Product Security Engineer - Mobile

6d6 days ago

Sun King

KE · Full-time · KES 3,500,000 – KES 6,500,000

About this role

The role holder will identify security loopholes in various vendor smartphones and advise on security considerations. You will provide assistance and testing Sun King devices for security flaws, particularly mobile phones. Physically perform hardware vulnerability reviews of various mobiles, IoT and automotive devices, writing custom Proof-of-Concept code and carrying out internal penetration testing.

Perform offensive security assessments of hardware, firmware, embedded OS, and payment stacks on Sun King mobile devices. Reverse engineer firmware and perform static and dynamic analysis to identify security flaws. Identify and exploit vulnerabilities in embedded systems, bootloaders, MDMs, Android kernel, secure boot implementations, and cryptographic mechanisms.

Build and execute proof-of-concept attacks to demonstrate real-world exploitability and business impact. Collaborate with product, hardware, and software engineering teams to define secure development practices and improve product resilience. Participate in threat modelling and architecture reviews of new products and features.

Stay up to date with emerging vulnerabilities, tools, and offensive research relevant to smart phones financing ecosystems. Opportunity to grow as a professional in a dynamic, fast growing, high impact industry. Work in an open minded, collaborative culture with a truly multicultural experience and structured learning programs through the Greenlight Academy.

Requirements

Fundamental knowledge of Android security, Mobile Device Management, IoT device architectures, and hardware security testing/hacking
Knowledge of hardware hacking techniques (e.g., JTAG/SWD/UART debugging, side-channel evaluation, fault injection)
Hands on experience with Flash 64, Pandora, Easy JTag, Chimera, CM2 etc
Proficient in reverse engineering tools such as Ghidra, IDA Pro, Binary Ninja, and debugging tools like JTAGulator, OpenOCD, or Bus Pirate
Familiarity with secure boot, TPM/TEE, flash encryption, and other embedded security technologies
Programming and scripting proficiency in Python, C/C++, Bash, or similar languages
Experienced in evaluating and modifying firmware images (binwalk, Firmadyne, QEMU)
Solid comprehension of common vulnerabilities (e.g., memory corruption, design flaws, insecure update mechanisms)

Responsibilities

Perform offensive security assessments of hardware, firmware, embedded OS, and payment stacks on Sun King mobile devices
Reverse engineer firmware and perform static and dynamic analysis to identify security flaws
Identify and exploit vulnerabilities in embedded systems, bootloaders, MDMs, Android kernel, secure boot implementations, and cryptographic mechanisms
Build and execute proof-of-concept attacks to demonstrate real-world exploitability and business impact
Collaborate with product, hardware, and software engineering teams to define secure development practices and improve product resilience
Participate in threat modelling and architecture reviews of new products and features
Stay up to date with emerging vulnerabilities, tools, and offensive research relevant to smart phones financing ecosystems

Benefits

Opportunity to grow as a professional in a dynamic, fast growing, high impact industry
Chance to work in an open minded, collaborative culture surrounded by enthusiastic Greenlighters driven by continuous innovation
Truly multicultural experience with people from different geographies, nationalities, and backgrounds, plus structured learning through Greenlight Academy
Diverse, inclusive work environment that enriches innovation and competitiveness