Penetration Tester Needed – Mobile Fintech App (Flutter, Firebase, APIs, Admin Panel)
We are preparing the public launch of a fintech mobile application and we are looking for an experienced penetration tester to perform a security assessment focused on identifying critical and high-risk vulnerabilities.
Goal
Detect real exploitable issues before production launch (account takeover, unauthorized access, balance manipulation, payment logic abuse, data exposure, privilege escalation, etc.).
Scope
• Android & iOS mobile apps (Flutter)
• Backend APIs
• Firebase / Google Cloud configuration (Firestore rules, Cloud Functions, Storage, Auth)
• Web admin back-office
• Authentication & authorization flows
• Business logic related to wallet, transactions and withdrawals
Testing Approach
Manual testing is required. Automated scanning alone is not sufficient.
We are specifically looking for:
• Business logic testing
• API abuse scenarios
• Authentication & access control weaknesses
• Mobile app runtime testing (not only static analysis)
• Cloud misconfiguration review
Deliverables
• Clear, structured security report
• Risk rating (Critical / High / Medium / Low)
• Proof of Concept for each vulnerability
• Practical remediation guidance
• One retest after fixes
Timeline
Flexible – we prefer a focused and realistic engagement over a rushed scan.
Budget
This project is for a startup, so we are looking for a cost-effective but skilled tester.
Please send your fixed price for a critical vulnerability assessment (not a full enterprise audit).
To apply, please include:
• Your methodology
• Relevant experience with mobile app pentesting
• Experience with Firebase or similar cloud backends
• Sample report (sanitized) if available
• Tools you use
• What is included in your testing time
Nice to have
• Experience with fintech / wallet / payment applications
• Knowledge of OWASP MASVS / MSTG
We are looking for a long-term security partner, not just a one-time scan.
Contract duration of 1 to 3 months.
Mandatory skills: api security, Google Cloud Platform, burp suite, Firebase, Firebase Cloud Firestore, OWASP, Ethical Hacking