Hire the Best Information Security Audit Professionals

Clients rate our Information Security Audit Professionals
Rating is 4.6 out of 5.
4.6/5
Based on 205 client reviews
Ali H.

Manama, Bahrain

$20/hr
4.9
177 jobs

Trusted Advisor ๐Ÿฅ‡ ๐Ÿš€ Get Audit-Ready in 6 Weeks โ€” Guaranteed. Confused by compliance? I translate complex regulations into simple, actionable steps. Whether you need to win enterprise trust with ISO 27001 or unblock sales with a SOC 2 report, I provide the fastest, most cost-effective path to certification. Why hire a consultant when you can hire a Strategic Partner? As the Founder of Axipro, Iโ€™ve led over 100 successful certifications in the last year alone. We don't just "give advice"โ€”we handle the heavy lifting. ๐Ÿ›  THE GRC TOOL EXPERT Are you struggling with your automated GRC platform? I am an official partner and power user of: โœ… Drata (Gold Partner) โœ… Vanta (Expert Implementation) โœ… Secureframe, Thoropass, Sprinto, Scrut, & more. I can help you get your progress running in record time and even provide discounted subscription rates through our MSSP partnership. ๐Ÿ›ก ONE-STOP COMPLIANCE SHOP - Policies & Procedures: Custom-tailored, audit-ready documentation. - Risk Management: Deep-dive assessments that protect your business. - Security Questionnaires: Get them off your desk and submitted in hours, not weeks. - Vulnerability Assessment and Penetration Testings: Remediation recommendations and detailed reports to improve security posture - CPA Attestation: We have in-house CPAs to sign off on your SOC 2 Type 1 & 2 reports. ๐ŸŒ GLOBAL STANDARDS COVERED ISO 27001, 9001, 14001, 45001, 27701, 27017, 27018, 42001 (AI) | SOC 2 Type 1 & 2 | HIPAA | PCI DSS | GDPR | FedRAMP | NIST CSF | CMMC | TISAX | HITRUST | SAMA NCA โญ WHAT CLIENTS ARE SAYING "Ali is a lifesaver. He got us SOC 2 certified through Vanta and saved us months of work." โ€” Founder, Druxia (USA) "Knowledgeable, professional, and incredibly responsive. Ali got us across the line with Drata for ISO 27001." โ€” Founder, Tilt Legal (AUS) ๐Ÿ’Ž THE AXIPRO ADVANTAGE 10+ Years Experience: Lead Engineer & Auditor minds

  • SOC 2
  • ISO 27001
  • IT Compliance Audit
  • HIPAA
  • SOC 2 Report
  • PCI DSS
  • AI Compliance
  • Data Privacy
  • GDPR
  • Governance, Risk Management & Compliance
  • Penetration Testing
  • Information Security Consultation
  • AI Governance
  • AI Security
  • CMMC
  • ISO 14001
Kashif Sohail A.

