Penetration Testing Jobs

We need an independent third-party penetration test of our production SaaS platform to satisfy a SOC 2 control. We're looking for an experienced, certified penetration tester (OSCP / OSWE / GWAPT / CREST or equivalent) who can start immediately and deliver a professional, audit-ready report. TIMELINE — TIME-SENSITIVE: We need the testing performed and the final report delivered within 1 week of kickoff. Please only bid if you have current availability. ABOUT THE SYSTEM (full details and credentials shared under NDA with the selected tester): - Customer-facing web application: / React / TypeScript - Backend: Python / Django / Django REST Framework API - Authentication: Keycloak (OIDC) — username/password, social login, TOTP/MFA - Two supporting Python/Django microservices ...

I need a thorough penetration test focused exclusively on phones, with coverage for both Android and iOS devices. The goal is to identify real-world attack paths, verify exploitability, and provide clear, actionable remediation guidance. I expect you to approach this as a black-box engagement that mirrors an external attacker’s perspective, diving into areas such as code weaknesses, insecure storage, improper platform usage, and over-permissive network calls. Please plan to use industry-standard tooling and methodology—think OWASP Mobile Top 10 checks with MobSF, dynamic analysis through Burp Suite or mitmproxy, runtime instrumentation via Frida, and network traffic inspection with Wireshark—while documenting every finding with proof of concept evidence and reproducible ...

انتهيت تقريباً من تطوير موقعي الخدمي المبني على نظام مخصص يحمل اسم “Lovely”، وأحتاج الآن إلى عين خبيرة تتولى المرحلة الحاسمة قبل الإطلاق. المطلوب هو إنجاز الآتي: • تنفيذ اختبار اختراق (Pen-Testing) شامل يحدد أي ثغرات ويسلّم توصيات قابلة للتنفيذ. • تحليل الشيفرة المصدرية للتأكد من جودة الكود وامتثاله لأفضل ممارسات الأمان. • مراجعة إعدادات الخادم (Firewall، SSL/TLS، Headers، DNS وغيرها) وضبطها نهائياً. بعد إقفال المسائل الأمنية أريد متابعة دعم لمدة شهر بعد الإطلاق: الردّ على الأحداث الطارئة، تطبيق التحديثات والتحسينات الصغيرة، وتقديم نصائح دورية للحفاظ على الأداء. هناك فكرة مطروحة بسحب بيانات الموقع إلى منصة جاهزة بديلة؛ أود سماع رأيك المهني أولاً قبل اتخاذ قرار الانتقال من البنية الحالية. سلّم لي في نهاية العمل: 1. تقرير مفصل عن الثغرات والإصلاحات. 2. ...

Our BGMI (Battlegrounds Mobile India) infrastructure occasionally freezes when traffic surges. I want to put a permanent stop to that by building a preventive DDOS shield that covers every critical touch-point—login, in-game communication, and matchmaking. You will begin with a quick audit of the existing network layout and traffic patterns, then design and deploy a solution that blocks volumetric and application-layer attacks before they can overwhelm the servers. I expect minimal additional latency for legitimate players, clean documentation of every rule or service introduced, and a repeatable playbook I can apply to new nodes as we scale. Deliverables • Security architecture diagram and written rollout plan • Hardened configurations applied to the login, game, a...

Long-Term Full Stack Developer ( / React / TypeScript) + Security Mindset We are looking for a proactive Full Stack Developer to join a growing maritime software startup for an intensive one-month engagement, with a strong possibility of transitioning into a long-term role. The application is already well advanced. The goal is to spend the next month strengthening the platform, eliminating weaknesses, improving security, refining workflows, and preparing the product for production deployment. Current Technology Stack * Frontend: , React, TypeScript * Backend: API Routes, Server-Side TypeScript * Database Layer: Repository Pattern (currently local/demo data, production database integration planned) * Authentication: Role-based access control, demo users, private portal workflows * Inte...

I need a seasoned ethical hacker to probe my public-facing web applications and surface every weakness before attackers do. The core goal is to identify vulnerabilities; no remediation work is required at this stage, but I do want clear, reproducible evidence for each flaw. Scope The assessment must cover the full web stack—front-end, back-end, APIs and any server-side components tied to the apps. Automated scanning is fine as a first pass, yet I expect you to validate every finding manually and look beyond scanner results for business-logic or access-control issues. High-priority findings Please focus your efforts on: • SQL injection • Cross-site scripting (XSS) • Cross-site request forgery (CSRF) You are free to uncover and report additional issue type...

I need an expert to secure my computer and eliminate unauthorized password changes. Key requirements: - Identify and remove any existing malware or unauthorized access points. - Strengthen security protocols to prevent future breaches. - Provide a report on vulnerabilities and how to fix them. Ideal skills and experience: - Expertise in cybersecurity - Experience with malware removal - Strong knowledge of securing personal computers