Product Lock Analyst at PayJoy

This role

• The Product lock analyst - Android security is responsible for testing and helping maintain PayJoy's proprietary device locking technology against various bypass methods and tools, after every OS Over-The-Air (OTA) update, any update to our lock technology itself and any update to the in-market tools.

Responsibilities

• Proactively and systematically test PayJoy's device locking mechanism on a diverse range of Android devices and OS versions following every OTA update.
• Conduct thorough, periodic testing of the lock after every update or modification to the PayJoy lock technology. 
• Actively research, identify, acquire, and utilize existing and emerging lock-breaking tools, software, hardware techniques, and methodologies (e.g., factory reset exploits, bootloader vulnerabilities, ADB exploits, custom ROM flashing, FRP bypass tools) to attempt to bypass the PayJoy lock.
• Develop, maintain, and execute comprehensive test plans, test cases, and test scenarios specifically focused on lock security, bypass attempts, and anti-tampering features.
• Simulate various attack vectors and user behaviors that could lead to a lock bypass.
• Document all testing activities, methodologies, findings, discovered vulnerabilities, and precise steps to reproduce in a clear, concise, and actionable manner using our bug tracking system (e.g., JIRA).
• Collaborate closely with Android developers, security engineers, and product managers to report vulnerabilities, discuss root causes, propose mitigation strategies, and verify the effectiveness of fixes.
• Provide detailed reports on test execution, vulnerability status, and overall lock security posture.
• Stay continuously updated on the latest Android security vulnerabilities, platform changes, rooting techniques, bootloader unlocking methods, custom firmware, and new bypass tools/techniques relevant to device locking mechanisms.
• Maintain and manage a lab environment with various Android devices, testing tools, and necessary infrastructure.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
• 3+ years of experience in Quality Assurance, with at least 1-2 years specifically focused on mobile application testing on the Android platform, proven hands-on experience and a strong curiosity for attempting to bypass software-based locks, security mechanisms, or device restrictions.
• Strong understanding of the Android OS architecture, including bootloader, recovery mode, ADB (Android Debug Bridge), fastboot, system partitions, and security features.
• Familiarity with common Android rooting techniques, custom ROMs (e.g., LineageOS), and tools used for device modification (e.g., Magisk, Xposed Framework – for understanding potential attack vectors).
• Experience with Android debugging tools (e.g., Android Studio, Logcat, Wireshark/tcpdump for network analysis if relevant).
• Meticulous attention to detail, strong analytical, and problem-solving skills.
• Excellent written and verbal communication skills, with the ability to document technical issues clearly and effectively.
• Ability to work independently, manage priorities, and take ownership of assigned tasks in a fast-paced environment.