Sargodha, Pakistan

$35/hr
5.0
25 jobs

๐Ÿฅ‡ TOP 5% OUT OF 25,000,000+ Freelancers specialized in Cyber Security. Simplifying Compliance for ISO 27001, ISO 9001, SOC 2, PCI DSS, HIPAA, GDPR & more ! Information Security | IT Compliance | Network Administration | Network Security | Solution Architecture| Network Administration | DevOps Engineering |Cloud Engineering ๐Ÿ”น Cyber Security Specialist with 15+ Years of Experience in SOC 2, ISO 27001 Compliance, and Penetration Testing ๐Ÿ”น Proven Expertise in Risk Assessment, Security Audits, and Threat Analysis ๐Ÿ”น Secured 50+ Businesses across 12 Countries from Cyber Threats and Data Breaches ๐Ÿ”น CEH, ECSA, CISSP, CISA, CISM, CRISC, CDPSE, Fortify, Symantec About Me: Hi, I'm Kashif Abid, a Cyber Security Expert specializing in SOC 2 and ISO 27001 compliance, as well as penetration testing. With over 8 years of experience in the cybersecurity industry, I have worked with organizations worldwide to establish robust security frameworks and implement best practices to protect sensitive information. My goal is to help businesses achieve regulatory compliance, mitigate security risks, and stay resilient against evolving cyber threats. We are a good match if you are: โœ… Busy developing your product or business and donโ€™t have time and resources to be consumed by compliance efforts and endless meetings, halting your production for months โœ… Already purchased a DIY compliance tool (Drata, Vanta, Thoropass/HeyLaika, Sprinto, Tugboat Logic, SecureFrame, Strike Graph, Audit Board, Trust Cloud, and so on) but ๐™™๐™ค๐™ฃโ€™๐™ฉ ๐™ ๐™ฃ๐™ค๐™ฌ ๐™ฉ๐™๐™š ๐™ฃ๐™š๐™ญ๐™ฉ ๐™จ๐™ฉ๐™š๐™ฅ ๐™ค๐™ง ๐™™๐™ค๐™ฃโ€™๐™ฉ ๐™๐™–๐™ซ๐™š ๐™ฉ๐™ž๐™ข๐™š. โœ… You quickly need quick security or privacy awareness training, cloud security posture assessment (AWS, GCP, Azure), endpoint security (MS 365 - Intune, Jumpcloud, Google Workspace), or penetration testing? โœ… Want to decrease your sale cycle by being compliant and having all the answers for the security and privacy questionnaires? โœ… Facing challenges with the security and privacy implications of AI products? โœ… Want continuous access to a certified, creditable security, compliance, and privacy professional to manage your security framework? -> Continous virtual CISO (vCISO / fractional CISO) service with affordable weekly payments! โœ… Need world-class, battle-proof security and privacy policies and you need it quickly? The kind of ones that have passed audits by KMPG, Deloitte, E&Y, Pepsi, Uber, Verizon, Philips, Facebook, and many others. โœ…You want problems to be solved by the BEST **Services ๐Ÿ“Œ SOC 2 & ISO 27001 Compliance Audits ๐Ÿ“Œ Penetration Testing (Network, Web, Mobile, API, and Cloud) ๐Ÿ“Œ Vulnerability Assessment & Management ๐Ÿ“Œ Risk Assessment & Security Audits ๐Ÿ“Œ Security Policy Development & Implementation ๐Ÿ“Œ Incident Response & Threat Intelligence ๐Ÿ“Œ Security Awareness Training ๐Ÿ“Œ Data Loss Prevention & Endpoint Security ๐Ÿ“ข Client Reviews: โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ "Kashifโ€™s expertise in SOC 2 compliance helped us secure our systems efficiently and avoid costly downtime. His detailed audit report and recommendations were game-changers." โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ "Highly recommend Kashif for cybersecurity needs! His penetration testing revealed critical vulnerabilities we were unaware of, allowing us to protect our data proactively." โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ "Outstanding work! Kashif guided us through ISO 27001 certification, making the process seamless and informative. We now have a robust security system thanks to him." โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ "Professional and reliable. Kashifโ€™s risk assessment uncovered areas of improvement, and his actionable recommendations have strengthened our security posture tremendously." About the Diginatives Security Team: Quality over quantity. Excellent quality, on time, always. We only take on projects when we can deliver outstanding results. The team consists of (only) senior experts in AWS, Azure, GCP DevOps, SecOps, Penetration testing, Google Workspace, MS 365 Intune, AppSec, auditing, and compliance. ๐Ÿš€ GRC Tools Partnership as MSP; Drata, Vanta, Secureframe, Thoropass, Tugboat Logic, Slite, Hyperproof, Sprinto, AuditBoard ๐Ÿš€ Security questionnaire and vendor assessment tools: CyberGRX, Panorays, KY3P (S&P, PWC), RSM, CyberVadis, SIG, SIG Lite, CAIQ, VAS, HECVAT, OneTrust, Graphite Connect, Centrl, Whistic, Process Unity ๐Ÿš€Security/Compliance frameworks: ISO 27001, SOC 2, FedRAMP, NIST 800-53, NIST 800-171, NIST CSF, TISAX, HIPAA, HITRUST CSF, GDPR, NERC, ISO 27017, ISO 27018, CMMC, CMMI, TX-RAMP, StateRAMP, AZ-RAMP, NY DFS 23 / NYCRR Part 500, PCI-DSS, FFIEC, C5, ENISA, Center of Information Security (CIS) CSAT, IRAP, PIPEDA, ISO 42001 Invite Me Now! Ready to fortify your organization's cybersecurity and achieve peace of mind? Letโ€™s conn

  • Information Security Audit
  • Information Security
  • Penetration Testing
  • GDPR
  • Cybersecurity Management
  • Certified Information Security Manager
  • SOC 2
  • AI Security
  • ISO 27001
  • Governance, Risk & Compliance Software
  • NIST Cybersecurity Framework
  • IT Compliance Audit
  • Risk Assessment
  • Security Testing
  • Web App Penetration Testing
Aamir T.

