Security Penetration Tester for Healthcare SaaS Platform

We're building a multi-tenant healthcare SaaS platform (B2B) for appointment scheduling with an AI-powered voice agent. We're looking for a penetration tester to validate our security posture before onboarding our first pilot clinic. Tech stack: Cloudflare, Supabase, Clerk, Railway, Twilio The engagement is split into 3 phases: Phase 1 (pre-launch, priority): External attack surface review. Validate that all publicly exposed endpoints are properly secured before going live. Phase 2: Internal platform security. Tenant isolation, RBAC enforcement, role escalation, API authorization. Phase 3: AI/voice agent security. Prompt injection, call flow manipulation, abuse scenarios. Deliverables per phase: Written report with findings ranked by severity Proof of concept for each finding Remediation recommendations Retest of critical/high findings after our fixes Budget: $1,500 - $2,200 for the full 3-phase engagement. We know this is a startup budget. We're looking for someone early in their career or willing to work with an early-stage product, with the understanding that this becomes an ongoing paid relationship as we scale (periodic reassessments, new feature reviews). Methodology: We expect testing aligned with OWASP Top 10 / OWASP ASVS. If you follow a different framework, let us know in your proposal. Timeline: We're ready to start Phase 1 within 2-3 weeks of signing an NDA. In your proposal, please mention: Which of the technologies in our stack you've pentested before, and which would be new A brief example of a similar engagement (SaaS, multi-tenant, or healthcare) Your estimated timeline per phase Your availability Full architecture details, staging access, and role credentials will be shared after NDA signing. Languages: English or Romanian. Apply To this Job