Fractional Application Security Advisor — Retainer (Modern Web Stacks) + Initial Paid Pentest

Posted 3 days ago

Worldwide

Summary

We're a productized dev shop building and hosting custom web apps for SMB clients. Our work centers on modern full-stack setups — Next.js/React, Postgres (including Supabase with RLS), Node, cloud hosting (Railway and similar), Tailscale-secured infrastructure — with a standardized template approach: secure the pattern once, apply it across many deployments. Some client work involves other stacks and third-party integrations (payments, messaging/WhatsApp, accounting systems, POS). Looking for one senior application security engineer for an ongoing advisory retainer. Judgment role, not a volume role: 5–10 hrs/month, async-first, minimal meetings. Scope: Security review of our core stack templates: auth flows, multi-tenant isolation, RLS policies, secrets handling, storage policies Code review sign-off on new integration patterns before they ship (payments, messaging, webhooks, third-party APIs) Periodic pentesting of our apps (staging environments, synthetic data) Internal testing practices: help us build security checks into our CI/dev workflow Best-practices guidance as we grow; incident response on-call (day rate applies) Quarterly security summary report (template provided, you review and sign off) Engagement structure: Step 1 is a paid, fixed-price security assessment of one of our production apps (contains no customer data) — full findings report with severity ratings, reproduction steps, and remediation guidance. Strong work converts to the monthly retainer. You: 5+ years hands-on AppSec / web application pentesting (not network/infra-only, not compliance-only) Strong with multi-tenant SaaS security and Postgres/RLS-style authorization models OSCP, OSWE, or equivalent hands-on background preferred Can explain findings to a non-security founder in plain English Comfortable being the named security reviewer on client-facing summaries Upwork profile requirements (hard filters — please don't apply otherwise): 95%+ Job Success Score $25k+ earned on Upwork with 500+ hours worked Security-specific work history visible in your profile (web app pentests, AppSec reviews — not general dev work with "security" listed as a skill) Identity verified At least one sample report or sanitized writeup you can share To apply: skip the boilerplate. In 3–5 sentences, tell us the first two things you'd examine in a multi-tenant SaaS app and why. Applications without this will not be read. Budget: fixed price for the initial assessment (propose your number), then monthly retainer negotiated on results.

  • More than 30 hrs/week
    Hourly
  • 6+ months
    Duration
  • Expert
    Experience Level
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Vulnerability Assessment
Activity on this job
  • Proposals:5 to 10
  • Last viewed by client:yesterday
  • Interviewing:
    1
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Mar 19, 2018
  • United States
    Lakewood5:24 AM
  • $19K total spent
    55 hires, 10 active
  • 679 hours
  • Individual client

Explore similar jobs on Upwork

Security and Compliance SpecialistFixed-price‐ Posted 3 weeks ago
Network Security
Information Security
Penetration Testing
Security Analysis
B2B Sales Partner for CybersecurityHourly‐ Posted 2 weeks ago
B2B Marketing
Sales
Outbound Sales
Telemarketing

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo