Freelance VAPT Specialist / Penetration Tester
Worldwide
We are seeking a skilled Freelance VAPT Specialist or Penetration Tester to conduct comprehensive security assessments. The role involves identifying vulnerabilities in web applications, APIs, networks, cloud systems, and infrastructure. The ideal candidate will have experience in performing penetration tests and providing detailed reports to enhance security measures. Familiarity with compliance standards and risk management is essential. We are looking for an experienced freelance VAPT specialist to perform security assessments across web applications, APIs, external infrastructure, internal network assets, cloud environments, and related enterprise systems. The consultant should be capable of performing both automated and manual testing, validating vulnerabilities, identifying exploitable attack paths, providing clear technical evidence, and preparing professional remediation-focused reports. This engagement is strictly for authorized security testing. All activities must follow agreed scope, testing windows, rules of engagement, and non-destructive testing practices. Scope of Work The selected specialist may be required to perform one or more of the following activities: 1. Web Application Security Testing Perform manual and automated security testing for web applications covering OWASP Top 10 and business logic flaws. Expected coverage includes: SQL Injection Cross-Site Scripting Cross-Site Request Forgery Server-Side Request Forgery Authentication and authorization bypass Broken access control IDOR vulnerabilities Session management weaknesses File upload vulnerabilities Directory traversal Security misconfiguration Sensitive data exposure Business logic abuse Rate limiting issues Input validation weaknesses Insecure cookies and headers Client-side security issues API calls exposed through frontend applications 2. API Security Testing Perform security assessment of REST APIs, GraphQL APIs, and backend service endpoints. Expected coverage includes: Broken object-level authorization Broken function-level authorization Mass assignment Excessive data exposure Improper asset management Rate limit bypass Authentication token weakness JWT misconfiguration API enumeration Parameter tampering Insecure HTTP methods Improper error handling Sensitive data leakage Replay attack possibility API business logic abuse 3. Network and Infrastructure VAPT Perform external and internal infrastructure security assessment. Expected coverage includes: Port and service discovery Service version detection Vulnerability validation Weak protocols and ciphers SMB, RDP, SSH, FTP, DNS, SMTP, VPN, and exposed service testing Misconfigured services Default credentials Patch gaps TLS/SSL configuration review Firewall and segmentation validation Privilege escalation possibility Lateral movement risk identification Attack path mapping across exposed assets 4. Cloud Security Assessment Assess cloud environments such as AWS, Azure, or GCP, depending on the project scope. Expected coverage includes: IAM misconfiguration Overprivileged users, roles, and policies Publicly exposed storage buckets Security group and firewall misconfiguration Logging and monitoring gaps Key and secret exposure Public snapshots or images Cloud database exposure Insecure serverless configurations Misconfigured Kubernetes or container workloads Lack of encryption Insecure CI/CD secrets handling 5. Active Directory and Internal Security Assessment Where applicable, assess Active Directory and internal domain security posture. Expected coverage includes: Domain enumeration Weak password policy review Kerberoasting risk AS-REP roasting risk Excessive privileges Local admin exposure Misconfigured shares Credential reuse risks Group Policy weaknesses Privilege escalation paths Lateral movement possibilities High-risk domain permissions Attack path identification using tools such as BloodHound 6. Vulnerability Validation and Exploitability Analysis The consultant must not only run scanners but also manually validate findings. For each finding, the consultant should identify: Whether the vulnerability is actually exploitable Business impact Technical impact Attack complexity Required privileges Exploitation prerequisites Affected asset or endpoint Evidence of successful validation Risk rating Remediation recommendation Retesting steps Tools and Technical Skills Required The specialist should have hands-on experience with tools such as: Burp Suite Professional or Community OWASP ZAP Nmap Nessus / OpenVAS / Qualys / Nexpose Nikto SQLMap Amass / Subfinder / Assetfinder Gobuster / ffuf / Dirsearch Metasploit, where safe and approved Wireshark / tcpdump Hydra, where permitted BloodHound / SharpHound CrackMapExec / NetExec Impacket tools Postman / Insomnia GraphQL testing tools ScoutSuite / Prowler / Pacu / Cloudsplaining kube-bench / kube-hunter, if Kubernetes is in scope Git secrets / TruffleHog / Gitleaks Custom scripting using Python, Bash, or PowerShell The consultant should be able to use tools responsibly, avoid destructive payloads, and clearly explain what was tested. Expected Deliverables The freelancer must provide the following deliverables: 1. Executive Summary Report A business-friendly summary covering: Overall security posture Critical and high-risk findings Business impact Key attack paths Priority remediation areas Risk trend summary Recommended next actions 2. Detailed Technical Report The technical report must include: Vulnerability title Severity rating CVSS score, wherever applicable Affected asset, URL, API, IP, host, or service Description of the vulnerability Technical impact Business impact Steps to reproduce Proof of concept evidence Screenshots Request and response samples, where applicable Exploitability explanation Remediation guidance References Retesting procedure 3. Vulnerability Tracker A separate Excel or CSV tracker containing: Finding ID Asset Vulnerability name Severity CVSS score Status Owner Remediation recommendation Target closure date Retest status Remarks 4. Attack Path Summary Where applicable, provide a clear attack path narrative explaining how multiple weaknesses can be chained. Example: Reconnaissance → exposed service → weak authentication → privilege escalation → lateral movement → sensitive data exposure 5. Retesting Support The consultant should support one round of retesting after remediation, validate closure, and update the report status accordingly. Reporting Quality Expectations The report must be professional, client-ready, and technically accurate. We do not want generic scanner exports. Scanner results may be included as annexures, but the final report must contain manually verified, clearly explained, and risk-prioritized findings. Each finding must have enough detail for developers, IT teams, and security teams to reproduce and fix the issue.
- Less than 30 hrs/weekHourly
- 1-3 monthsDuration
- IntermediateExperience Level
$10.00
-
$20.00
Hourly- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Last viewed by client:2 weeks ago
- Interviewing:11
- Invites sent:12
- Unanswered invites:2
About the client
- India3:14 AM
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by