Application Guide
How to Apply for Request for Proposals: Penetration Testing Consultancy for the Tiko Platform
at Tiko
🏢 About Tiko
Tiko Africa is a mission-driven organization leveraging a digital platform to empower young women and adolescent girls in five African countries. Their work combines health, entrepreneurship, and technology to create measurable social impact, making them a unique and rewarding client for security consultants who want their skills to contribute to meaningful change.
About This Role
This role involves conducting a comprehensive penetration test on Tiko's platform, including mobile apps, web interfaces, APIs, backend services, and infrastructure. Your findings will directly protect vulnerable users and sensitive health data, making your work both technically challenging and socially impactful.
💡 A Day in the Life
A typical day might involve setting up test environments for Tiko's Android app and web interfaces, conducting automated and manual vulnerability scans, and documenting findings. You'd also collaborate with Tiko's technical team to clarify system architecture and later draft the report with an executive summary and prioritized remediation steps.
🚀 Application Tools
🎯 Who Tiko Is Looking For
- A seasoned penetration tester with proven experience testing Android mobile applications, web applications, and backend systems, especially in health-tech or NGO contexts.
- Expert in OWASP testing methodologies, with a track record of identifying injection flaws, authentication bypasses, and insecure data storage—common in platforms handling sensitive user data.
- A clear communicator who can produce concise executive summaries for non-technical stakeholders while also delivering detailed technical findings with actionable remediation steps.
- Holds relevant certifications (e.g., OSCP, CEH) and can provide CVs of team members demonstrating similar expertise for this contract role.
📝 Tips for Applying to Tiko
Highlight any prior penetration testing experience with health-tech platforms or NGOs, as Tiko values understanding of sensitive data handling.
Explicitly mention your experience with Android mobile app pentesting, as the job description emphasizes mobile security.
Provide examples of past reports you've written—especially those with executive summaries—to demonstrate your ability to communicate with both technical and non-technical audiences.
Tailor your proposal to include a clear timeline and methodology that aligns with OWASP standards, showing you've read the RFP thoroughly.
If possible, mention any experience with African markets or remote testing across distributed infrastructure, as Tiko operates in multiple countries.
✉️ What to Emphasize in Your Cover Letter
['Emphasize your commitment to social impact and understanding of the sensitivity of health data for vulnerable populations.', 'Showcase your specific experience with Android mobile app penetration testing and backend API assessments.', 'Demonstrate your ability to produce clear, actionable reports by referencing past work or describing your reporting process.', 'Explain why your team is uniquely qualified for this contract, including relevant certifications and past projects.']
Generate Cover Letter →🔍 Research Before Applying
To stand out, make sure you've researched:
- → Read Tiko's website and blog to understand their platform features, user base (young women and adolescent girls), and the health/entrepreneurship services they offer.
- → Review any publicly available security policies or past data breaches in the health-tech NGO space to understand common threats.
- → Familiarize yourself with the regulatory environment in Kenya, Uganda, Ethiopia, Burkina Faso, and South Africa regarding data protection (e.g., Kenya's Data Protection Act).
- → Look into the technical stack mentioned in job postings or tech blogs—if Tiko uses specific frameworks (e.g., React Native, Django), note their common vulnerabilities.
💬 Prepare for These Interview Topics
Based on this role, you may be asked about:
⚠️ Common Mistakes to Avoid
- Submitting a generic proposal without referencing Tiko's specific platform or mission—they want to see you've done your homework.
- Overlooking the mobile app component; many pentesters focus on web, but this role explicitly requires Android testing.
- Providing a vague report structure; they expect a clear deliverable with executive summary, technical details, severity levels, and remediation steps.
📅 Application Timeline
⏰ Deadline: July 21, 2026
We recommend applying at least a few days early to avoid last-minute technical issues.
Typical hiring timeline:
Application Review
1-2 weeks
Initial Screening
Phone call or written assessment
Interviews
1-2 rounds, usually virtual
Offer
Congratulations!