Oakley, California

$40/hr
4.4
53 jobs

Organizations don't fail because they lack technology. They fail because security weaknesses remain undiscovered until attackers exploit them. ๐‘จ๐’“๐’† ๐’š๐’๐’– ๐’๐’๐’๐’Œ๐’Š๐’๐’ˆ ๐’‡๐’๐’“ ๐’‚ ๐’„๐’š๐’ƒ๐’†๐’“๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š ๐’‘๐’“๐’๐’‡๐’†๐’”๐’”๐’Š๐’๐’๐’‚๐’ ๐’˜๐’‰๐’ ๐’„๐’‚๐’ ๐’Š๐’…๐’†๐’๐’•๐’Š๐’‡๐’š ๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š ๐’“๐’Š๐’”๐’Œ๐’”, ๐’”๐’•๐’“๐’†๐’๐’ˆ๐’•๐’‰๐’†๐’ ๐’š๐’๐’–๐’“ ๐’Š๐’๐’‡๐’“๐’‚๐’”๐’•๐’“๐’–๐’„๐’•๐’–๐’“๐’†, ๐’Š๐’Ž๐’‘๐’“๐’๐’—๐’† ๐’„๐’๐’Ž๐’‘๐’๐’Š๐’‚๐’๐’„๐’† ๐’‘๐’๐’”๐’•๐’–๐’“๐’†, ๐’‚๐’๐’… ๐’”๐’†๐’„๐’–๐’“๐’† ๐’š๐’๐’–๐’“ ๐’„๐’๐’๐’–๐’… ๐’†๐’๐’—๐’Š๐’“๐’๐’๐’Ž๐’†๐’๐’•๐’” ๐’ƒ๐’†๐’‡๐’๐’“๐’† ๐’‚๐’•๐’•๐’‚๐’„๐’Œ๐’†๐’“๐’” ๐’‡๐’Š๐’๐’… ๐’—๐’–๐’๐’๐’†๐’“๐’‚๐’ƒ๐’Š๐’๐’Š๐’•๐’Š๐’†๐’”? I help startups, enterprises, and government organizations build secure, compliant, and resilient environments. ๐‘พ๐’Š๐’•๐’‰ 15+ ๐’š๐’†๐’‚๐’“๐’” ๐’๐’‡ ๐’‰๐’‚๐’๐’…๐’”-๐’๐’ ๐’†๐’™๐’‘๐’†๐’“๐’Š๐’†๐’๐’„๐’† ๐’Š๐’ ๐’„๐’š๐’ƒ๐’†๐’“๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š, ๐’Š๐’๐’‡๐’๐’“๐’Ž๐’‚๐’•๐’Š๐’๐’ ๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š, ๐’”๐’š๐’”๐’•๐’†๐’Ž ๐’‚๐’…๐’Ž๐’Š๐’๐’Š๐’”๐’•๐’“๐’‚๐’•๐’Š๐’๐’, ๐’„๐’๐’๐’–๐’… ๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š, ๐’„๐’๐’Ž๐’‘๐’๐’Š๐’‚๐’๐’„๐’†, ๐’‚๐’๐’… ๐‘ซ๐’†๐’—๐‘บ๐’†๐’„๐‘ถ๐’‘๐’”, ๐‘ฐ ๐’…๐’†๐’๐’Š๐’—๐’†๐’“ ๐’‘๐’“๐’‚๐’„๐’•๐’Š๐’„๐’‚๐’ ๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š ๐’”๐’๐’๐’–๐’•๐’Š๐’๐’๐’” ๐’•๐’‰๐’‚๐’• ๐’“๐’†๐’…๐’–๐’„๐’† ๐’“๐’Š๐’”๐’Œ ๐’‚๐’๐’… ๐’”๐’–๐’‘๐’‘๐’๐’“๐’• ๐’ƒ๐’–๐’”๐’Š๐’๐’†๐’”๐’” ๐’ˆ๐’“๐’๐’˜๐’•๐’‰. I do not provide generic recommendations or automated scan reports. I deliver actionable security insights, practical remediation strategies, and measurable improvements that directly support business objectives. ๐–๐ก๐ž๐ง ๐œ๐ฅ๐ข๐ž๐ง๐ญ๐ฌ ๐ž๐ง๐ ๐š๐ ๐ž ๐ฆ๐ž, ๐ญ๐ก๐ž๐ฒ ๐ ๐š๐ข๐ง ๐š ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐ฉ๐š๐ซ๐ญ๐ง๐ž๐ซ ๐œ๐š๐ฉ๐š๐›๐ฅ๐ž ๐จ๐Ÿ ๐ฎ๐ง๐๐ž๐ซ๐ฌ๐ญ๐š๐ง๐๐ข๐ง๐  ๐›๐จ๐ญ๐ก ๐ญ๐ž๐œ๐ก๐ง๐ข๐œ๐š๐ฅ ๐œ๐ก๐š๐ฅ๐ฅ๐ž๐ง๐ ๐ž๐ฌ ๐š๐ง๐ ๐›๐ฎ๐ฌ๐ข๐ง๐ž๐ฌ๐ฌ ๐ซ๐ž๐ช๐ฎ๐ข๐ซ๐ž๐ฆ๐ž๐ง๐ญ๐ฌ. ๐Ÿ’ผ ๐„๐ฑ๐ฉ๐ž๐ซ๐ญ๐ข๐ฌ๐ž: โœ” Penetration Testing (Web, API, Network, Cloud) โœ” Vulnerability Assessment & Risk Management