Project Description
I need a security partner who can run thorough web application penetration tests, trace and document every vulnerability, and then help me reproduce and patch the issues. Alongside that primary task, you will be called on to investigate past or ongoing security breaches and dig into a small batch of persistent spam-caller incidents that appear linked to the same threat actor. Solid OSINT technique is a big plus here because many leads will start with only a phone number or a username.
Your day-to-day work will include hands-on testing with tools such as Burp Suite, OWASP ZAP, or similar; methodical breach forensics in logs (Wireshark, Splunk, ELK—whatever you are most fluent with); and concise reporting that spells out risk, impact, and a clear remediation path. When spam-caller data comes in, I’ll pass raw call logs or recordings to you so you can pivot across open-source datasets, map infrastructure, and attribute where possible.
Please focus your proposal on your direct experience performing web app pentests and breach investigations. If you have case studies that show how you combined OSINT with technical testing, that will help me choose quickly.
Deliverables I expect:
• A formal penetration-test report with proof-of-concept exploits, risk ratings, and remediation steps
• A brief incident analysis for each breach or spam-caller event, including supporting evidence
• A follow-up session (remote) to walk through findings, answer questions, and verify fixes
I’m aiming to move fast once I find the right fit, so let me know how soon you can start and roughly how long you’ll need for the first round of testing.