We are experiencing repeated security warnings from our automated scanning tools and have identified multiple potential vulnerabilities across our web platform, including insecure API endpoints, weak input validation, and inconsistent authentication logic.

We need an Application Security Specialist to perform a complete security assessment of our application and address the following issues:

Current Challenges:

• Possible injection points detected during routine scans
• Authentication flow inconsistencies on our user dashboard
• API endpoints returning excessive data exposure
• Missing sanitization in form inputs
• No centralized security validation structure in the codebase
• Lack of secure coding guidelines for developers
• No automated security tests integrated into our CI/CD pipeline

Required Deliverables:

• Full secure code review
• Threat modeling document for all critical components
• Fix or patch implementation for discovered vulnerabilities
• OWASP ASVS compliance repor
• Secure API design improvements
• Security tests integrated into CI/CD (SAST, DAST)
• Final report outlining issues, fixes, and prevention guidelines

Required Expertise:

• Deep knowledge of OWASP Top 10 & ASVS
• Hands-on vulnerability remediation (not just reporting)
• Secure API design & token handling
• Experience with SAST/DAST tools
• Ability to collaborate with DevOps for automated security gates