Mobile Application Penetration Testing Analyst
Job Title Freelance Web & Mobile Application Penetration Testing Analyst (Non-Exploit β Flutter Focus) Job Type: Contract / Freelance Long-Term Engagement (Part-Time, Sporadic Hours) Fully Remote About the Role: We are looking for an experienced Application Security Analyst to join us on a freelance basis, supporting security testing across both web and mobile applications, with a strong emphasis on Flutter-based mobile apps. This is a non-exploit role, focused on identifying vulnerabilities and security weaknessesβnot active exploitation or red teaming. The role is fully remote and well-suited for professionals who are comfortable working independently on a long-term, as-needed basis. Hours will vary with workload, so flexibility and the ability to work asynchronously are key. Key Responsibilities: β’ Conduct manual and tool-assisted penetration testing of web and mobile (Flutter) applications β’ Identify vulnerabilities related to authentication, authorization, session handling, and insecure storage or communications β’ Perform reviews of Dart/Flutter code and assess mobile-specific risks like deep linking, reverse engineering, and tampering β’ Analyze APIs and backend integrations for security gaps β’ Document findings in detailed, developer-ready reports including impact assessments and remediation guidance β’ Collaborate with internal teams to clarify security concerns and verify remediations β’ Align all assessments with OWASP Top 10, OWASP MASVS, and secure coding best practices β’ Operate in a non-exploitative capacity (no red teaming or social engineering) Required Experience and Skills: β’ Minimum 4β6 years of experience in application security testing β’ Strong background in Flutter security, with hands-on testing of production-grade mobile apps β’ Proficiency in tools such as Burp Suite, OWASP ZAP, MobSF, Frida, Postman, Objection, or similar β’ Understanding of secure development concepts: input validation, session/token management, certificate pinning, etc. β’ Familiarity with mobile and web security standards (OWASP Top 10, MASVS, CVSS, CWE) β’ Excellent technical writing and reporting skills β’ Certifications like OSCP, eWPT, GMOB, or equivalent are a plus Desirable Skills: β’ Experience working as an external security consultant or independent contractor β’ Familiarity with CI/CD security practices and DevSecOps pipelines β’ Ability to scope and prioritize assessments autonomously Compensation and Workload: β’ Competitive hourly or daily rate β’ Flexible working hours β’ Project-based workload, long-term commitment If this position is of interest then please apply and await a call from Dylan. Alternatively please send an email to [email protected] with your mobile number and availability for a call. Apply tot his job Apply tot his job