The Impact You'll Make
Are you an offensive security expert with a passion for breaking embedded systems? Danfoss is seeking a talented and experienced Penetration Tester to join our Cybersecurity Team in Danfoss Power Solutions. If you're ready to deconstruct cutting-edge hardware, reverse-engineer firmware, and secure the devices that power modern industry, we want to hear from you
What You’ll Be Doing
As a Cybersecurity Penetration Tester, you will be at the forefront of our product security efforts. Your key responsibilities will include:
- Performing In-Depth Security Assessments: Conduct detailed penetration testing on our embedded devices and IoT products. This includes identifying and exploiting vulnerabilities across various attack surfaces, including CAN interfaces, UDS services (specifically Service 29), and JTAG interfaces.
- Hardware and Firmware Analysis: Perform hardware teardowns, reverse-engineer firmware, and analyze binaries to uncover deep-seated vulnerabilities in our products.
- Analyzing and Mitigating Vulnerabilities: Assess the security of cryptographic implementations like AES-128 and RSA-2k, evaluate secure boot mechanisms, and test certificate-based authentication solutions. Collaborate with our teams to develop and implement effective remediation strategies.
- Developing Comprehensive Reports: Create detailed reports outlining your findings, methodologies, and actionable recommendations for stakeholders.
- Collaborating with Cross-Functional Teams: Work closely with security analysts, solution architects, and embedded developers to enhance our security posture from the ground up.
- Simulating Real-World Attacks: Conduct physical security tests focused on device tampering, glitching, side-channel analysis, and other hardware-level attack scenarios.
What We're Looking For
We are looking for a highly motivated and skilled individual with the following qualifications:
- Education: A Bachelor’s degree in Computer Science, Electrical Engineering, Information Technology, or a related field. A Master’s degree is a plus.
- Experience: 2-4 years of hands-on experience in penetration testing, with a strong focus on embedded systems, IoT, or hardware security.
- Certifications: Industry certifications such as Offensive Security Certified Professional (OSCP) are highly desirable. Certifications focused on exploit development or hardware hacking (e.g., OSED, SANS SEC617) are a significant plus.
- Core Embedded Security Expertise:
- Deep understanding of embedded systems architecture and low-level hardware interfaces (JTAG, SWD, UART, SPI, I2C).
- Hands-on experience with automotive or industrial communication protocols, particularly CAN bus and UDS diagnostics.
- Strong knowledge of embedded security concepts, including Secure Boot, TrustZone/TEEs, and hardware-backed key storage.
- Practical experience testing cryptographic implementations (AES-128, RSA-2k) and certificate-based authentication schemes.
- Technical Skills & Tools:
- Proficiency in scripting and programming languages (Python, Bash, C/C++).
- Experience with embedded operating systems (e.g., Embedded Linux, RTOS like FreeRTOS, QNX).
- Familiarity with hardware and firmware analysis tools such as JTAG debuggers (J-Link), logic analyzers, bus sniffers (CANalyzer), Ghidra, IDA Pro, and firmware extraction tools.
What You'll Get from Us
- We promote from within and support your learning with mentoring, training, and access to global opportunities.
- You’ll have flexibility, autonomy, and support to do your best work while maintaining a healthy work-life balance. Your well-being matters to us.
- We strive to create an inclusive work environment where people of all backgrounds are respected, and valued for who they are.
- You’ll receive benefits like 13th salary, annual bonus, paid vacation, pension plans, personal insurance, and more. These vary by country and contract, but they’re worth asking about—we think they’re pretty great.
Ready to Make a Difference?
If this role excites you, we’d love to hear from you! Apply now to start the conversation and learn more about where your career can go with us.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or other protected category.