Penetration Testing Jobs

Hello, I am looking for a temporary freelance cybersecurity expert to investigate and secure my server and infrastructure. Your responsibilities will include: Investigating possible security vulnerabilities or suspicious activity Reviewing server security flow and configurations Identifying unauthorized access points or weaknesses Securing the server with proper hardening measures Reviewing firewall, SSH, APIs, database, and permissions Providing recommendations to improve security Important requirements: All work must be transparent and documented You must provide reports of all actions performed No changes should be made without approval for critical actions No backdoors, hidden access, or persistent access methods are allowed All activity may be monitored and logged Access will be ...

Building a Rust-based security research tool that correlates multiple CVEs across different classes — privilege escalation, information disclosure, misconfigurations in email/SMS APIs, SMTP relays, and databases. The goal: simulate real-world attack chains that lead to exposure of sensitive data (API keys, database credentials, communication logs) so defenders can identify weak links. Looking for 2–3 motivated Rust developers to collaborate. You should know: · Rust (systems-level) · CVE analysis (any class — info leak, auth bypass, misconfig) · Working with APIs, databases, or network protocols What we're building: A detection engine that chains unrelated CVEs (e.g., an info leak + a weak SMTP config + a database misconfig) to map full expos...

I need a certified cybersecurity professional to determine whether my personal Android phone has been subjected to unauthorized access and to help me regain full, lawful control of every component that may have been touched. The device is the only confirmed target right now; however, if traces lead to email or social channels I will widen the scope with you. Your investigation must be forensically sound so that any evidence you uncover can stand up to scrutiny should I decide to take legal action. I am expecting a hands-on approach that covers log collection, malware/spyware scanning, vulnerability mapping, and clear recommendations on how to close every gap you find. Where recovery steps are needed—password resets, two-factor reconfiguration, data restoration—I want you ...

I run an EU-registered consultancy delivering cybersecurity services to mid-market and enterprise clients in France and broader Europe. I'm building a roster of cybersecurity engineers I can engage on a recurring basis as client missions come in — not a one-off project. What I'm looking for : A cybersecurity engineer (mid-level acceptable, 3+ years hands-on) able to deliver vulnerability assessments and penetration tests on: - Network infrastructure (internal/external) - Web applications (OWASP Top 10, API security) - Cloud environments (AWS, Azure, or GCP — at least one) Required : - At least one recognized certification: OSCP, CEH, CompTIA PenTest+, or equivalent (please state which in your bid) - Hands-on experience with Nmap, Burp Suite, Metasploit, OWASP ZAP, a...

I need a thorough security audit that examines our network perimeter, our internally-developed web and mobile applications, and the policies we rely on to stay aligned with compliance and governance standards. The goal is to obtain a clear, evidence-based view of where our current controls succeed, where they fail, and which vulnerabilities demand immediate remediation. Here is what the engagement should cover: • Network security – vulnerability assessment, configuration review, segmentation and firewall rule analysis • Application security – code-level and runtime testing aligned with OWASP, including authentication, data handling and session management checks • Compliance and governance – gap analysis against the relevant framework (ISO 27001, NIST ...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

I want a seasoned security professional to probe my site from every angle and show me—plainly—where a hacker would slip in. My main worry is outright breaches, not just compliance check-boxes, and at the moment I only have the usual basic plugins and a standard SSL certificate in place. You’ll need to run a full vulnerability assessment and light penetration test, review server and application configurations, and evaluate any code that touches the public web. Feel free to bring out Burp Suite, OWASP ZAP, Nikto, or whatever toolset you trust; I’m interested in real-world exploitability, not generic scanner output. Please deliver: • A concise report detailing each weakness, its risk level, and clear remediation steps • A prioritised action plan I c...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

Our organisation runs a geographically-distributed Wide Area Network and I want independent confirmation that the data moving across it cannot be intercepted, decoded, or manipulated. The engagement is limited to traffic analysis and sniffing on the live WAN links; firewall rule-sets and router configurations are out of scope unless you discover something during capture that clearly ties back to them. Scope • Perform lawful, ethical interception of packet flows on agreed WAN segments. • Analyse captured traffic for clear-text credentials, session fixation, protocol misconfiguration, or other weaknesses that could lead to privilege escalation or data leakage. • Attempt non-disruptive proof-of-concept exploits only where traffic analysis indicates a realistic attack pat...

I need a skilled security professional to perform grey box penetration testing on a mobile mini-app. The app is available on both iOS and Android platforms. Key Requirements: - Conduct vulnerability assessments and exploit potential security weaknesses. - Provide a detailed report of findings, including recommendations for remediation. - Ensure the app's security is tested without full knowledge of the internal workings. Ideal Skills and Experience: - Proven experience in grey box penetration testing. - Expertise in mobile application security, specifically on iOS and Android. - Strong knowledge of security tools and methodologies. - Ability to deliver comprehensive and clear security reports. Looking for freelancers with relevant certifications and a strong portfolio in mobile app...

Saya mencari ahli yang dapat memberi saya konsultasi keamanan jaringan yang solid untuk lingkungan Perbankan dan Keuangan. Fokus utama saya adalah menilai postur keamanan saat ini, mengidentifikasi celah kritis, lalu merancang rencana mitigasi yang praktis dan siap diterapkan. Ruang lingkup singkat: • Meninjau arsitektur jaringan dan kebijakan akses yang sudah ada. • Melakukan analisis kerentanan tingkat jaringan serta pengujian penetrasi terbatas bila diperlukan. • Menyusun laporan risiko beserta rekomendasi prioritas (best practice, kepatuhan regulator, dan langkah cepat yang dapat diambil tim internal). • Sesi diskusi online untuk memaparkan temuan dan menjawab pertanyaan tim IT saya. Saya menghargai komunikasi jelas, dokumentasi terstruktur, dan pendekatan p...