Social network you want to login/join with:
Mobile Application Penetration Testing Analyst, norwich
col-narrow-left
Client:
Evolution Project Consulting
Location:
Job Category:
Other
-
EU work permit required:
Yes
col-narrow-right
Job Views:
2
Posted:
06.06.2025
Expiry Date:
21.07.2025
col-wide
Job Description:
Job Title
Job Type:
Contract / Freelance
Long-Term Engagement (Part-Time, Sporadic Hours)
Fully Remote
About the Role:
We are looking for an experienced Application Security Analyst to join us on a freelance basis, supporting security testing across both web and mobile applications, with a strong emphasis on Flutter-based mobile apps. This is a non-exploit role, focused on identifying vulnerabilities and security weaknesses—not active exploitation or red teaming.
The role is fully remote and well-suited for professionals who are comfortable working independently on a long-term, as-needed basis. Hours will vary with workload, so flexibility and the ability to work asynchronously are key.
Key Responsibilities:
* Conduct manual and tool-assisted penetration testing of web and mobile (Flutter) applications
* Identify vulnerabilities related to authentication, authorization, session handling, and insecure storage or communications
* Perform reviews of Dart/Flutter code and assess mobile-specific risks like deep linking, reverse engineering, and tampering
* Analyze APIs and backend integrations for security gaps
* Document findings in detailed, developer-ready reports including impact assessments and remediation guidance
* Collaborate with internal teams to clarify security concerns and verify remediations
* Align all assessments with OWASP Top 10, OWASP MASVS, and secure coding best practices
* Operate in a non-exploitative capacity (no red teaming or social engineering)
Required Experience and Skills:
* Minimum 4–6 years of experience in application security testing
* Strong background in Flutter security, with hands-on testing of production-grade mobile apps
* Proficiency in tools such as Burp Suite, OWASP ZAP, MobSF, Frida, Postman, Objection, or similar
* Familiarity with mobile and web security standards (OWASP Top 10, MASVS, CVSS, CWE)
* Excellent technical writing and reporting skills
* Certifications like OSCP, eWPT, GMOB, or equivalent are a plus
* Experience working as an external security consultant or independent contractor
* Familiarity with CI/CD security practices and DevSecOps pipelines
* Ability to scope and prioritize assessments autonomously
Compensation and Workload:
* Competitive hourly or daily rate
* Project-based workload, long-term commitment
If this position is of interest then please apply and await a call from Dylan. Alternatively please send an email to [emailprotected] with your mobile number and availability for a call.
#J-18808-Ljbffr