← all jobs

Penetration Tester — Web App + Supabase Backend (SaaS Recruiting Platform)

Work from home Full-time role Hiring

Penetration Tester — Web App + Supabase Backend (SaaS Recruiting Platform) Client: ThunderJaws Human Resources Solutions Project: Hire.ThunderJaws.com (production SaaS) Engagement: Fixed-price, ~3 weeks active testing + 30-day retest window Budget range: TBD ________________________________________ About the project ThunderJaws is a live recruiting marketplace (job seekers, employers, admin) with: •React + Vite frontend

  • Supabase backend (Postgres + RLS, Auth, ~40+ Edge Functions, Storage)
  • Stripe billing (Pro tier $199/mo, employer resume unlocks)
  • WebAuthn passkeys + TOTP MFA
  • Resend transactional email
  • Public job-feed endpoint with per-partner UTM tracking

We need a qualified, independent penetration tester to validate the platform end-to-end before scaling paid employer features. ________________________________________ What we're looking for (Step 1 — Initial Review) Apply with a short proposal (1 page max) covering: 1. Your background — years pen-testing, certifications (OSCP / OSWE / GWAPT / CREST / Burp Suite Certified, etc.), and confirmation you are an independent firm or individual (not reselling automated scanners). 2. Relevant experience — at least one prior engagement on a multi-tenant SaaS with Supabase, Postgres RLS, or similar row-level authorization model. 3. One redacted prior pen-test report (PDF) demonstrating manual testing depth — not a Nessus/Burp scan dump. 4. Liability insurance — confirmation of ≥ $1M professional liability coverage. 5. Approach to third-party validation — how you will independently verify that employer-paid resumes are actually delivered to and processed by third parties (ATS webhooks, email deliverability with DMARC/DKIM/SPF, job-board apply receipts, or customer attestation). Google crawlers, Lighthouse, and generic SaaS scanners do NOT qualify — this is a hard requirement. ________________________________________ What we are NOT looking for

  • Automated-scanner-only deliverables
  • Agencies subcontracting to unvetted offshore testers
  • Anyone unfamiliar with Supabase RLS, Edge Functions, or JWT-based auth
  • "Pass/fail" checklists without proof of exploitation or remediation guidance

________________________________________ Next step Selected candidates will receive the full Scope of Work (Step 2) under NDA, including:

  • Detailed in-scope / out-of-scope asset list
  • Acceptance criteria (including the third-party resume validation chain)
  • Deliverables, milestone payment schedule, and retest terms
  • Source-code access on request
  • Test accounts (job seeker, employer, admin)

________________________________________ To apply: Send the 6 items above. Shortlisted candidates will be contacted within 5 business days to receive the full SOW. Independent firms preferred. Recommended profiles: NCC Group, Bishop Fox, Cure53, Trail of Bits caliber — or equivalent independent practitioners.

More open positions

Offensive Security Engineer (Red Team)

Work from home Full-time role

Penetration Testing Engineer

Work from home Full-time role

Security Operations Coordinator (Remote)

Work from home Full-time role

Level 2 Cyber Security Analyst

Work from home Full-time role

Cyber Vulnerability Analyst (Encryptor Specialist)

Work from home Full-time role

Cosmetic Chemist - Long Term Relationship

Work from home Full-time role

SAP Security Engineer (GRC – Technical)

Work from home Full-time role

Appointment Setter (Remote – Contract, Commission-Only) | Malabute & Company CPAs | Handshake

Work from home Full-time role

Experienced Remote Data Entry Specialist – Flexible Work Opportunity at careerzynith

Work from home Full-time role

Software Engineer, Data Infrastructure & Acquisition - Stony Brook, NY, USA

Work from home Full-time role

Civil Engineering Expert - Benchmark Author

Work from home Full-time role

eclean Marketing Intern

Work from home Full-time role

Experienced Customer Service Representative - Specialty: Join careerzynith's Remote Team and Make a Meaningful Impact

Work from home Full-time role

[Remote] Marketing Project Specialist - Remote from Columbia, SC

Work from home Full-time role

[Remote] Web and Digital Marketing Manager

Work from home Full-time role

AI Engineer (REF5308Q)

Work from home Full-time role

Remote Medical Assistant I/II/III-Hematology/Oncology-Kelsey Seybold Clinic: Main Campus

Work from home Full-time role

Health Coach Austin, TX Remote (any location)

Work from home Full-time role

Voluntary Solutions Manager

Work from home Full-time role

Political Associate

Work from home Full-time role

Experienced Freelance Chat/Email Customer Support Agent – Online Dating Platform Support

Work from home Full-time role