Mobile Application Penetration Testing Analyst

Job Title Freelance Web & Mobile Application Penetration Testing Analyst (Non-Exploit – Flutter Focus) Job Type: Contract / Freelance Long-Term Engagement (Part-Time, Sporadic Hours) Fully Remote About the Role: We are looking for an experienced Application Security Analyst to join us on a freelance basis, supporting security testing across both web and mobile applications, with a strong emphasis on Flutter-based mobile apps. This is a non-exploit role, focused on identifying vulnerabilities and security weaknesses—not active exploitation or red teaming. The role is fully remote and well-suited for professionals who are comfortable working independently on a long-term, as-needed basis. Hours will vary with workload, so flexibility and the ability to work asynchronously are key. Key Responsibilities: • Conduct manual and tool-assisted penetration testing of web and mobile (Flutter) applications • Identify vulnerabilities related to authentication, authorization, session handling, and insecure storage or communications • Perform reviews of Dart/Flutter code and assess mobile-specific risks like deep linking, reverse engineering, and tampering • Analyze APIs and backend integrations for security gaps • Document findings in detailed, developer-ready reports including impact assessments and remediation guidance • Collaborate with internal teams to clarify security concerns and verify remediations • Align all assessments with OWASP Top 10, OWASP MASVS, and secure coding best practices • Operate in a non-exploitative capacity (no red teaming or social engineering) Required Experience and Skills: • Minimum 4–6 years of experience in application security testing • Strong background in Flutter security, with hands-on testing of production-grade mobile apps • Proficiency in tools such as Burp Suite, OWASP ZAP, MobSF, Frida, Postman, Objection, or similar • Understanding of secure development concepts: input validation, session/token management, certificate pinning, etc. • Familiarity with mobile and web security standards (OWASP Top 10, MASVS, CVSS, CWE) • Excellent technical writing and reporting skills • Certifications like OSCP, eWPT, GMOB, or equivalent are a plus Desirable Skills: • Experience working as an external security consultant or independent contractor • Familiarity with CI/CD security practices and DevSecOps pipelines • Ability to scope and prioritize assessments autonomously Compensation and Workload: • Competitive hourly or daily rate • Flexible working hours • Project-based workload, long-term commitment If this position is of interest then please apply and await a call from Dylan. Alternatively please send an email to dylan@evlpc.com with your mobile number and availability for a call. Apply tot his job Apply To this Job