Certified Penetration Tester (OSCP Preferred) – Web, Mobile & Azure Platform

We are an early-stage EdTech company seeking an experienced Application Security / Penetration Testing contractor to perform hands-on security testing across our web, mobile, API, and cloud infrastructure. This engagement is for a practitioner, not a compliance-only consultant. You’ll actively test real systems, collaborate directly with engineers, and validate fixes—not just deliver a static report. What You’ll Be Testing Applications -Web applications (React / TypeScript, .NET backend) -GraphQL APIs -Mobile apps (Flutter – Android & iOS) Infrastructure -Microsoft Azure (AKS, Container Apps, networking, VPNs) -Azure Key Vault and secrets handling -CI/CD pipelines (GitHub Actions) -Container and Kubernetes security Scope of Work -Perform hands-on penetration testing (manual + targeted tooling) -Identify authentication, authorization, logic, and data exposure issues -Test APIs and GraphQL-specific attack vectors -Assess cloud and container configurations for security weaknesses -Clearly document findings with reproduction steps and remediation guidance -Collaborate with engineers on validation and retesting Deliverables -Prioritized vulnerability findings -Proof-of-concept reproduction steps -Practical remediation guidance -Executive summary of systemic risks -Optional fix validation / retesting Required Qualifications -OSCP certification strongly preferred (or equivalent real-world experience) -Proven experience in application penetration testing -Strong understanding of: --Web & API security (OWASP Top 10) --Authentication & authorization flaws --Cloud security fundamentals -Clear, developer-friendly communication skills Nice to Have -EdTech or privacy-sensitive platform experience -FERPA / COPPA familiarity -Kubernetes / AKS security experience -Startup or early-stage SaaS experience Apply tot his job