Ongoing Web Application Security & Risk Management Audit
Worldwide
We are seeking an experienced web security and payments auditor to support our ongoing security, compliance, and risk management program. This engagement is part of our proactive risk management policy. The successful appointee will report directly to the board. Scope of work: Periodic review of our web application security posture Audit of payment flow integrity, including Stripe/payment configuration Review of frontend checkout buttons, redirects, forms, and scripts Review of backend payment/session creation logic Review of webhook handling and order fulfilment logic Review of environment variables, deployment secrets, and hosting configuration Review of third-party tools, plugins, tag manager, CMS settings, and analytics integrations Review of purchase tracking events, including Meta Pixel or Conversions API where relevant Review of Git history and deployment changes relating to payment or tracking flows Identification of misconfigurations, insecure practices, or unauthorised changes Key areas of assurance: Payment keys, product IDs, price IDs, and payment links are authorised and correctly configured Checkout redirects and payment flows resolve to approved accounts and endpoints Orders are only marked paid after verified payment confirmation Analytics purchase events only fire after appropriate payment validation Webhooks are correctly verified and securely handled Production secrets and deployment settings align with approved configuration Third-party scripts and integrations are secure and appropriate Deliverables: Board-ready written audit report Summary of risks, observations, and recommendations Evidence/screenshots for material findings Clear risk rating for any issues identified Practical remediation guidance Optional ongoing monitoring or periodic re-audit plan Requirements: Strong experience with web application security audits Experience with Stripe or comparable payment systems Ability to review frontend, backend, deployment, and third-party configurations High attention to detail, discretion, and confidentiality Ability to communicate clearly with non-technical stakeholders and board members Please include examples of relevant security, payments, or risk audit work you have completed.
- Less than 30 hrs/weekHourly
- 6+ monthsDuration
- ExpertExperience Level
$4.00
-
$10.00
Hourly- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- AustraliaPerth4:44 PM
- $244K total spent192 hires, 70 active
- 27,258 hours
- Art & DesignSmall company (2-9 people)
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by