Web Application Security Assessment & Compliance Expert Needed
We are seeking an experienced Web Application Security & Compliance Specialist to conduct a comprehensive security assessment of our web application environment. The engagement requires both technical security testing and compliance alignment with globally recognized cybersecurity and data protection frameworks. This role is critical and OWASP Top 10 coverage is a mandatory baseline. ________________________________________ Scope of Work The selected consultant will be responsible for the following: 1. Web Application Security Assessment β’Perform a full security review aligned with OWASP Top 10 (mandatory) β’ Identify vulnerabilities including (but not limited to): o Injection attacks (SQL, XSS, command injection) o Broken authentication and authorization o Session management flaws o Security misconfigurations o Insecure APIs o Sensitive data exposure β’ Conduct both automated and manual testing β’ Validate findings with proof-of-concept where applicable ________________________________________ 2. Standards & Framework Alignment Assess and map the application and supporting processes against: β’ ISO/IEC o Access control o Logging & monitoring o Secure configuration o Risk management controls β’ NIST Cybersecurity Framework o Identify o Protect o Detect o Respond o Recover β’ Data Protection & Privacy Regulations o GDPR (EU) o Kenya Data Protection Act o India IT Act & DPDP Act o Review consent, data retention, access control, and breach readiness ________________________________________ 3. Deliverables The consultant must provide: β’ Detailed security assessment report β’ Vulnerability severity classification (Critical / High / Medium / Low) β’ Clear remediation recommendations β’ Compliance gap analysis against each framework β’ Executive-ready summary for management / audit β’ Optional re-test after remediation (preferred) ________________________________________ Required Skills & Experience β’ Proven experience in web application penetration testing β’ Strong hands-on knowledge of OWASP Top 10 β’ Demonstrated experience with ISO audits or implementations β’ Working knowledge of NIST Cybersecurity Framework β’ Experience with PCI-DSS assessments (where applicable) β’ Solid understanding of GDPR and regional data protection laws β’ Familiarity with modern web architectures (APIs, cloud, SPA frameworks) β’ Ability to clearly document findings for both technical and non-technical stakeholders ________________________________________ Nice to Have β’ Relevant certifications (OSCP, CEH, CISSP, CISA, ISO 27001 LA/LI) β’ Experience securing ERP, finance, payroll, or compliance-heavy systems β’ Cloud security experience (Azure / AWS / GCP) ________________________________________ Engagement Details β’ Project Type: Security assessment & compliance review β’ Duration: Short-term / milestone-based β’ Budget: Open (please propose based on scope) β’ Start: Immediate Apply tot his job