AWS / DevOps / Security Audit / CI/CD Optimization Specialist

Posted 3 weeks ago

Worldwide

Summary

Upwork Job Posting #1 AWS / DevOps / Security Audit / CI/CD Optimization Specialist Job Title AWS DevOps & Security Audit Specialist — Infrastructure Lockdown, Credential Rotation, CI/CD Review & Admin Dashboard (Urgent, One-Day Project) Project Overview Stay Connected Plus, LLC is seeking an experienced AWS DevOps and cloud security specialist to perform a comprehensive, one-day security audit and infrastructure lockdown of our entire AWS environment, GitHub organization, CI/CD pipeline, database access controls, and credential management systems. This is an urgent, time-boxed engagement. A qualified specialist should be able to complete the core work in approximately 8 hours. This is not a discovery project. This is not a billable-hours engagement that expands week over week. I need someone who can move quickly, document thoroughly, and deliver clear results in a single focused workday. At the conclusion of this engagement, I expect a complete transparency report, a secured infrastructure, rotated credentials, documented access controls, and a working admin dashboard that allows me — a nontechnical business owner — to monitor system health without needing to log into the AWS console. About Stay Connected Plus Stay Connected Plus, LLC is a communications platform designed to help incarcerated individuals stay connected with approved outside users including friends, family members, supporters, and approved contacts. The platform serves two main user groups: Outside Users: Non-incarcerated individuals who access the platform through a web application to send and receive messages, manage communication, and handle account-related functions. Incarcerated Users: Individuals in correctional facilities who access the platform through a phone-based IVR system, authenticate with a PIN, manage approved contacts, listen to and send messages, and use available voice features. The platform includes the following technical components: Web application (React frontend) Admin panel Backend API (Node.js) Phone-based IVR voice system (Twilio) Messaging and wallet systems AWS infrastructure (EC2, RDS, Secrets Manager, IAM) GitHub repositories and CI/CD pipeline Third-party API integrations (Twilio, Stripe, PayPal, Deepgram, others) Logging, audit trails, and payment records This is a serious business operating in a regulated and sensitive environment. Security, reliability, privacy, and uptime are not optional — they are foundational requirements. Scope of Work 1. Full Security Audit Review AWS infrastructure for misconfigurations, over-permissioned accounts, and vulnerabilities Review EC2 instances: access controls, key pairs, SSH configuration, security groups Review IAM users, roles, policies, and permissions for least-privilege compliance Review inbound and outbound port rules across all security groups Review RDS database access: who can connect, from where, and with what permissions Review AWS Secrets Manager: what is stored, who can access it, and whether rotation is configured Review environment variables stored in deployment environments or CI/CD systems Review GitHub organization: repository permissions, collaborator access, branch protection rules, secret scanning Review CI/CD pipeline access and deployment credentials Review logs and audit trails: CloudTrail, CloudWatch, access logs Identify all vulnerabilities, unnecessary permissions, exposed surfaces, and risks 2. Full System Lockdown Remove unnecessary or overly broad server and database access Remove old, unused, or unsafe credentials Rotate API keys for all third-party integrations Rotate server key pairs where appropriate Rotate database credentials Rotate secrets and environment credentials stored in Secrets Manager or CI/CD Ensure only explicitly approved users and services have access Prevent developers or assistants from retaining destructive infrastructure access Confirm that all rotated credentials are updated across all dependent systems before old credentials are disabled 3. IAM Role Design Design or recommend a proper Developer IAM role with scoped, least-privilege permissions Design or recommend an Admin Support role that allows read access to operational data without the ability to modify or delete infrastructure Document each role, what it permits, and what it explicitly denies Apply roles to the appropriate users and groups 4. CI/CD Pipeline Review and Optimization Review the current CI/CD pipeline end to end Identify security weaknesses in the deployment process Confirm deployment credentials are stored securely and not exposed in logs or source code Review GitHub Actions or other deployment tools for misconfigurations Recommend and implement best practices for deployment security and reliability Document the full deployment flow in plain language 5. Backup and Retention Review Review current backup procedures for RDS, EC2, and any external database services Identify gaps in backup coverage Recommend a cost-optimized backup and retention policy Document what is backed up, how often, where it is stored, and what the recovery procedure is Balance recovery capability with cost efficiency 6. Admin Operations Dashboard Design and implement a simple, secure, non-destructive admin dashboard that allows me as a nontechnical business owner to monitor infrastructure without accessing the AWS console directly. The dashboard must include: Server status for each EC2 instance (online/offline/health) Ability to restart a server from the dashboard (with confirmation step) Monthly infrastructure cost estimate Current AWS resource usage summary Backup status for databases and servers Deployment status (last deploy, success/failure) Recent errors or operational alerts Security status summary (e.g., any open vulnerabilities flagged) Audit log viewer (recent access events) Plain-English explanations for each metric The dashboard must not expose raw credentials. It must not permit destructive actions without explicit confirmation and proper authorization controls. 