Penetration Testing Jobs

I’m looking for a seasoned cybersecurity professional who can carry out a full-scale penetration test against my public-facing web application. My priority is threat assessment and mitigation, so the exercise must simulate real-world attack scenarios, uncover exploitable weaknesses, and give me a clear path to harden the platform. Scope You will conduct a comprehensive, OWASP-aligned assessment that includes manual exploitation techniques in addition to automated scans. I expect you to explore authentication, authorization, session management, input validation, business logic, and any server-side misconfigurations. Google platform for email/domain management and primarily cloud based tools. Tool choice is up to you—Burp Suite, OWASP ZAP, Kali Linux utilities, Metasploit, or...

We are looking for a cybersecurity specialist to support our security assessment and compliance services for small and medium-sized businesses in the Middle East. Role Summary: You will conduct structured security reviews of client environments using industry-standard tools and frameworks, focusing on both technical security and regulatory compliance. Key Responsibilities: 1. Security Assessments: • Run vulnerability scans on networks, servers, and web applications. • Identify security misconfigurations, exposed services, and potential entry points. • Analyze results and validate critical findings. 2. Compliance Reviews: • Map findings against ISO 27001 controls for information security. • Assess client adherence to NIST Cybersecurity Framework (CSF) funct...

I need a focused penetration test on my personal blog to uncover any SQL injection weaknesses. The two areas that matter most to me are the login pages and the built-in search feature, so the engagement revolves around probing those endpoints thoroughly with manual and automated techniques (think Burp Suite, sqlmap, or comparable tools). I will provide staging credentials, database schema snapshots, and any other access details you need once we start. Please exercise safe-testing practices so the live site and its data remain untouched. Deliverables • A concise technical report that lists each discovered SQL injection vector, the exact request/response demonstrating the issue, and the risk level. • Practical, step-by-step remediation advice for every finding. • A reass...

I need a solid, full-scope “cyber” penetration test on my web platform with a single objective: uncover every web-based vulnerability before launch. You will have access to a dedicated staging environment plus test credentials so you can attack the application exactly as an external threat actor would. Scope • End-to-end testing of all public and authenticated areas, APIs, and server configuration • Combination of automated scans (e.g., OWASP ZAP, Nikto) and manual exploitation with Burp Suite, Kali Linux toolset, Metasploit, etc. • No social-engineering or mobile testing is required—focus purely on web weaknesses. Deliverables (acceptance criteria) 1. Executive summary for non-technical stakeholders. 2. Detailed technical report listing each f...

I’m a mid-career cybersecurity professional and my LinkedIn presence isn’t doing me any favors. My goal is crystal-clear: I want recruiters at tech companies to find me, see immediate evidence of my value, and invite me to interview for full-time security roles. What I need from you • A high-impact headline and summary that sell my threat-hunting, incident-response, and governance strengths while weaving in the right keywords for LinkedIn’s search algorithm and typical ATS filters. • Re-crafted work-experience entries that highlight measurable accomplishments (e.g., vulnerability-remediation percentages, audit-pass rates, MTTR improvements) instead of task lists. • A refreshed Skills & Endorsements section that spotlights cloud security, secure...

I’m ready to have my website professionally stress-tested so I can patch every weak spot before it becomes a problem. The engagement centres on two critical areas that hold our most sensitive logic and data—the Login System and the User Data Storage modules. Within those components I want you to probe specifically for SQL Injection, Cross-Site Scripting (XSS) and Broken Authentication issues, emulating real-world attack scenarios while staying fully within ethical boundaries. Industry-standard tooling such as Burp Suite, OWASP ZAP, sqlmap, or their equivalents is expected so results are reproducible and mapped against OWASP Top 10. All findings must be compiled in a comprehensive, developer-friendly document that not only confirms each vulnerability but explains impact, suppli...

I’m ready to have my website professionally stress-tested so I can patch every weak spot before it becomes a problem. The engagement centres on two critical areas that hold our most sensitive logic and data—the Login System and the User Data Storage modules. Within those components I want you to probe specifically for SQL Injection, Cross-Site Scripting (XSS) and Broken Authentication issues, emulating real-world attack scenarios while staying fully within ethical boundaries. Industry-standard tooling such as Burp Suite, OWASP ZAP, sqlmap, or their equivalents is expected so results are reproducible and mapped against OWASP Top 10. All findings must be compiled in a comprehensive, developer-friendly document that not only confirms each vulnerability but explains impact, suppli...

We are seeking an experienced cybersecurity professional to develop a high-quality, advanced-level practical ethical hacking video course built around a realistic simulated enterprise attack environment. This course must focus heavily on hands-on execution and demonstrate a structured multi-step attack workflow inside a controlled lab network. The final deliverable must contain approximately 10–12 hours of fully edited, polished video content (final runtime after editing). Budget: 40,000 INR (Maximum) Timeline: 30–60 days Core Course Requirements The course must: Be advanced-level practical content Be structured around a connected simulated company environment Include multiple interconnected attack scenarios Demonstrate complete attack chains Include reconnaissance, e...

I’m a complete beginner in wireless security and want to build solid, practical skills in penetration testing for Wi-Fi networks. Over a series of one-on-one sessions, I’d like you to walk me through fundamentals, tools (Kali Linux, Aircrack-ng, Wireshark, etc.), attack simulations, and safe lab setup so I can eventually plan and execute my own wireless assessments responsibly. Please share examples of past work that prove you’ve carried out real-world wireless engagements or successfully mentored others in this niche. Concrete demonstrations—screenshots, anonymised reports, short video clips—help me judge fit quickly. We’ll meet online, screen-share, and practice live. Each session should end with actionable homework and clear checkpoints so I can tra...

