Offensive Security Engineer, Product Security
Job Summary
Job Description
Zoox is looking for an experienced Offensive Security Engineer specializing in IoT devices, robots, or autonomous systems. This role involves conducting security assessments across the entire stack of connected devices, from firmware to cloud APIs. You will act as a simulated adversary, identifying vulnerabilities and providing insights to enhance product security. Responsibilities include offensive security assessments of IoT devices (hardware, firmware, mobile apps, APIs, cloud backends, communication protocols), firmware reverse engineering, static/dynamic analysis, exploiting embedded system vulnerabilities, building proof-of-concept attacks, collaborating with engineering teams on secure development, contributing to tooling and automation, participating in threat modeling, and staying updated on emerging IoT security threats.
Must have:
- 5+ years of offensive security/penetration testing experience
- At least 2 years focused on IoT/embedded systems
- Strong hardware hacking skills (JTAG, SWD, UART)
- Proficiency in reverse engineering tools (Ghidra, IDA Pro)
- Firmware analysis and modification experience
- Understanding of embedded security technologies
- Knowledge of wireless protocols (BLE, Zigbee, Wi-Fi)
- Programming skills in Python, C/C++, or Bash
- Understanding of common vulnerabilities
Good to have:
- Secure SDLC experience in embedded/hardware
- Cloud security and mobile app security testing knowledge
- Contributions to open-source security tools
- Published security research or advisories
Perks:
- Comprehensive benefits package
- Paid time off (sick leave, vacation, bereavement)
- Unpaid time off
- Zoox Stock Appreciation Rights
- Amazon Restricted Stock Units (RSUs)
- Health insurance
- Long-term care insurance
- Long-term and short-term disability insurance
- Life insurance
- Sign-on bonus may be offered
10 skills required
Job Details
Zoox is seeking an experienced Offensive Security Engineer with deep technical expertise in reviewing and testing Internet of Things (IoT) devices, robots, or autonomous systems. This individual will be responsible for performing security assessments across the full stack of connected devices, from embedded firmware to cloud APIs. You will simulate real-world adversaries, identify vulnerabilities, and provide technical insights that directly impact the security posture of our products.
Key Responsibilities Include:
- Conduct offensive security assessments of IoT devices, including hardware, firmware, mobile apps, APIs, cloud backends, and communication protocols.
- Reverse engineer firmware and perform static and dynamic analysis to identify security flaws.
- Identify and exploit vulnerabilities in embedded systems, wireless protocols, bootloaders, secure boot implementations, and cryptographic mechanisms.
- Build and execute proof-of-concept attacks to demonstrate real-world exploitability and business impact.
- Collaborate with product, hardware, and software engineering teams to define secure development practices and improve product resilience.
- Contribute to internal tooling, automation, and methodologies for IoT security testing.
- Participate in threat modeling and architecture reviews of new products and features.
- Stay up to date with emerging vulnerabilities, tools, and offensive research relevant to IoT ecosystems.
The ideal candidate has deep expertise in security engineering, cryptography, network security, and secure system design, with a proactive approach to securing complex platforms.
Qualifications
- 5+ years of hands-on experience in offensive security or penetration testing, with at least 2 years focused on IoT and embedded systems.
- Strong knowledge of hardware hacking techniques (e.g., JTAG/SWD/UART debugging, side-channel analysis, fault injection).
- Proficient in reverse engineering tools such as Ghidra, IDA Pro, Binary Ninja, and debugging tools like JTAGulator, OpenOCD, or Bus Pirate.
- Experience analyzing and modifying firmware images (binwalk, Firmadyne, QEMU).
- Familiarity with secure boot, TPM/TEE, flash encryption, and other embedded security technologies.
- Deep understanding of wireless communication protocols (e.g., BLE, Zigbee, LoRa, Wi-Fi).
- Programming and scripting proficiency in Python, C/C++, Bash, or similar languages.
- Solid understanding of common vulnerabilities (e.g., memory corruption, logic flaws, insecure update mechanisms).
Bonus Qualifications
- Experience with secure SDLC in embedded or hardware environments.
- Knowledge of cloud security and mobile application security testing.
- Contributions to open-source security tools or published research in IoT security.
- Experience presenting technical research at security conferences or publishing security advisories, CVEs, or whitepapers.
$169,000 - $230,000 a year
Base Salary Range
There are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights. A sign-on bonus may be offered as part of the compensation package. The listed range applies only to the base salary. Compensation will vary based on geographic location and level. Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate's relevant years of experience, domain knowledge, and interview performance. The salary range listed in this posting is representative of the range of levels Zoox is considering for this position.
Zoox also offers a comprehensive package of benefits, including paid time off (e.g. sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.
Similar Jobs
Daybreak Game Company LLC
San Diego, California, United States (Remote)
• 8 Months ago
NVIDIA
Shanghai, Shanghai, China (On-Site)
• 6 Months ago
%2520(1).png&w=256&q=50)
Co Active Systems
San Jose, California, United States (Hybrid)
• 2 Days ago
Scopely
Barcelona, Catalonia, Spain (Hybrid)
• 4 Months ago
Get notifed when new similar jobs are uploaded
Similar Skill Jobs
Luxoft
Abu Dhabi, Abu Dhabi, United Arab Emirates (On-Site)
• 7 Months ago
Qualcomm
Bengaluru, Karnataka, India (On-Site)
• 1 Month ago
Intel
Phoenix, Arizona, United States (On-Site)
• 1 Month ago
Advanced Systems Group, LLC
San Francisco, California, United States (On-Site)
• 1 Month ago
Ethos Life
Bengaluru, Karnataka, India (On-Site)
• 2 Weeks ago
Get notifed when new similar jobs are uploaded
Jobs in Foster City, California, United States
Amazon games
San Diego, California, United States (On-Site)
• 6 Months ago
Stacklok
Bellevue, Washington, United States (Hybrid)
• 2 Weeks ago
Get notifed when new similar jobs are uploaded
Product Management Jobs
Apple
Sunnyvale, California, United States (On-Site)
• 1 Month ago
Apple
Sunnyvale, California, United States (On-Site)
• 2 Months ago
dun bradstreet
London, England, United Kingdom (Hybrid)
• 1 Month ago
Interface AI
San Jose, California, United States (On-Site)
• 2 Months ago
Threat connect
United States (Remote)
• 4 Months ago
Get notifed when new similar jobs are uploaded
About The Company
Zoox is transforming mobility-as-a-service by developing a fully autonomous, purpose-built fleet designed for AI to drive and humans to enjoy.
Get notified when new jobs are added by zoox
