We are looking for an Associate Application Security Engineer to join our Application Security Team; which provides intelligence on hacking of M-KOPA devices that in turn helps us strengthen and expand the digital and financial inclusion of our customers.

As an Engineer, you will be providing support and testing M-KOPA devices for security flaws, particularly mobile phones. Physically performing hardware vulnerability reviews of M-KOPA mobiles, IoT and automotive devices, writing custom Proof-of-Concept code and carrying out internal penetration testing against applications and assisting with internal red teaming engagements.

Overview

This role would involve learning and conducting in-depth hardware penetration testing, particularly for Android mobile, iOS, and embedded systems.

Additionally, you would be assisting in the identification and discovery of hardware zero-day vulnerabilities in a range of mobile devices, applications, and the underlying kernels through hardware fuzzing, software fuzzing, and low-level reverse engineering.

Expertise

Our expectation is that you have fundamental knowledge of Android applications, IoT devices and hardware hacking, with proper understanding of firmware architectures, mobile operating systems and low-level memory interfaces such a JTAG, UFS and eMMC.

If you have experience with penetration testing / red teaming engagements, with an excellent knowledge of the Linux OS, kernel, virtualization technologies and can use a multitude of tools, from logical analyzers and oscilloscopes, to soldering irons and custom boards to access low level microprocessors and exploit challenging systems, then this might just be the role for you.

We are particularly interested in a background / experience with hardware hacking, phone hacking or phone security.

Why M-KOPA

We are a diverse and inclusive company that empowers our people to own their careers through diverse development programs, coaching partnerships, and on-the-job training. We support individual journeys with family-friendly policies, prioritize well-being, and embrace flexibility.

This role is fully remote, within the following time zone (UTC -1 / UTC+3). Our engineers work remotely from locations such as the UK, Europe and Africa. You will be reporting to the Senior Application Security Engineer and working with a diverse team from across the globe.

If the above is of interest to you, please apply and join us in shaping the future of M-KOPA as we grow together. Explore more at m-kopa.com.

Recognized twice by the Financial Times as one Africa's fastest growing company (2022 and 2023) and by TIME100 Most influential companies in the world 2023 , we've served over 3 million customers, unlocking $1 billion in cumulative credit for the unbanked across Africa.