CISO / Penetration Tester — Security Review & Attestation (Short Engagement)

We're a legal-tech SaaS startup preparing for a security review by an enterprise client (a large construction/engineering group). We have already performed an extensive internal penetration test and security assessment - full evidence package included: endpoint inventory, OWASP/ASVS/CWE-mapped test results, raw command output, screenshots, confirmed findings with remediation + re-test proof. We need a qualified, credentialed security professional to review our evidence, independently validate a sample of the findings, and issue a signed letter of attestation that the testing methodology is sound and the findings are accurate. This is a review-and-attest engagement, not a build-from-scratch pentest. Most of the work is done — we need your credentials, your independent eyes, and your signature. Scope of work: 1. Review our penetration-test report + evidence package (we provide everything organized). 2. Independently re-run / spot-check a sample of the documented tests to confirm accuracy. 3. Validate the methodology against recognized standards (OWASP, PTES, ASVS). 4. Issue a signed letter of attestation suitable for sharing with our enterprise client. 5. (Optional) Flag any gaps you'd recommend closing. Required skills / qualifications: - Recognized security credential — one or more of: OSCP, CREST, CISSP, CEH, or equivalent (the certification is what makes the stamp credible). - Hands-on web application + API penetration testing (OWASP Top 10, API Security Top 10, ASVS). - Experience with multi-tenant SaaS access-control / authorization testing (IDOR, broken access control, tenant isolation). - Familiarity with cloud infrastructure security (we run Next.js/Vercel + Python/FastAPI + Postgres + Cloudflare). - Ability to write a clear, signable attestation letter an enterprise CISO will accept. - English (Hebrew a plus, not required). Nice to have: SOC 2 / ISO 27001 / GDPR / Israeli PPL familiarity; LLM/AI-security awareness.