M-KOPA is a fast-growing FinTech company offering millions of underbanked customers across Africa access to life-enhancing products and services. From our roots as the pioneer in pay-as-you-go “PayGo’” solar energy for off grid homes, we have grown into one of the most advanced connected asset financing platforms in the world, empowering a broad range of customers to achieve progress in their lives.

We are recruiting to fill the position below:

Job Title: Associate Application Security Engineer

Location: Lagos
Job type: Full time
Department: Technology, Security

Job Description

• We are looking for an Associate Application Security Engineer to join our Application Security Team; which provides intelligence on hacking of M-KOPA devices that in turn helps us strengthen and expand the digital and financial inclusion of our customers.
• As an Engineer, you will be providing support and testing M-KOPA devices for security flaws, particularly mobile phones. Physically performing hardware vulnerability reviews of M-KOPA mobiles, IoT and automotive devices, writing custom Proof-of-Concept code and carrying out internal penetration testing against applications and assisting with internal red teaming engagements.

Overview

• This role would involve learning and conducting in-depth hardware penetration testing, particularly for Android mobile, iOS, and embedded systems.
• Additionally, you would be assisting in the identification and discovery of hardware zero-day vulnerabilities in a range of mobile devices, applications, and the underlying kernels through hardware fuzzing, software fuzzing, and low-level reverse engineering.

Expertise

• Our expectation is that you have fundamental knowledge of Android applications, IoT devices and hardware hacking, with proper understanding of firmware architectures, mobile operating systems and low-level memory interfaces such a JTAG, UFS and eMMC.
• If you have experience with penetration testing / red teaming engagements, with an excellent knowledge of the Linux OS, kernel, virtualization technologies and can use a multitude of tools, from logical analyzers and oscilloscopes, to soldering irons and custom boards to access low level microprocessors and exploit challenging systems, then this might just be the role for you.
• We are particularly interested in a background / experience with hardware hacking, phone hacking or phone security.

Additional Information:

• This role is fully remote, within the following time zone (UTC -1 / UTC+3). Our engineers work remotely from locations such as the UK, Europe and Africa.
• You will be reporting to the Senior Application Security Engineer and working with a diverse team from across the globe.

Application Closing Date
Not Specified