渗透测试 Jobs

I need a certified cybersecurity professional to determine whether my personal Android phone has been subjected to unauthorized access and to help me regain full, lawful control of every component that may have been touched. The device is the only confirmed target right now; however, if traces lead to email or social channels I will widen the scope with you. Your investigation must be forensically sound so that any evidence you uncover can stand up to scrutiny should I decide to take legal action. I am expecting a hands-on approach that covers log collection, malware/spyware scanning, vulnerability mapping, and clear recommendations on how to close every gap you find. Where recovery steps are needed—password resets, two-factor reconfiguration, data restoration—I want you ...

I need an expert to respond to a Trojan malware infection. Key Requirements: - Identify and contain the infection - Remove the Trojan and secure the network - Provide a detailed incident report - Recommend preventive measures for the future Ideal Skills and Experience: - Strong background in incident response - Expertise in dealing with Trojan malware - Relevant certifications (CISSP, CEH, etc.) - Proven track record of successful malware removal

I run an EU-registered consultancy delivering cybersecurity services to mid-market and enterprise clients in France and broader Europe. I'm building a roster of cybersecurity engineers I can engage on a recurring basis as client missions come in — not a one-off project. What I'm looking for : A cybersecurity engineer (mid-level acceptable, 3+ years hands-on) able to deliver vulnerability assessments and penetration tests on: - Network infrastructure (internal/external) - Web applications (OWASP Top 10, API security) - Cloud environments (AWS, Azure, or GCP — at least one) Required : - At least one recognized certification: OSCP, CEH, CompTIA PenTest+, or equivalent (please state which in your bid) - Hands-on experience with Nmap, Burp Suite, Metasploit, OWASP ZAP, a...

I need a thorough security audit that examines our network perimeter, our internally-developed web and mobile applications, and the policies we rely on to stay aligned with compliance and governance standards. The goal is to obtain a clear, evidence-based view of where our current controls succeed, where they fail, and which vulnerabilities demand immediate remediation. Here is what the engagement should cover: • Network security – vulnerability assessment, configuration review, segmentation and firewall rule analysis • Application security – code-level and runtime testing aligned with OWASP, including authentication, data handling and session management checks • Compliance and governance – gap analysis against the relevant framework (ISO 27001, NIST ...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

I want a seasoned security professional to probe my site from every angle and show me—plainly—where a hacker would slip in. My main worry is outright breaches, not just compliance check-boxes, and at the moment I only have the usual basic plugins and a standard SSL certificate in place. You’ll need to run a full vulnerability assessment and light penetration test, review server and application configurations, and evaluate any code that touches the public web. Feel free to bring out Burp Suite, OWASP ZAP, Nikto, or whatever toolset you trust; I’m interested in real-world exploitability, not generic scanner output. Please deliver: • A concise report detailing each weakness, its risk level, and clear remediation steps • A prioritised action plan I c...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

Our organisation runs a geographically-distributed Wide Area Network and I want independent confirmation that the data moving across it cannot be intercepted, decoded, or manipulated. The engagement is limited to traffic analysis and sniffing on the live WAN links; firewall rule-sets and router configurations are out of scope unless you discover something during capture that clearly ties back to them. Scope • Perform lawful, ethical interception of packet flows on agreed WAN segments. • Analyse captured traffic for clear-text credentials, session fixation, protocol misconfiguration, or other weaknesses that could lead to privilege escalation or data leakage. • Attempt non-disruptive proof-of-concept exploits only where traffic analysis indicates a realistic attack pat...

I need a skilled security professional to perform grey box penetration testing on a mobile mini-app. The app is available on both iOS and Android platforms. Key Requirements: - Conduct vulnerability assessments and exploit potential security weaknesses. - Provide a detailed report of findings, including recommendations for remediation. - Ensure the app's security is tested without full knowledge of the internal workings. Ideal Skills and Experience: - Proven experience in grey box penetration testing. - Expertise in mobile application security, specifically on iOS and Android. - Strong knowledge of security tools and methodologies. - Ability to deliver comprehensive and clear security reports. Looking for freelancers with relevant certifications and a strong portfolio in mobile app...

I'm looking for an experienced application security expert to help secure our mobile application, which is built on both iOS and Android platforms. Key Requirements: - Assess and identify vulnerabilities in our mobile app - Implement robust security measures to protect against potential threats - Provide detailed security reports and recommendations - Collaborate with our development team to ensure secure coding practices Ideal Skills and Experience: - Proven track record in application security, specifically for mobile apps - In-depth knowledge of security protocols for both iOS and Android platforms - Strong understanding of secure coding practices - Experience with security assessment tools and methodologies - Ability to communicate effectively with non-technical team members I...

I have a newly built software platform running entirely on Firebase and, as part of my contract with the end-client, I must supply an independent penetration-testing report. The application itself is straightforward—no AI components or unusual integrations—so the engagement will be tightly focused on classic web and cloud-hosted attack surfaces. Key focus areas • Authentication issues: confirm sign-in, session handling and privilege escalation vectors are fully locked down. • Data leakage: verify that Firestore, Cloud Storage buckets and any API endpoints are not exposing sensitive information through misconfigurations or improper access rules. • Injection attacks: test for SQL-like or NoSQL injection, as well as any injection vectors in Cloud Functions or...