Penetration Testing Engagement – CREST Certified Engineer Required
We are seeking a highly qualified CREST-certified security engineer to conduct a full end-to-end penetration test across our SaaS platform.
### **About Our Environment**
• **Cloud Platform:** Microsoft Azure
• **Application:** Web-based SaaS application
• **APIs:** Multiple API endpoints (REST)
• **Mobile App:** iOS and Android (include dynamic + static testing)
• *Scope of Work**
We require a comprehensive penetration test including (but not limited to):
• **Infrastructure testing** (Azure environment / cloud security posture)
• **Web application penetration testing** (OWASP Top 10 & beyond)
• **API security testing**
• **Mobile application penetration testing** (iOS + Android)
• **Authentication/authorisation testing**
• **Data exposure and encryption testing**
• **Business logic testing**
• **Review of secure coding and architecture practices**
### **Deliverables**
• A **formal, third-party-ready penetration testing report**, including:
• Executive summary
• Detailed findings
• Risk severity ratings
• Reproduction steps
• Recommendations for remediation
• Evidence artefacts (screenshots, request logs, PoC where appropriate)
• A **debrief session** with our engineering team
• Optionally: a retest after remediation
### **Requirements**
• **CREST certification** (e.g., CRT, CCT-App, CCT-Inf, CREST Practitioner Security Analyst)
• Proven experience with:
• Azure cloud environments
• SaaS security assessments
• Mobile app and API penetration testing
• Ability to sign an NDA
• Previous sample report (with sensitive data removed) preferred
We would like to commence testing as soon as possible, with a report delivered shortly after.
Apply Now
Apply Now