Web Application Security Specialist

is seeking an experienced web application security specialist to address specific vulnerabilities identified in our recent penetration testing assessment. As a healthcare technology company specializing in innovative oral health monitoring solutions, we prioritize robust security standards and regulatory compliance. This is a focused, short-term engagement to remediate six specific security findings in our web application infrastructure. We need an independent contractor who can take full ownership of implementing these security fixes efficiently and professionally. Scope of Work - Specific Vulnerability Remediations Based on our completed Web Penetration Testing assessment, you will address the following security findings: 1. Concurrent Login Management Implementation • Task Type: Application code modification • Requirement: Implement session management mechanism to control concurrent user logins • Options to consider: • Invalidate previous sessions upon new login • Limit active sessions per user account with admin controls • Provide configurable session policies • Deliverable: Production-ready code with comprehensive testing 2. Server Version Disclosure Prevention • Task Type: Server configuration • Requirement: Remove/mask server version information from HTTP responses • Scope: • HTTP response headers (Server, X-Powered-By, framework headers) • Error pages and default framework responses • API endpoints • Validation: Confirm remediation using security scanning tools 3. Vulnerable Framework/Component Upgrade • Task Type: Dependency management and testing • Requirement: Identify and upgrade vulnerable frameworks/libraries to secure versions • Process: • Audit current dependency versions • Plan upgrade path ensuring backward compatibility • Implement upgrades with thorough regression testing • Document all changes and migration steps 4. SSL/TLS Security Hardening • Task Type: Infrastructure configuration • Requirement: Strengthen TLS configuration and eliminate weak ciphers • Scope: • Disable TLS 1.0/1.1 and weak cipher suites • Implement strong, current best-practice cipher configurations • Configure secure SSL/TLS settings on load balancers/web servers • Validation: SSL Labs assessment showing improved security grade 5. Admin Portal Access Control • Task Type: Network security implementation • Requirement: Secure admin portal access behind VPN or equivalent protection • Options: • VPN implementation (OpenVPN, WireGuard, or cloud-native solutions) • IP allowlisting with proper access controls • Zero-trust network access implementation • Deliverable: Secure access solution with documented procedures 6. Open Ports Security Audit • Task Type: Network security assessment and hardening • Requirement: Review and secure network port exposure • Process: • Comprehensive port scan and service audit • Close unnecessary open ports • Implement proper firewall rules and security group configurations • Document justified open ports with security rationale Required Qualifications Essential Experience: • 3+ years in web application security and DevOps/infrastructure security • Proven track record with penetration testing remediation projects • Strong understanding of OWASP security principles • Experience with secure session management and authentication systems • SSL/TLS configuration and certificate management expertise • Network security implementation (firewalls, VPNs, access controls) • Healthcare sector experience strongly preferred Soft Skills: • Ability to work independently with minimal supervision • Clear communication for technical documentation and progress updates • Understanding of healthcare compliance requirements (HIPAA awareness beneficial) Deliverables Technical Implementation: • All security fixes implemented and tested in staging environment • Code changes submitted via pull requests with comprehensive documentation • Infrastructure configuration changes documented and version-controlled Documentation Package: • Detailed remediation report for each vulnerability • Technical documentation of all changes implemented • Updated operational procedures for secure admin access • Security testing evidence and validation reports Knowledge Transfer: • Brief handover session with our development team • Best practices documentation for maintaining security standards • Recommendations for ongoing security monitoring Timeline and Budget • Start Date: Immediate • Engagement Type: Fixed-price contract What We Provide · Complete penetration testing report with detailed findings · Access to staging environment and source code repository · Direct communication with our CTO and DevOps team · Necessary infrastructure access through secure channels · Clear requirements and prompt feedback on deliverables

Project ID: 40188999