Job Description
Penetration Testing Engagement – CREST Certified Engineer Required We are seeking a highly qualified CREST-certified security engineer to conduct a full end-to-end penetration test across our SaaS platform. ### About
Our Environment • Cloud Platform: bolthires Azure • Application: Web-based SaaS application • APIs: Multiple API endpoints (REST) • Mobile App: iOS and Android (include dynamic + static testing) • * Scope of Work We require a comprehensive penetration test including (but not limited to): • Infrastructure testing (Azure environment / cloud security posture) • Web application penetration testing (OWASP Top 10 & beyond) • API security testing • Mobile application penetration testing (iOS + Android) • Authentication/authorisation testing • Data exposure and encryption testing • Business logic testing • Review of secure coding and architecture practices ### Deliverables • A formal, third-party-ready penetration testing report, including: • Executive summary • Detailed findings • Risk severity ratings • Reproduction steps • Recommendations for remediation • Evidence artefacts (screenshots, request logs, PoC where appropriate) • A debrief session with our engineering team • Optionally: a retest after remediation ### Requirements • CREST certification (e.g., CRT, CCT-App, CCT-Inf, CREST Practitioner Security Analyst) • Proven experience with: • Azure cloud environments • SaaS security assessments • Mobile app and API penetration testing • Ability to sign an NDA • Previous sample report (with sensitive data removed) preferred We would like to commence testing as soon as possible, with a report delivered shortly after.
Apply tot his job