Freelance VAPT Specialist / Penetration Tester

Posted 2 weeks ago

Worldwide

Summary

We are seeking a skilled Freelance VAPT Specialist or Penetration Tester to conduct comprehensive security assessments. The role involves identifying vulnerabilities in web applications, APIs, networks, cloud systems, and infrastructure. The ideal candidate will have experience in performing penetration tests and providing detailed reports to enhance security measures. Familiarity with compliance standards and risk management is essential. We are looking for an experienced freelance VAPT specialist to perform security assessments across web applications, APIs, external infrastructure, internal network assets, cloud environments, and related enterprise systems. The consultant should be capable of performing both automated and manual testing, validating vulnerabilities, identifying exploitable attack paths, providing clear technical evidence, and preparing professional remediation-focused reports. This engagement is strictly for authorized security testing. All activities must follow agreed scope, testing windows, rules of engagement, and non-destructive testing practices. Scope of Work The selected specialist may be required to perform one or more of the following activities: 1. Web Application Security Testing Perform manual and automated security testing for web applications covering OWASP Top 10 and business logic flaws. Expected coverage includes: SQL Injection Cross-Site Scripting Cross-Site Request Forgery Server-Side Request Forgery Authentication and authorization bypass Broken access control IDOR vulnerabilities Session management weaknesses File upload vulnerabilities Directory traversal Security misconfiguration Sensitive data exposure Business logic abuse Rate limiting issues Input validation weaknesses Insecure cookies and headers Client-side security issues API calls exposed through frontend applications 2. API Security Testing Perform security assessment of REST APIs, GraphQL APIs, and backend service endpoints. Expected coverage includes: Broken object-level authorization Broken function-level authorization Mass assignment Excessive data exposure Improper asset management Rate limit bypass Authentication token weakness JWT misconfiguration API enumeration Parameter tampering Insecure HTTP methods Improper error handling Sensitive data leakage Replay attack possibility API business logic abuse 3. Network and Infrastructure VAPT Perform external and internal infrastructure security assessment. Expected coverage includes: Port and service discovery Service version detection Vulnerability validation Weak protocols and ciphers SMB, RDP, SSH, FTP, DNS, SMTP, VPN, and exposed service testing Misconfigured services Default credentials Patch gaps TLS/SSL configuration review Firewall and segmentation validation Privilege escalation possibility Lateral movement risk identification Attack path mapping across exposed assets 4. Cloud Security Assessment Assess cloud environments such as AWS, Azure, or GCP, depending on the project scope. Expected coverage includes: IAM misconfiguration Overprivileged users, roles, and policies Publicly exposed storage buckets Security group and firewall misconfiguration Logging and monitoring gaps Key and secret exposure Public snapshots or images Cloud database exposure Insecure serverless configurations Misconfigured Kubernetes or container workloads Lack of encryption Insecure CI/CD secrets handling 5. Active Directory and Internal Security Assessment Where applicable, assess Active Directory and internal domain security posture. Expected coverage includes: Domain enumeration Weak password policy review Kerberoasting risk AS-REP roasting risk Excessive privileges Local admin exposure Misconfigured shares Credential reuse risks Group Policy weaknesses Privilege escalation paths Lateral movement possibilities High-risk domain permissions Attack path identification using tools such as BloodHound 6. Vulnerability Validation and Exploitability Analysis The consultant must not only run scanners but also manually validate findings. For each finding, the consultant should identify: Whether the vulnerability is actually exploitable Business impact Technical impact Attack complexity Required privileges Exploitation prerequisites Affected asset or endpoint Evidence of successful validation Risk rating Remediation recommendation Retesting steps Tools and Technical Skills Required The specialist should have hands-on experience with tools such as: Burp Suite Professional or Community OWASP ZAP Nmap Nessus / OpenVAS / Qualys / Nexpose Nikto SQLMap Amass / Subfinder / Assetfinder Gobuster / ffuf / Dirsearch Metasploit, where safe and approved Wireshark / tcpdump Hydra, where permitted BloodHound / SharpHound CrackMapExec / NetExec Impacket tools Postman / Insomnia GraphQL testing tools ScoutSuite / Prowler / Pacu / Cloudsplaining kube-bench / kube-hunter, if Kubernetes is in scope Git secrets / TruffleHog / Gitleaks Custom scripting using Python, Bash, or PowerShell The consultant should be able to use tools responsibly, avoid destructive payloads, and clearly explain what was tested. Expected Deliverables The freelancer must provide the following deliverables: 1. Executive Summary Report A business-friendly summary covering: Overall security posture Critical and high-risk findings Business impact Key attack paths Priority remediation areas Risk trend summary Recommended next actions 2. Detailed Technical Report The technical report must include: Vulnerability title Severity rating CVSS score, wherever applicable Affected asset, URL, API, IP, host, or service Description of the vulnerability Technical impact Business impact Steps to reproduce Proof of concept evidence Screenshots Request and response samples, where applicable Exploitability explanation Remediation guidance References Retesting procedure 3. Vulnerability Tracker A separate Excel or CSV tracker containing: Finding ID Asset Vulnerability name Severity CVSS score Status Owner Remediation recommendation Target closure date Retest status Remarks 4. Attack Path Summary Where applicable, provide a clear attack path narrative explaining how multiple weaknesses can be chained. Example: Reconnaissance → exposed service → weak authentication → privilege escalation → lateral movement → sensitive data exposure 5. Retesting Support The consultant should support one round of retesting after remediation, validate closure, and update the report status accordingly. Reporting Quality Expectations The report must be professional, client-ready, and technically accurate. We do not want generic scanner exports. Scanner results may be included as annexures, but the final report must contain manually verified, clearly explained, and risk-prioritized findings. Each finding must have enough detail for developers, IT teams, and security teams to reproduce and fix the issue.

  • Less than 30 hrs/week
    Hourly
  • 1-3 months
    Duration
  • Intermediate
    Experience Level
  • $10.00

    -

    $20.00

    Hourly
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Search Engine Optimization
Nice-to-have skills
Social Media Marketing
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:2 weeks ago
  • Interviewing:
    11
  • Invites sent:
    12
  • Unanswered invites:
    2
About the client
Member since Jun 15, 2026
  • India
    3:14 AM

Explore similar jobs on Upwork

Cybersecurity Expert for IoT and Hardware HackingFixed-price‐ Posted 1 month ago
C
C++
Internet of Things
Lead Generation
Internet Marketing
Cloud Computing
Cloud Security Framework
Network Security
Solution Architecture
Security Infrastructure
Application Security
Security Engineering

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo