How we work with you.
Pick the model that fits.
Every engagement runs through our Lemon platform with daily progress tracking, AI-augmented testing, and multi-layer quality review — whether it's a single assessment or a year-long partnership.
Engagement Models
Four ways to engage
From a single penetration test to a dedicated security team, choose the model that matches your security needs and operational cadence.
One-Time Engagement
Project-based delivery
Standard project-based engagements with a clear scope, fixed quote, and defined deliverables. Ideal when you need a specific assessment done right, without ongoing commitments.
Scope → Quote → Order → Deliver
Best for
- Single penetration tests or VAPT
- Compliance audits (CERT-In, PCI DSS, ISO 27001)
- One-off application security assessments
- Pre-launch security validation
Annual Contract
Planned annual coverage
A defined annual scope covering multiple engagements through the year. Fixed pricing, predictable budgets, and priority scheduling for all assessments.
Fixed annual pricing with priority scheduling
Best for
- Quarterly VAPT cycles for enterprises
- Continuous compliance maintenance
- Multiple applications and infrastructure
- Annual security program coverage
On-Demand Rate Contract
Flexible, usage-based
Pre-agreed rates per IP, per application, or per man-day. Minimum utilisation commitment with agreed turnaround timelines. Trigger assessments on-demand, including CI/CD integration via our Lemon API.
CI/CD integration via Lemon API
Best for
- DevSecOps teams needing CI/CD-integrated testing
- MSSPs and channel partners
- Organisations with variable testing volumes
- Agile teams with frequent release cycles
Dedicated Team
Embedded security resources
On-site or remote dedicated security professionals for a defined period. Your own security team, managed by Security Brigade, with full platform access and reporting.
On-site or remote, fully managed
Best for
- Large-scale transformation programs
- Sustained red team operations
- In-house SOC augmentation
- Long-term security programs (3–12 months)
Comparison
How the models compare
Each model delivers the same platform-driven quality. The difference is in pricing structure, commitment, and cadence.
| One-Time Engagement | Annual Contract | On-Demand Rate Contract | Dedicated Team | |
|---|---|---|---|---|
| Pricing Model | Fixed project fee | Fixed annual fee | Per IP / per app / per man-day | Monthly retainer |
| Commitment | None | 12 months | Minimum utilisation | 3–12 months |
| Turnaround | 1–4 weeks typical | Priority scheduling | Agreed SLAs | Continuous |
| Ideal For | Single assessments | Enterprise programs | DevSecOps & MSSPs | Large programs & SOC |
One-Time Engagement
Annual Contract
On-Demand Rate Contract
Dedicated Team
Powered by Lemon
Every model runs on the same platform
Regardless of engagement model, every assessment is orchestrated through our proprietary Lemon platform — AI-augmented test case generation, daily progress dashboards, multi-layer L1/L2/L3 quality review, and technology-specific remediation guidance. You get the same structured quality whether it's a one-day test or a year-long program.
Assessments delivered
Enterprise clients
Security professionals
CERT-In empanelled
Not sure which model fits?
Tell us about your security requirements and operational cadence. We'll recommend the engagement model that makes the most sense for your team.