โœ” ISO 27001, SOC 2, NIST & Security Compliance โœ” Cloud Security (AWS & Azure) โœ” DevSecOps & CI/CD Security โœ” Identity & Access Management (IAM) โœ” Windows & Linux System Administration โœ” Security Architecture & Infrastructure Hardening โœ” SIEM, Security Monitoring & Incident Response ๐Ÿ› ๏ธ ๐–๐ก๐š๐ญ ๐ˆ ๐ƒ๐ž๐ฅ๐ข๐ฏ๐ž๐ซ ๐Ÿ”น Comprehensive Security Assessments ๐Ÿ”น Actionable Remediation Recommendations ๐Ÿ”น Compliance Gap Analysis & Readiness Support ๐Ÿ”น Cloud & Infrastructure Security Reviews ๐Ÿ”น Secure DevOps Implementation ๐Ÿ”น Security Policies, Standards & Procedures ๐Ÿ”น Risk Reduction & Security Improvement Strategies โญ ๐–๐ก๐ฒ ๐–๐จ๐ซ๐ค ๐–๐ข๐ญ๐ก ๐Œ๐ž? โœ” 15+ Years of Proven Cybersecurity Experience โœ” Expertise Across Security, Compliance, Infrastructure, and Cloud โœ” Business-Focused Security Solutions โœ” Strong Technical and Strategic Leadership โœ” Deep Understanding of Modern Threat Landscapes โœ” Clear Communication and Executive-Level Reporting โœ” Trusted Advisor for Long-Term Security Initiatives โœ” Hands-On Experience with Complex Security Environments Cybersecurity is no longer optional. A single vulnerability, misconfiguration, or compliance failure can lead to financial loss, operational disruption, regulatory penalties, and reputational damage. ๐‘ฐ ๐’…๐’๐’'๐’• ๐’‹๐’–๐’”๐’• ๐’Š๐’…๐’†๐’๐’•๐’Š๐’‡๐’š ๐’—๐’–๐’๐’๐’†๐’“๐’‚๐’ƒ๐’Š๐’๐’Š๐’•๐’Š๐’†๐’”, ๐‘ฐ ๐’‰๐’†๐’๐’‘ ๐’๐’“๐’ˆ๐’‚๐’๐’Š๐’›๐’‚๐’•๐’Š๐’๐’๐’” ๐’†๐’๐’Š๐’Ž๐’Š๐’๐’‚๐’•๐’† ๐’“๐’Š๐’”๐’Œ๐’”, ๐’”๐’•๐’“๐’†๐’๐’ˆ๐’•๐’‰๐’†๐’ ๐’…๐’†๐’‡๐’†๐’๐’”๐’†๐’”, ๐’‚๐’๐’… ๐’ƒ๐’–๐’Š๐’๐’… ๐’”๐’†๐’„๐’–๐’“๐’Š๐’•๐’š ๐’‘๐’“๐’๐’ˆ๐’“๐’‚๐’Ž๐’” ๐’•๐’‰๐’‚๐’• ๐’”๐’–๐’‘๐’‘๐’๐’“๐’• ๐’ƒ๐’–๐’”๐’Š๐’๐’†๐’”๐’” ๐’ˆ๐’“๐’๐’˜๐’•๐’‰. ๐ˆ๐Ÿ ๐ฒ๐จ๐ฎ'๐ซ๐ž ๐ฅ๐จ๐จ๐ค๐ข๐ง๐  ๐Ÿ๐จ๐ซ ๐š ๐œ๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐ฉ๐ซ๐จ๐Ÿ๐ž๐ฌ๐ฌ๐ข๐จ๐ง๐š๐ฅ ๐ฐ๐ก๐จ ๐œ๐จ๐ฆ๐›๐ข๐ง๐ž๐ฌ ๐๐ž๐ž๐ฉ ๐ญ๐ž๐œ๐ก๐ง๐ข๐œ๐š๐ฅ ๐ž๐ฑ๐ฉ๐ž๐ซ๐ญ๐ข๐ฌ๐ž with a business-focused approach, let's discuss how I can help secure your environment. Connect with me today! ๐ŸŒ #CyberSecurity #InformationSecurity #Pentest #Compliance # DevOps #System Administration #IAM #GRC #CloudSecurity #SecurityOps #NIST #GuardianOfYourData #Cybersecurity #EthicalHacking #InformationSecurity

