Role Definition
| Field | Value |
|---|---|
| Job Title | IoT Security Specialist |
| Seniority Level | Mid-Level (3-7 years) |
| Primary Function | Secures Internet of Things (IoT) and Operational Technology (OT) environments by assessing firmware vulnerabilities, designing zero-trust architectures for embedded devices, conducting penetration testing of smart devices, and monitoring OT/IoT networks for threats. Works across manufacturing, healthcare, energy, and smart building sectors. |
| What This Role Is NOT | NOT a general penetration tester (IoT/OT specialism, not web/network pen testing). NOT a network security engineer (embedded device and firmware focus). NOT an IT security analyst (OT convergence expertise, physical-cyber boundary). |
| Typical Experience | 3-7 years. Background in embedded systems, networking, or cybersecurity. Certifications: GICSP, OSCP, or vendor-specific (Claroty, Nozomi). ETSI EN 303 645 / IEC 62443 knowledge. |
Seniority note: Junior IoT security analysts focused on monitoring would score lower (Yellow range) due to higher automation of alert triage. Senior IoT security architects score higher Green.
Protective Principles + AI Growth Correlation
| Principle | Score (0-3) | Rationale |
|---|---|---|
| Embodied Physicality | 0 | Primarily digital/lab work. Some physical lab testing of embedded devices but structured environment. |
| Deep Interpersonal Connection | 0 | Technical work with minimal human-relationship dependency. |
| Goal-Setting & Moral Judgment | 1 | Some judgment on risk prioritisation and disclosure decisions, but primarily technical execution. |
| Protective Total | 1/9 | |
| AI Growth Correlation | 2 | More AI = more IoT devices = exponentially larger attack surface. AI drives both the threat (AI-powered attacks on IoT) and the defence need. This role exists BECAUSE of AI/connected-device growth. |
Quick screen result: Protective 1/9 but Correlation +2 — Likely Green (Accelerated). Confirm with task analysis and evidence.
Task Decomposition (Agentic AI Scoring)
| Task | Time % | Score (1-5) | Weighted | Aug/Disp | Rationale |
|---|---|---|---|---|---|
| Firmware vulnerability assessment & embedded device security | 25% | 3 | 0.75 | AUGMENTATION | AI tools scan firmware for known CVEs and patterns, but zero-day discovery in proprietary embedded systems requires human reverse engineering, protocol analysis, and creative exploitation of hardware. |
| OT/IoT network security monitoring & threat detection | 20% | 3 | 0.60 | AUGMENTATION | AIOps platforms (Claroty, Nozomi, Dragos) detect anomalies, but human analysts investigate alerts in unique OT environments — understanding process physics, distinguishing operational changes from attacks. |
| Security architecture & design for IoT systems | 20% | 2 | 0.40 | AUGMENTATION | Designing zero-trust for heterogeneous IoT deployments (medical devices, SCADA, building management) requires understanding physical process constraints that AI cannot contextualise. Human owns architecture decisions. |
| Penetration testing of IoT/smart devices | 15% | 3 | 0.45 | AUGMENTATION | AI assists with reconnaissance and vulnerability scanning, but exploiting physical-layer attacks (JTAG, UART, side-channel), protocol fuzzing, and chaining multi-system vulnerabilities requires human creativity. |
| Incident response for IoT/OT compromises | 10% | 2 | 0.20 | AUGMENTATION | OT incident response requires understanding physical safety implications — shutting down a compromised PLC could cause explosions or equipment damage. Human judgment non-negotiable. |
| Compliance & standards (NIST, ETSI, EU CRA) | 10% | 3 | 0.30 | AUGMENTATION | AI gathers compliance evidence and maps controls, but interpreting EU Cyber Resilience Act requirements for novel IoT deployments requires human judgment on scope and applicability. |
| Total | 100% | 2.70 |
Task Resistance Score: 6.00 - 2.70 = 3.30/5.0
Displacement/Augmentation split: 0% displacement, 100% augmentation, 0% not involved.
Reinstatement check (Acemoglu): AI creates significant new tasks — securing AI systems themselves within IoT environments, auditing ML models in edge devices, assessing adversarial ML risks in sensor networks. The attack surface grows recursively.
