Job Description: We are looking for a high-level, "on-demand" Cybersecurity Analyst or a firm to perform External Attack Surface Audits for our SMB clients (Medical Clinics, Law Firms, and CPAs).
This is a "Black Box" assignment. You will analyze the client's organization from the outside, exactly how a hacker would, without any internal credentials or network access.
Scope of Work: For each client engagement, you will be responsible for:
- External Vulnerability Scan: Identifying outdated software and unpatched vulnerabilities on public-facing IPs/servers.
- Email & DNS Security Audit: Verification of SPF, DKIM, DMARC, and BIMI records to prevent spoofing.
- Dark Web Credential Audit: Identifying leaked employee credentials linked to the company domain.
- OSINT Attack Surface Mapping: Locating accidental data exposures, open S3 buckets, or misconfigured cloud assets.
- Executive Reporting: Translating technical findings into a professional, "Board-Ready" PDF report.
Technical Requirements:
- "Must own professional licenses" for industry-standard tools (e.g., Nessus Professional, Burp Suite Pro, Shodan, or similar).
- Certifications preferred: OSCP, LPT, or CEH.
Experience: Proven track record of performing audits for US-based professional services (Healthcare/Legal).
Turnaround: Ability to deliver the final report within 72 hours of the request.
The Deliverable (Sample Report Checklist): When applying, please provide a redacted sample report. We are looking for the following:
• Executive Summary: A 1-page "Stoplight" view (Red/Yellow/Green) for the CEO.
• Risk Scoring: Vulnerabilities categorized by Severity (Critical, High, Medium, Low).
• Remediation Roadmap: Clear, step-by-step instructions for the client’s IT team to fix the issues.
• Professional Branding: Clean layout, no typos, and logical flow.
Budget: $500 - $600 per report (Fixed Price).
Note: This is an ongoing partnership. As per scaling, we expect to provide 2–5 audits per month after few successful engagements.
Apply Now
Apply Now