Project Overview & Business Challenge

• Company Introduction: We are an e-commerce platform that handles sensitive customer data. Maintaining the highest level of security is crucial for our business reputation and customer trust.
• The Challenge: While we have basic security measures in place, we need an independent expert to perform a full-scale security audit and penetration test of our web application and infrastructure. We are concerned about potential zero-day vulnerabilities and misconfigurations that could be exploited.
• Objective: The goal is to identify and report on all security vulnerabilities, provide actionable recommendations for remediation, and help us harden our systems against future attacks.

Detailed Job Description & Responsibilities

• Core Tasks:
  • Perform a black-box and white-box penetration test of our web application and public-facing infrastructure.
  • Conduct vulnerability scans using industry-standard tools (e.g., OWASP ZAP, Nessus, Nmap).
  • Attempt to exploit identified vulnerabilities to demonstrate their impact.
  • Provide a detailed report of all findings, including a CVSS score for each vulnerability and step-by-step remediation instructions.
  • Consult with our development and operations teams to explain the findings and guide them through the remediation process.
  • Provide a final re-test to verify that all reported vulnerabilities have been successfully patched.

Required Skills & Qualifications

• Technical Expertise:
  • Proven experience as a penetration tester and security auditor.
  • Expert knowledge of web application security principles (OWASP Top 10).
  • Proficiency with penetration testing tools like Kali Linux, Metasploit, Wireshark, and Burp Suite.
  • Strong understanding of networking, systems, and application security concepts.
  • Relevant certifications (e.g., OSCP, CEH, CompTIA PenTest+) are mandatory.

Soft Skills:

• High level of integrity and professional ethics.
• Excellent report writing and documentation skills.
• Strong communication skills to clearly articulate complex security issues to both technical and non-technical staff.

Deliverables

• Tangible Outputs:
  • A comprehensive security audit and penetration test report (PDF).
  • An executive summary of findings for management.
  • Detailed remediation instructions for each identified vulnerability.
  • A final re-test report confirming successful remediation.

Timeline

• Timeline: The project is expected to be completed within 20-30 days.

How to Apply

• Instructions:
  • Submit a proposal outlining your penetration testing methodology and tools.
  • Include a portfolio or case study of a past project.
  • Provide a fixed-price quote or your hourly rate for this engagement.

Skills

• Technical: Penetration Testing, Security Auditing, OWASP, Kali Linux, Metasploit, Wireshark, Burp Suite, Vulnerability Scanning.
• Soft: Report writing, Communication, Problem-solving, Ethics.