  • Information Security Audit
  • Information Security
  • Penetration Testing
  • Network Security
  • Cloud Security
  • Cloud Testing
  • Threat Detection
  • Microsoft Azure
  • Compliance
  • SOC 2
  • Linux System Administration
  • Vulnerability Assessment
  • DevOps
  • ISO 27001
  • Risk Assessment
  • Incident Response Plan
  • Google Workspace Administration
  • Data Analysis
  • Encryption
  • Investigative Reporting
Haider A.

Multan, Pakistan

$28/hr
4.8
44 jobs

Cyber threats are evolving every second. The question is not whether your organization will be targeted, it is whether you will be ready when it happens. I am Haider Ali, a Cybersecurity Engineer with 4+ years of hands-on experience building and defending enterprise security environments. I currently work as a Security Analyst for a US-based security firm, which means I am actively in the trenches every single day, not just theorizing, but detecting, hunting, and responding to real threats in real time. When you hire me, you are not getting someone who read about security. You are getting someone who lives it. ๐Ÿ”’ WHAT I DO FOR YOUR BUSINESS โœฆ SOC Operations & Management Whether you need to build a SOC from scratch or optimize an existing one, I cover the full operational lifecycle. From alert triage and incident investigation to escalation workflows and executive reporting, your security operations will run with precision and clarity. โœฆ Threat Detection & Threat Hunting I go beyond waiting for alerts. Using MITRE ATT&CK, LOLBAS, and hypothesis-driven hunting methodologies, I actively search for threats that have already bypassed your perimeter and are quietly living inside your environment. โœฆ Detection Engineering & Use Case Development Generic detection rules generate noise. I build custom, environment-specific detection logic across SIEM, EDR, XDR, and CASB platforms that is tuned for precision. Less false positives, more real detections, and a security team that actually trusts its alerts. โœฆ Incident Response & Digital Forensics When something happens, speed and accuracy matter. I manage the full IR lifecycle covering initial containment, deep investigation, root cause analysis, attacker timeline reconstruction, and a final report your leadership can actually understand and act on. โœฆ Cyber Threat Intelligence (CTI) Raw threat data is useless without context. I work with OpenCTI, MISP, and Group-IB to build intelligence pipelines that turn IOCs and TTPs into actionable detections. STIX/TAXII feed integration, adversary profiling, and intelligence-driven defense โ€” all part of the package. โœฆ SIEM, SOAR & XDR Deployment I have deployed, administered, and optimized some of the most widely used security platforms in the industry. From log source onboarding and correlation rule development to full SOAR playbook automation, I make sure your security stack is not just installed but actually working for you. โœฆ EDR & XDR Administration Endpoint visibility is where most attacks are won or lost. I deploy and manage CrowdStrike Falcon, Fortinet FortiGate, and Kaspersky EDR solutions ensuring your endpoints are monitored, hardened, and responsive. โœฆ Vulnerability Assessment & Penetration Testing I identify your weaknesses before attackers do. Using industry-standard tools and methodologies, I conduct thorough VA/PT engagements across networks, infrastructure, and web applications, delivering findings in clear, prioritized, and actionable reports. โœฆ Security Consulting & Mentoring Need help architecting your security program, selecting the right tools, or training your team? I offer consulting for startups, MSSPs, and security