibilities for this position include:
- Lead the identification and understanding of OT/IIoT/IoT device & network security vulnerabilities and providing information and remediation guidance to customers and the R&D team
- Lead efforts to identify & prioritize security risks and build/identify tools to find risks in embedded devices (with a focus on OT and IIoT devices)
- Analyze common device firmware configurations, services, software applications, and protocols to discover known, new, and potential vulnerabilities
- Identify 0-day vulnerabilities in devices and work with vendors for responsible disclosure
- Create detailed technical reports and proof of concept code to document findings
- Stay on top of the vulnerability and threat landscape for embedded devices, OT networks, and their supply chains. Prepare guidance on counter-measures.
- Take advantage of opportunities to participate in working groups, customer meetings, proposal writing, and conferences
- Collaborate with marketing, product and sales on case studies related to device vulnerabilities and threats
Candidates at a minimum must have the following:
- Bachelor’s degree in Computer Science, Electrical Engineering, or related field and 5+ years of applicable experience identifying vulnerabilities.
- Proven experience working in or leading a vulnerability research or threat analysis team
- Strong experience in using SQL for complex queries and the ability to synthesize results
- Demonstrated understanding of common vulnerability & software weakness classes and other standard frameworks
- Familiarity with OWASP IoT Top 10 and relevant security vulnerability lists, sites, and bulletins
- Direct experience working closely with software engineers, researchers, and stakeholders
- Strong knowledge of embedded system architecture and development practices
- Experience with system configurations (e.g., Linux, Unix) and hardening best practices
- Experience with scripting languages, specifically Python and Bash
- Experience with firmware reverse engineering using Ghidra or IDA Pro
It’s highly preferred (but not required) that the candidate have experience with:
- Leading security and vulnerability management efforts in OT environments
- Working in a product security team
- ML-based models
- Threat Hunting
- Networking concepts and the OSI network stack
- AWS or similar cloud platform development
- Experience on small, fast-moving teams
- Strong attention-to-detail and high quality standards
- Demonstrated ability to propose solutions to diverse problems
- Strong communication and presentation skills
- Ability to adjust priorities quickly as circumstances dictate
- Ability to work independently and as part of a team
- Demonstrated initiative, follow-up, and follow through with commitments
About Finite State
Built on two decades of cybersecurity experience serving the Fortune 50 and the U.S. Intelligence Community, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.
Finite State gives cyber defenders a tactical advantage by identifying the devices running on the network and proactively analyzing firmware buried inside the IoT devices for hidden vulnerabilities. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.
At Finite State, we are dedicated to hiring a diverse workforce and are proud to be an equal opportunity employer. We offer competitive salary, equity, full benefits (medical, dental, vision, disability and life-insurance), 401k plan and unlimited PTO, because we believe it is important to unplug and recharge.
Come help us solve one of the biggest problems in cyber security!
Finite State is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Finite State prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Finite State conforms to the spirit as well as to the letter of all applicable laws and regulations.