Offensive Security Engineer, Device

About the Company:

World is a network of real humans, built on privacy-preserving proof-of-human technology, and powered by a globally inclusive financial network that enables the free flow of digital assets for all. It is built to connect, empower, and be owned by everyone.

Join the Device Security Team – Pioneering the Future of Secure Technology

Are you ready to redefine the boundaries of device security? The Device Security Team at TFH is a tight-knit group of industry-leading security experts and hackers, united by a shared passion for innovation and our bold mission. This team is at the forefront of safeguarding every aspect of device security across its entire lifecycle—from manufacturing to decommissioning—and across all layers, from hardware and firmware to the software stack.

Our work goes beyond traditional assessments; we invent. From crafting groundbreaking security solutions for provisioning devices in hostile factory environments to developing advanced attestation mechanisms, we set new standards in transparency, decentralization, and innovation. Each feature we build reflects our commitment to creating industry-first technologies with meaningful global impact.

Here, you’ll tackle extraordinary challenges you won’t find anywhere else, working on projects that push the limits of what’s possible in device security. If you're driven by curiosity, motivated by impact, and excited to collaborate with some of the brightest minds in the field, this is the team for you. Be part of a journey that’s as ambitious as it is rewarding. Let’s build the future of secure technology together.

About the Role: 

Are you passionate about identifying vulnerabilities, simulating attacks, and improving the security of devices? Join our Device Security Team as an Offensive Security Engineer to protect cutting-edge technologies and help us stay ahead of evolving threats.  As part of this team, you will collaborate with security experts and developers to proactively identify vulnerabilities and implement robust security measures for device protection. Your expertise will shape the design and development of secure systems while pushing the boundaries of offensive security practices.

Key Responsibilities:

• Perform vulnerability assessments, penetration testing, or red team exercises to evaluate the security of devices and systems.
• Simulate advanced attacks against hardware, firmware, and software to identify weaknesses and areas of improvement.
• Develop proof-of-concept exploits to demonstrate the impact of discovered vulnerabilities.
• Collaborate with engineering teams to review designs, code, and system configurations for potential security flaws, then provide actionable recommendations to mitigate risks and improve security defenses.
• Manage 3rd party security auditing exercises or bug bounty program 
• Research emerging threats, techniques, and tools to ensure our device security capabilities remain at the cutting edge.

About You:

• 5+ years of experience in offensive security roles, such as penetration testing, vulnerability research, or red teaming, with a focus on embedded systems or devices.
• Strong understanding of hardware security concepts, including secure boot, JTAG/SWD, on-device tamper detection and response, and SoC architectures.
• Experience with reverse engineering tools such as IDA Pro, Ghidra, or Radare2, and debugging tools like GDB or common offensive security tools (e.g., Metasploit, Burp Suite, Kali Linux, or custom tooling).
• Expertise in Linux security, including secure configurations, kernel hardening, and system monitoring tools, OP-TEE, Android security frameworks
• In-depth knowledge of secure coding practices, cryptographic principles, and attack mitigation strategies.
• Proven track record of identifying and exploiting vulnerabilities in embedded systems, firmware, or IoT devices.

We know that no one checks every box, so if you’re excited about this role but don’t meet all the criteria below, we encourage you to apply. We’re looking for passionate individuals eager to contribute and grow with our team. If you’re energized by working at the intersection of innovation and security, we’d love to hear from you!

Nice-to-Have Skills:

• Experience with hardware hacking techniques, such as PCB analysis, chip-off attacks, or side-channel attacks

What we offer:

• An open and collaborative office space in downtown SF 
• Unlimited PTO  
• Monthly Phone Reimbursement or a company device
• Daily DoorDash credit for in-office meals 
• Top-tier medical, dental, vision insurance 
• 401k + employer match program 

The reasonably estimated salary for this role at TFH in San Francisco ranges from $280,000 - $320,000, plus a competitive long term incentive package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, TFH offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, vision and mental health benefits, a 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend and much more!