Mobile Application Penetration Testing Analyst

1 week ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Evolution Project Consulting

Job Title

Job Type:

Contract / Freelance

Long-Term Engagement (Part-Time, Sporadic Hours)

Fully Remote

About the Role:

We are looking for an experienced Application Security Analyst to join us on a freelance basis, supporting security testing across both web and mobile applications, with a strong emphasis on Flutter-based mobile apps. This is a non-exploit role, focused on identifying vulnerabilities and security weaknesses—not active exploitation or red teaming.

The role is fully remote and well-suited for professionals who are comfortable working independently on a long-term, as-needed basis. Hours will vary with workload, so flexibility and the ability to work asynchronously are key.

Key Responsibilities:

• Conduct manual and tool-assisted penetration testing of web and mobile (Flutter) applications
• Identify vulnerabilities related to authentication, authorization, session handling, and insecure storage or communications
• Perform reviews of Dart/Flutter code and assess mobile-specific risks like deep linking, reverse engineering, and tampering
• Analyze APIs and backend integrations for security gaps
• Document findings in detailed, developer-ready reports including impact assessments and remediation guidance
• Collaborate with internal teams to clarify security concerns and verify remediations
• Align all assessments with OWASP Top 10, OWASP MASVS, and secure coding best practices
• Operate in a non-exploitative capacity (no red teaming or social engineering)

Required Experience and Skills:

• Minimum 4–6 years of experience in application security testing
• Strong background in Flutter security, with hands-on testing of production-grade mobile apps
• Proficiency in tools such as Burp Suite, OWASP ZAP, MobSF, Frida, Postman, Objection, or similar
• Familiarity with mobile and web security standards (OWASP Top 10, MASVS, CVSS, CWE)
• Excellent technical writing and reporting skills
• Certifications like OSCP, eWPT, GMOB, or equivalent are a plus
• Experience working as an external security consultant or independent contractor
• Familiarity with CI/CD security practices and DevSecOps pipelines
• Ability to scope and prioritize assessments autonomously

Compensation and Workload:

• Competitive hourly or daily rate
• Project-based workload, long-term commitment

If this position is of interest then please apply and await a call from Dylan. Alternatively please send an email to dylan@evlpc.com with your mobile number and availability for a call.

• Seniority level
  Mid-Senior level

• Employment type
  Other

• Job function
  Information Technology
• Industries
  Information Services and Computer and Network Security

Referrals increase your chances of interviewing at Evolution Project Consulting by 2x

Leeds, England, United Kingdom 6 days ago

Reading, England, United Kingdom 3 weeks ago

Greater London, England, United Kingdom 3 weeks ago

City Of London, England, United Kingdom £500.00-£597.00 5 days ago

Glasgow City, Scotland, United Kingdom 1 day ago

Law, Scotland, United Kingdom 3 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.