Senior Security Consultant – Hardware and Embedded Security

Senior Security Consultant – Hardware and Embedded Security

Location: Waterloo, Canada - remote (with occasional travel to client sites)

Thank you for checking put our new role. We’re excited that YOU are interested in joining us!

We’re NCC Group, and we eat, drink, and breathe security. We're a global leader in security consulting with a passion for cutting-edge research and technical excellence. Our culture is built on collaboration, continuous learning, and a commitment to delivering high-quality results. At NCC Group, we don’t just want to find vulnerabilities, we want to build the future of security – and this is where you come in!

We’re looking for an experienced Security Engineer or Researcher to join our Hardware and Embedded Security consulting practice.

What you’ll do:

As a Senior Security Consultant, you’ll be the technical lead on complex projects, driving security assessments and providing expert advice to clients. Your main responsibilities will include:

• Conducting in-depth penetration testing, code reviews, and security analysis.
• Leading research and reverse engineering efforts on emerging technologies and attacks.
• Guiding clients through secure design practices such as threat modelling and attack surface enumeration.
• Mentoring junior team members and contributing to internal tools and research initiatives.
• Working on diverse projects, often remotely, but with travel to client sites when needed.

About you:
To be successful in this role, you should have

• Solid experience in software or hardware security
• In-depth technical expertise in driver code auditing, bootloaders, secure boot, and embedded system architectures
• Proficiency in C/C++ for security-focused code review
• A solid understanding of firmware reverse engineering and security analysis
• Strong communication skills – you’ll need to explain complex vulnerabilities to clients in clear terms
• A willingness to travel when required, but we ensure that travel is manageable and balanced with remote work
• A Bachelor’s degree in Computer Science, Engineering, or a related field is desirable.

Additionally, it is highly beneficial if you have experience with any of the following:

• Cryptography knowledge
• Black-box reverse engineering
• Familiarity with UEFI platform firmware, ARM/x86 architectures, and secure boot architectures
• Experience with SDR, wireless protocols (Bluetooth, Wi-Fi, ZigBee, etc.), or storage controllers like NVMe, SATA, and eMMC.

Why Join Us?

• Flexible working: mostly remote with minimal travel
• A competitive pay package
• Cutting-edge research: we support your research goals and provide time for you to contribute to the security community
• Training and development, and access to internal resources to broaden your skills
• Culture: a casual and inclusive environment with social events and outings.

Sound like your next opportunity? Apply and let’s talk! Here in the Talent Acquisition Team we are keen to speak with seasoned Security Consultants with passion for innovation and a desire to make a true difference for the future.

About your application:

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023.pdf (nccgroupplc.com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.

Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.