I’m finalising a cloud-based web application and need a security-minded software engineer to put it through a thorough penetration-testing cycle before launch. Your mission is to probe the entire stack—front-end, back-end, APIs, authentication flow—and uncover any exploitable weaknesses. You’ll have freedom to wield the usual tools of the trade (Burp Suite, OWASP ZAP, custom scripts, etc.), combine automated scans with targeted manual attacks, and then translate the raw findings into clear, actionable guidance my dev team can follow. Please centre your proposal on your hands-on experience with web-application penetration testing; certifications and tool preferences are welcome context, but keep the focus on what you’ve actually broken or secured in the past. Deliverables I’m expecting: • Executive summary of overall risk posture • Detailed technical report, severity-ranked, with remediation advice • Proof-of-concept exploits or screenshots for critical issues • Short retest confirmation once fixes are deployed I’d like the first report within one week of kick-off, followed by the retest shortly after the fixes are live. If you thrive on hunting vulnerabilities and communicating them clearly, let’s get started.