Title: Hire authorized web security tester / pentester (must follow rules of engagement) Purpose: Find and report security flaws in our web store and payment flow (authorized testing only) Scope: test specified domains, subdomains, APIs, payment pages, and user account flows (scope will be provided) Must provide written permission to test before work begins Deliverables: prioritized vulnerability report with reproducible steps, screenshots, and remediation advice Include proof-of-concept (non-destructive) for critical issues only with client approval Retest after fixes and provide a short revalidation report Skills required: web app pentesting, OWASP Top 10, auth & session testing, payment flow testing Coding skills: JavaScript, Python, SQL, Bash (for exploit/proof-of-concept and automation) Tools experience: Burp Suite, OWASP ZAP, SQLmap, Nmap, and browser devtools Must follow non-destructive testing practices unless explicitly allowed otherwise No data exfiltration, financial fraud, or public disclosure without client consent Provide timeline estimate and hourly or fixed price quote in the proposal Include previous pentest reports or references (redacted OK) Provide clear communication channel and point-of-contact for scope/approval Confidentiality required; sign NDA if requested Reporting format: PDF or Google Doc + optional Jira tickets / CSV of issues Preferred: experience testing e-commerce, payment gateways, and shopping carts Payment: milestone-based (report delivery, retest) or agreed terms in proposal Acceptance: candidate will be selected after scope clarification and proof of authorization