Penetration Tester

About Camlin

Camlin is a global technology leader that operates with the vision of bringing revolutionary products to life for a wide range of industries, including power and rail, and also has interests in a number of R&D projects in a variety of scientific sectors.

At Camlin we believe in high quality engineering and design, allowing us to develop market leading products and services. In short, we love creating value for our customers by solving difficult problems. As of now, Camlin operates in over 20 countries worldwide.🌐

About the Role
As a Penetration Tester (SaaS and IoT) at Camlin, you will be a key person in the defence of our IoT and SaaS ecosystem. This is a hybrid offensive and defensive role where you will secure everything from "IoT to Cloud." You will partner with Engineering, QA, and DevSecOps to validate security is built into the release process.   

We are looking for a technical expert who is pro-active in identifying exploitable vulnerabilities with the ability to collaborate and communicate with stakeholders to provide a satisfactory resolution. 

Key Responsibilities 

SaaS Security Testing 

• Web & API Penetration Testing: Conduct manual and automated testing of SaaS platforms and backend APIs against the OWASP Top 10 and API Security Top 10. 

• Cloud Infrastructure Review: Assess AWS/Azure environments for misconfigurations, IAM over-privileging, and container security vulnerabilities. 

• Vulnerability Management: Simulate real-world cyberattacks to identify weaknesses in SaaS infrastructures before exploitation. 

Advanced IoT & Device Security Testing 

• Linux OS - CIS Benchmark Validation 

• Platform Level – Embedded Web-applications 

• Device Interface Testing: USB, Ethernet, Serial (UART/RS232/RS485). 

• Radio Frequency (RF) & Wireless Security: Standard Comms Protocols e.g. WiFi, Bluetooth. 

• Cryptographic Verification: Ensuring latest cryptographic protocols and secure configuration. 

• Compliance Alignment: Validate products against international standards including IEC 62443-4-1/4-2, the EU Cyber Resiliency Act (CRA), and the Radio Equipment Directive (RED). 

Secure SDLC Integration & Red Teaming 

• Design & Architecture: Collaborate with Product and Engineering teams to embed security controls during the design phase, providing expert guidance on secure architecture. 

• Automated Testing: Collaborate on SAST, DAST, and SCA tools (e.g., Snyk, Checkmarx, Burp Suite) within CI/CD pipelines. 

• Remediation Support: Document findings in clear technical reports and provide developers with actionable code-level recommendations. 

• RED Teaming 

Documentation & Reporting 

• Create, update, and maintain tickets related to security findings and testing outcomes. 

• Produce clear technical documentation, including assessment reports, remediation guidance, and architectural security recommendations. 

Essential Requirements 

• 4+ years in a technical security role (Penetration Tester, AppSec Engineer, or Security-focused Developer). 

• Proven expertise in testing both hardware/firmware (IoT) and web-based platforms (SaaS). 

• Scripting Proficiency: Ability to automate tasks using Python, Bash, or similar. 

• Tooling Mastery: Expertise with Burp Suite, Metasploit, Nmap, and hardware-specific tools (Ghidra, Frida, Objection). 

• Certifications: OSCP, CREST (CRT/CCT), or GPEN (highly regarded). 

Nice to have but not essential

• Deep understanding of Linux (Yocto)/Windows internals and modern application architectures. 

• Experience with peripheral standards (I2C, SPI, PCI, PCIe, RS422, RS485, RS232, SATA, PATA, MMC 

• Familiarity with Agile methodologies and DevSecOps practices. 

• Working knowledge of security standards (OWASP, NIST, ISO 27001). 

• AWS Security Toolchain. 

Our Values

• We work together
• We believe in people
• We won’t accept the ‘way it has always been done’
• We listen to learn
• We’re trying to do the right thing

Equal Employment Opportunity Statement

Individuals seeking employment at Camlin are considered without regards to race, colour, religion, national origin, age, sex, marital states, ancestry, physical or mental disability, gender identity or sexual orientation.