leaders who want straight answers without the vendor bias. โš™๏ธ MY SECURITY ARSENAL SIEM and Log Management: CrowdStrike Falcon LogScale, LogRhythm, Splunk Enterprise, IBM QRadar, Wazuh with ELK Stack EDR and XDR: CrowdStrike Falcon (CCFA Certified), Fortinet FortiGate, Kaspersky Security Center Threat Intelligence: OpenCTI, MISP, Group-IB, STIX/TAXII Feeds CASB and Cloud Security: Skyhigh CASB, Microsoft Azure Security SOAR and Automation: LogRhythm SOAR, Custom Python and PowerShell Playbooks VA and Penetration Testing: Nessus Professional, Burp Suite, Nmap, Metasploit, Kali Linux, Wireshark Frameworks: MITRE ATT&CK, LOLBAS, Kill Chain, OWASP Top 10 Network Security: Fortinet, Cisco ASA, Palo Alto, Wireshark ๐Ÿ“œ CERTIFICATIONS โœฆ CrowdStrike Certified Falcon Administrator (CCFA) โœฆ Practical Ethical Hacking โ€” TCM Security Academy โœฆ Cyber Threat Intelligence 101 โ€” arcX โœฆ Linux 101 โ€” TCM Security Academy โœฆ Regular Expressions in Python โ€” Coursera ๐Ÿ’ก WHY CLIENTS WORK WITH ME โœ… Actively working with a US-based security firm, real remote delivery, real results โœ… Enterprise-grade tools experience that most freelancers cannot match โœ… I document everything clearly so your team is never left in the dark โœ… Honest, direct communication with zero overselling โœ… Available across all time zones for both short engagements and long-term partnerships Security is not a product you buy once. It is a posture you build over time. Let me help you build it right. Message me anytime ๐Ÿค™

  • Information Security Audit
  • Information Security
  • Cybersecurity Monitoring
  • Cybersecurity Management
  • Cybersecurity Tool
  • SOC 2
  • SOC 2 Report
  • Information Security Governance
  • Information Security Threat Mitigation
  • Information Security Consultation
  • Technical Writing
  • Security Operation Center
  • Cyber Threat Intelligence
  • Penetration Testing
  • Vulnerability Assessment
David M.

Tonbridge, United Kingdom

$50/hr
5.0
3 jobs

๐Ÿ”’ You need security that actually works โ€” not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. ๐ŸŽฏ Where can I help: ๐Ÿ—ก๏ธ Network & Infrastructure Penetration Testing โ€” adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. ๐ŸŒ Application Penetration Testing โ€” web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. โ˜๏ธ Microsoft 365 Security Assessment โ€” Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. ๐Ÿ”ท Azure Security Assessment โ€” identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. ๐ŸŸข Google Workspace, GCP & AWS Security Assessments โ€” configuration and access control assessments across Google and Amazon cloud environments. ๐Ÿ›๏ธ Security Architecture and Risk Advisory โ€” senior technical input on architecture decisions, control design and risk without a full engagement commitment. ๐Ÿ‘ค Every engagement is delivered directly by me โ€” David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. ๐Ÿ“‹ How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: โœ… A visually structured report with clear separation between executive summary, findings and remediation roadmap โ€” written to be read by people who are not security specialists โœ… Risk ratings adjusted to your specific environment and context, not defaulted from a tool โœ… A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially โœ… Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement โ€” you are never waiting until the end to hear something important โœ… Daily status updates so you always know where the engagement stands โœ… A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure โ€” not whether it looks configured โ€” I am worth a conversation.