I need an experienced ethical hacker to assess the security of my production web application. The platform handles login credentials—users sign in with their mobile number and password—so I want to be absolutely certain this flow cannot be abused. Scope • Run a full penetration test coupled with an automated and manual vulnerability scan. • Focus especially on authentication, session management, and any area where those credentials travel or are stored. Deliverables - A clear, step-by-step report detailing every finding, severity rating, and proof-of-concept where exploitation is possible. - Practical remediation advice I can hand straight to my development team. - A concise executive summary of overall risk. All testing must respect live-traffic uptime, ...

My customer-facing web applications need a fully-fledged bug bounty program that starts with a professional security assessment. The focus is pure CyberSecurity: map the current attack surface, uncover vulnerabilities, and shape a disclosure workflow that rewards researchers responsibly. You will first perform a thorough security assessment on the live web apps, documenting every finding with severity, reproducible steps, and clear remediation advice. From those results, design the bounty structure (scope wording, reward tiers, triage flow, and response SLAs) so it can be published on platforms such as HackerOne or Bugcrowd. Deliverables • Comprehensive assessment report (OWASP Top 10 coverage, business-logic flaws, misconfigurations, etc.) • Drafted public program brief, inc...

I’m looking for an experienced cybersecurity consultant who can step into my ongoing technology-sector client engagements and add immediate value. The work revolves around helping mid-size SaaS and platform companies identify risks, tighten controls, and document clear remediation roadmaps. You’ll collaborate directly with end-clients, so strong communication skills and the ability to translate technical findings into business language are essential. Day-to-day tasks may include vulnerability reviews, policy gap analysis, incident-response planning, and presenting recommendations to C-level stakeholders. Familiarity with frameworks such as NIST CSF, ISO 27001, and CIS Controls will be handy, though I’m open to whichever methodology best fits each client’s environme...

I am looking for an experienced reverse engineer or mobile security specialist to help analyze the network communication of an Android application. The application currently implements SSL certificate pinning, which prevents traffic inspection using standard interception tools (such as proxies). Because of this, I cannot capture the login requests and related API communication. Project Goals: Perform reverse engineering of the Android APK. Identify and bypass the SSL pinning protection implemented in the app. Enable traffic inspection so the login requests can be captured and analyzed. Document the login request structure and related API endpoints. Help replicate the login request programmatically using either: Node.js, or Python The final goal is to understand how the login API ...

I need an experienced security engineer to harden our multi-tenant SaaS product, prepare us for HIPAA and SOC 2 Type II audits, and stay on call for incident response. The stack runs primarily on AWS, Azure or GCP, with containerised workloads orchestrated by Kubernetes. Day-to-day you will probe our web apps and APIs with Burp Suite and OWASP ZAP, script automation in Bash, and guide the team as we fold security controls into an established Git-based CI/CD pipeline. Key objectives • Run a full penetration test against the platform, documenting exploitable findings against the OWASP Top 10 and cloud-specific misconfigurations. • Configure vulnerability scanning (Nessus, Snyk, Trivy) and wire SAST, DAST and dependency checks into our build pipelines. • Implement and v...

I have a small office network—fewer than twenty endpoints—that I want thoroughly examined for weaknesses. The immediate focus is a vulnerability assessment combined with a full network-security audit. Pen-testing isn’t required right now, but I would like the audit to be detailed enough that we could progress smoothly to active exploitation tests later if needed. Scope – Map every device and service, then scan using industry-standard tools such as Nmap, Nessus or OpenVAS. – Analyse configurations (firewall rules, router settings, shared resources, OS hardening) and identify misconfigurations or outdated software. – Provide a clear, prioritized remediation plan. Critical issues first, followed by medium and low-risk findings. – Conclude wit...

Project Title: Web Security Audit & Penetration Testing for Marketplace Website Description: We are preparing to launch a new online marketplace platform and are looking for an experienced web security specialist to perform a full security review of the site. The goal is to identify any vulnerabilities and ensure the platform is secure before public launch. Scope of work: • Perform a full security audit of the web application • Conduct penetration testing to identify vulnerabilities • Review authentication, API security, and database access • Check for common vulnerabilities (OWASP Top 10) • Identify potential risks in front-end and back-end architecture • Provide a clear report outlining vulnerabilities and recommended fixes Important: • You must hav...

Scenario Background: The scenario assumes that you are working as a security expert for a fictional company, Acme Coffee Company. The company includes several roles, including Bruno (CEO), Spike (Vice President of Sales), Eilik and Eilika (Sales), Loki (System Administrator), and Avery (Marketing). Loki has built a new company server, and Bruno has hired you to conduct a comprehensive security analysis and assessment of that server and submit a complete report. The final report should include your findings, techniques, graphics, and methodology, along with recommendations for improving any security issues identified. Video Overview: The instructor explains that the final project will provide a target machine personally built by the instructor to represent the Acme company environment. Yo...

We are a new SaaS startup looking for a rigorous security specialist to perform a **comprehensive end-to-end security audit**. Our mobile app (iOS & Android) is our core product and requires deep-dive scrutiny, while our landing pages and staff admin panel need a focused vulnerability assessment to ensure total ecosystem integrity. ### **The Scope of Work** We need more than a generic automated scan; we require a blend of manual penetration testing and structured configuration review. * **Mobile App (Deep Dive):** Comprehensive testing based on the **OWASP Mobile Application Security (MAS)** framework. This includes binary analysis, session management, local data storage security, and API communication. * **Web & Admin Panel:** Vulnerability assessment of the staff-facing das...