Project Description
I need a thorough security audit that examines our network perimeter, our internally-developed web and mobile applications, and the policies we rely on to stay aligned with compliance and governance standards. The goal is to obtain a clear, evidence-based view of where our current controls succeed, where they fail, and which vulnerabilities demand immediate remediation.
Here is what the engagement should cover:
• Network security – vulnerability assessment, configuration review, segmentation and firewall rule analysis
• Application security – code-level and runtime testing aligned with OWASP, including authentication, data handling and session management checks
• Compliance and governance – gap analysis against the relevant framework (ISO 27001, NIST CSF or similar) with documented proof of control effectiveness
Deliverables I expect:
1. An audit plan outlining scope, methodology, tooling (e.g., Nessus, Burp Suite, Wireshark, or equivalents) and timeline before any testing begins.
2. A comprehensive findings report containing risk-rated issues, technical evidence, and business impact.
3. A remediation roadmap with prioritized recommendations and quick-win fixes.
4. A debrief session (remote) to walk through results and answer questions from stakeholders.
Please include examples of past work that demonstrate successful security audits of similar breadth; anonymized excerpts or redacted executive summaries are ideal. Let me know your preferred tools, any additional documentation you will need from my side, and the estimated duration for each phase so we can schedule accordingly.