  • Information Security Audit
  • Penetration Testing
  • Web Application Security
  • Network Penetration Testing
  • Office 365
  • Microsoft Azure
  • Cloud Security
  • Network Security
  • Vulnerability Assessment
  • Security Assessment & Testing
  • Cybersecurity Management
  • Zero Trust Architecture
  • Security Analysis
  • Google Cloud Platform
  • Google Workspace
  • Amazon Web Services
  • NIST Cybersecurity Framework
  • Microsoft 365 Copilot
  • Internet Security
  • Information Security Consultation
Bhashit P.

Ahmedabad, India

$25/hr
5.0
43 jobs

TOP-Rated Plus Upwork Member. (Top 3%) We are a Cyber Security Consulting firm operated by former government and Fortune 500 hackers. Our team has been inside networks big and small, from electrical grids to water facilities. No network is too complex for us. We have expertise helping and securing SaaS organizations. Our Services: - Penetration Testing: - ISO27001 - SOC2 - GDPR - HIPAA - Phishing Engagements - External Assessments Why Choose Us? Unmatched Expertise: Our team comprises international banks, SaaS applications and Fortune 500 clients who bring unparalleled skills and insights to every project. With hands-on experience in securing some of the most complex networks in the world, we possess a deep understanding of the cyber threat landscape and the tactics used by attackers. Results-Focused: We are dedicated to delivering actionable results. Our assessments and tests are designed to provide you with clear, practical recommendations that can be implemented to enhance your security posture. Our focus is on ensuring that your network is not only secure but also resilient against evolving threats. Our Certifications: Our team holds industry-leading certifications that validate our expertise and commitment to excellence: CEH: Certified Ethical Hacking CRTO (Certified Red Team Operator): Demonstrates our proficiency in performing advanced red team operations to identify and exploit vulnerabilities. CRTL (Certified Red Team Leader): Reflects our ability to lead and manage complex red team engagements with custom and secure infrastructure. Not even EDR will inhibit our performance so that way we can provide even greater impact. OSCP (Offensive Security Certified Professional): Highlights our skill in conducting thorough penetration tests and developing creative solutions to security challenges. At Ownux Global, we cater to enterprise but also to the startups, web application developers, offering a professional yet relaxed approach to cyber security. Our mission is to safeguard your digital assets with the highest level of expertise and dedication, providing you with peace of mind in an increasingly digital world. Ready to secure your network? Letโ€™s get started. Contact us today to discuss how we can help protect your business from cyber threats.

  • Network Penetration Testing
  • OWASP
  • Cloud Security
  • Web Application Security
  • Vulnerability Assessment
  • Penetration Testing
  • SOC 2
  • ISO 27001
  • HIPAA
  • Compliance Consultation
  • Governance, Risk Management & Compliance

How it works

Post a job for free Post a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Information Security Audit Freelancer on Upwork?

You can hire a Information Security Audit Freelancer on Upwork in four simple steps:

  • Create a job post tailored to your Information Security Audit Freelancer project scope. Weโ€™ll walk you through the process step by step.
  • Browse top Information Security Audit Freelancer talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Information Security Audit Freelancer profiles and interview.
  • Hire the right Information Security Audit Freelancer for your project from Upwork, the worldโ€™s largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Information Security Audit Freelancer?

Rates charged by Information Security Audit Freelancers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Information Security Audit Freelancer on Upwork?

As the worldโ€™s work marketplace, we connect highly-skilled freelance Information Security Audit Freelancers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Information Security Audit Freelancer team you need to succeed.

Can I hire a Information Security Audit Freelancer within 24 hours on Upwork?

Depending on availability and the quality of your job post, itโ€™s entirely possible to sign up for Upwork and receive Information Security Audit Freelancer proposals within 24 hours of posting a job description.