Evidence Score
| Dimension | Score (-2 to 2) | Evidence |
|---|---|---|
| Job Posting Trends | +2 | IoT security roles growing >20% YoY. 5 billion 5G IoT connections projected. Cybersecurity workforce gap of 4.8 million globally (ISC2 2025). IoT specialisation commands premium. |
| Company Actions | +1 | Claroty, Nozomi Networks, Dragos all expanding. Manufacturing and healthcare sectors creating dedicated OT/IoT security teams. No headcount reductions. |
| Wage Trends | +1 | IoT security specialist salaries $110-160K (US), premium over general cybersecurity. Growing faster than market. |
| AI Tool Maturity | 0 | AI tools (Claroty xDome, Nozomi Vantage) handle detection well but cannot replace human analysis of novel OT attacks, firmware reverse engineering, or physical-layer testing. Mixed picture: AI augments heavily but creates equal new work. Anthropic exposure: 48.59% for Information Security Analysts — high exposure but predominantly augmented. |
| Expert Consensus | +1 | ENISA, NIST, and industry analysts agree: IoT security demand accelerating. EU Cyber Resilience Act (2024) mandates product security throughout lifecycle, creating regulatory demand. |
| Total | 5 |
Barrier Assessment
Reframed question: What prevents AI execution even when programmatically possible?
| Barrier | Score (0-2) | Rationale |
|---|---|---|
| Regulatory/Licensing | 1 | No mandatory licensing, but GICSP/IEC 62443 certifications increasingly expected. EU CRA creates compliance demand. |
| Physical Presence | 1 | Some lab work with physical devices (JTAG probing, hardware analysis), but much work is remote. |
| Union/Collective Bargaining | 0 | Tech sector, no union representation. |
| Liability/Accountability | 1 | OT security failures can have physical safety consequences (plant explosions, medical device malfunction). Accountability rising with regulation. |
| Cultural/Ethical | 0 | Industry actively embracing AI security tools. No cultural barrier to AI in this space. |
| Total | 3/10 |
AI Growth Correlation Check
Confirmed at +2. This role has the recursive property: more AI means more IoT devices, which means larger attack surfaces, which means more IoT security work. AI drives both the threat landscape and the defence requirement. The EU Cyber Resilience Act creates additional regulatory demand. Classic Accelerated Green.
JobZone Composite Score (AIJRI)
| Input | Value |
|---|---|
| Task Resistance Score | 3.30/5.0 |
| Evidence Modifier | 1.0 + (5 × 0.04) = 1.20 |
| Barrier Modifier | 1.0 + (3 × 0.02) = 1.06 |
| Growth Modifier | 1.0 + (2 × 0.05) = 1.10 |
Raw: 3.30 × 1.20 × 1.06 × 1.10 = 4.6174
JobZone Score: (4.6174 - 0.54) / 7.93 × 100 = 51.4/100
Zone: GREEN (Green >= 48, Yellow 25-47, Red <25)
Sub-Label Determination
| Metric | Value |
|---|---|
| % of task time scoring 3+ | 70% |
| AI Growth Correlation | 2 |
| Sub-label | Green (Accelerated) — Growth Correlation = 2 AND JobZone Score >= 48 |
Assessor override: None — formula score accepted.
Assessor Commentary
Score vs Reality Check
GREEN (Accelerated) at 51.4 is the honest classification. The score sits near the Green/Yellow boundary (48), which reflects reality: task resistance is moderate (3.30) because AI heavily augments every task. What keeps the role Green is the growth modifier (+2) and evidence (+5). The borderline position is appropriate — this is a Green role that requires constant skill evolution, not a comfortable Green. Correctly calibrated below AI Security Engineer (79.3) and above Detection Engineer (Yellow range).
What the Numbers Don't Capture
- Attack surface expansion — 5 billion 5G IoT connections by 2026-2027 creates exponential demand growth that evidence scores alone cannot fully capture. The growth trajectory is steeper than current data suggests.
- Regulatory demand wave — EU Cyber Resilience Act enforcement begins 2026-2027, creating compliance demand for IoT security expertise across every connected product manufacturer in Europe.
Who Should Worry (and Who Shouldn't)
IoT security specialists with hands-on firmware analysis, OT protocol expertise (Modbus, BACnet, PROFINET), and physical-layer testing skills are strongly protected — this niche expertise is rare and growing in demand. Specialists who primarily configure and monitor vendor security platforms (Claroty, Nozomi) without deeper technical skills face gradual commoditisation as those platforms become more autonomous. The single biggest differentiator is whether you can find vulnerabilities in devices no one has tested before, or whether you run vendor tools others could also run.
What This Means
The role in 2028: IoT security specialists will work with AI-powered security platforms for continuous monitoring but focus human effort on zero-day research, physical-layer assessments, and securing AI-at-the-edge deployments. The EU CRA will have created a compliance market. OT/IT convergence will make this specialism essential in manufacturing, healthcare, and critical infrastructure.
Survival strategy:
- Deepen firmware reverse engineering and hardware security skills (JTAG, UART, side-channel analysis) — this is the least automatable expertise.
- Obtain IEC 62443 / EU CRA compliance certifications as regulatory demand accelerates.
- Build OT-sector specialisation (energy, healthcare, manufacturing) where domain knowledge of physical processes provides irreplaceable context.
Timeline: 5+ years as Green (Accelerated). Demand trajectory is exponential. Re-assessment recommended at 3 years as AI security tooling matures.
