Penetration Testing Engagement – CREST Certified Engineer Required

Penetration Testing Engagement – CREST Certified Engineer Required We are seeking a highly qualified CREST-certified security engineer to conduct a full end-to-end penetration test across our SaaS platform. ### **About Our Environment** • **Cloud Platform:** Microsoft Azure • **Application:** Web-based SaaS application • **APIs:** Multiple API endpoints (REST) • **Mobile App:** iOS and Android (include dynamic + static testing) • *Scope of Work** We require a comprehensive penetration test including (but not limited to): • **Infrastructure testing** (Azure environment / cloud security posture) • **Web application penetration testing** (OWASP Top 10 & beyond) • **API security testing** • **Mobile application penetration testing** (iOS + Android) • **Authentication/authorisation testing** • **Data exposure and encryption testing** • **Business logic testing** • **Review of secure coding and architecture practices** ### **Deliverables** • A **formal, third-party-ready penetration testing report**, including: • Executive summary • Detailed findings • Risk severity ratings • Reproduction steps • Recommendations for remediation • Evidence artefacts (screenshots, request logs, PoC where appropriate) • A **debrief session** with our engineering team • Optionally: a retest after remediation ### **Requirements** • **CREST certification** (e.g., CRT, CCT-App, CCT-Inf, CREST Practitioner Security Analyst) • Proven experience with: • Azure cloud environments • SaaS security assessments • Mobile app and API penetration testing • Ability to sign an NDA • Previous sample report (with sensitive data removed) preferred We would like to commence testing as soon as possible, with a report delivered shortly after. Apply tot his job