$12,000.00 Fixed
We're looking for a certified Cybersecurity Specialist to conduct comprehensive penetration testing, vulnerability assessments, and security audits of our web applications, network infrastructure, and cloud environment.
Project Overview:
Perform thorough security testing to identify vulnerabilities, exploitation risks, and security weaknesses in our systems. Provide detailed reports with actionable recommendations and assist with remediation implementation.
Key Responsibilities:
Conduct penetration testing on web applications and APIs
Perform network security assessments and vulnerability scanning
Test cloud infrastructure security (AWS/Azure/GCP)
Identify OWASP Top 10 vulnerabilities and security flaws
Conduct social engineering and phishing simulations
Review source code for security vulnerabilities (SAST)
Test authentication and authorization mechanisms
Assess database security and SQL injection risks
Perform wireless network security testing
Create detailed security audit reports with risk ratings
Provide remediation guidance and security recommendations
Retest after fixes to verify vulnerability closure
Required Skills:
3+ years of cybersecurity and penetration testing experience
Certifications: CEH, OSCP, CISSP, or CompTIA Security+ (required)
Expertise in penetration testing methodologies (OWASP, PTES)
Proficiency with security tools (Burp Suite, Metasploit, Nmap, Wireshark)
Knowledge of common vulnerabilities (OWASP Top 10, CVE)
Experience with SAST/DAST tools (SonarQube, Fortify, Veracode)
Understanding of network protocols and security
Cloud security assessment experience (AWS, Azure, GCP)
Scripting skills (Python, Bash) for automation
Strong report writing and documentation skills
Technical Tools & Frameworks:
Penetration Testing: Kali Linux, Metasploit, Burp Suite Pro
Vulnerability Scanning: Nessus, OpenVAS, Qualys
Network Analysis: Nmap, Wireshark, Netcat
Web Security: OWASP ZAP, Nikto, SQLmap
Cloud Security: AWS Inspector, Azure Security Center, ScoutSuite
Code Analysis: SonarQube, Checkmarx, Fortify
Password Cracking: John the Ripper, Hashcat
Exploitation Frameworks: Metasploit, BeEF
Testing Scope:
Web application penetration testing
API security assessment
Network infrastructure testing
Cloud environment security review
Mobile application testing (if applicable)
Social engineering assessment
Wireless network testing
Active Directory security audit
Database security assessment
Security Areas to Cover:
Authentication and session management
Authorization and access control
Input validation and injection attacks
Cross-site scripting (XSS) and CSRF
Security misconfigurations
Sensitive data exposure
API security vulnerabilities
Broken authentication mechanisms
Server-side request forgery (SSRF)
Business logic flaws
Deliverables:
Comprehensive penetration testing report
Executive summary for non-technical stakeholders
Detailed vulnerability findings with severity ratings (CVSS scores)
Proof-of-concept exploits and screenshots
Step-by-step remediation recommendations
Risk assessment matrix and prioritization
Compliance gap analysis (if needed)
Retest report after remediation
Security best practices documentation
Knowledge transfer session with development team
Compliance Standards:
OWASP Testing Guide
PCI DSS (if applicable)
GDPR security requirements
ISO 27001 standards
NIST Cybersecurity Framework
Budget: $50 - $100/hour (Hourly) or $5,000 - $12,000 (Fixed project)
Timeline: 3-6 weeks
- Proposal: 0
- Less than a week