7. Documentation and Transparency Report At the conclusion of the engagement, the contractor must deliver: Full written transparency report Before-and-after summary of all changes made Complete list of every credential rotated Complete list of every access point reviewed Complete list of every permission modified All vulnerabilities found and their resolution status Screenshots of key configuration states Recommended ongoing security practices Recommended CI/CD practices going forward Recommended backup schedule Clear instructions for me as the business owner Any remaining risks or recommended follow-up items Required Skills and Experience AWS EC2 — configuration, access control, security groups AWS IAM — users, roles, policies, groups, least-privilege design AWS Secrets Manager — credential storage and rotation AWS RDS — access control and backup review GitHub repository permissions and organization management GitHub Actions or equivalent CI/CD pipeline security Server hardening and secure configuration Credential rotation across interconnected systems Infrastructure security auditing Backup strategy and recovery planning Clear written documentation Ability to communicate findings to a nontechnical business owner Timeline and Availability This is an urgent engagement — work must begin as soon as next week Core deliverables are expected to be completed within approximately 8 hours by a qualified specialist Contractor must be available by phone and screen share during Pacific Time business hours on the agreed work date No delays. No scope expansion. No extended timelines without prior agreement. Communication Requirements This role requires real-time communication. Applicants must understand the following expectations before applying: You must be fluent in spoken and written English You must be available by phone during Pacific Time business hours on the agreed work date When I call during agreed working hours, I expect you to answer or respond within minutes You must be comfortable explaining what you are doing, what you are seeing, and what you recommend — in plain English — while on a phone call or screen share You must have a quiet, professional workspace You must have dedicated high-speed internet that does not drop during a working session You must document your work in real time and provide a written summary at the end Contractor Standards All work must be documented clearly and completely You must not introduce new risks while resolving existing ones You must test credential rotations before disabling old credentials You must confirm changes with me before executing anything destructive or irreversible You must treat all system information, credentials, access details, user data, and business information as strictly confidential You must be willing to sign an NDA if required You must be comfortable working on a platform that serves incarcerated individuals and their approved contacts You must not disappear, delay, make excuses, or attempt to expand this into a longer billing engagement Screening Questions All applicants must answer the following questions in their proposal. Proposals that skip or give vague answers to these questions will not be reviewed. Describe a specific AWS security audit you have performed. What did you find and what did you change? Walk me through your process for rotating credentials across an interconnected system (AWS Secrets Manager, environment variables, third-party APIs, CI/CD) without causing downtime. How do you approach IAM role design for a small team that includes developers and non-technical admin staff? What specific permissions would you deny by default? What is your process for reviewing and securing a GitHub organization, including repository permissions, branch protection rules, and Actions secrets? How would you approach locking down EC2 instances while ensuring that deployment pipelines still function correctly? What backup strategy would you recommend for a platform running RDS and EC2, and how would you balance cost with recovery capability? Are you available by phone during Pacific Time business hours? Can you take a call on short notice during an agreed working session? Have you built or implemented a simple non-technical admin dashboard for infrastructure monitoring? Describe it and what it included. What Your Proposal Must Include A brief summary of similar AWS security audit and lockdown projects you have completed Your specific approach for completing this in a single day What you would audit first and why How you handle credential rotation safely across dependent systems How you document your work during and after the engagement Confirmation that you are available by phone during Pacific Time business hours Confirmation that you have a quiet workspace and high-speed internet Confirmation that you can screen share and explain each step in plain English Confirmation that you are comfortable working on a platform that serves incarcerated users and communication technology Disqualifiers Do not apply if any of the following apply to you: You cannot be reached by phone during Pacific Time business hours You require extensive time to understand basic AWS IAM or security group concepts You have not personally performed credential rotation on a live production system You send generic proposals without reading the posting You cannot explain your work in plain English to a non-technical person You plan to expand this into a multi-week engagement You cannot provide a complete transparency report at the conclusion of the project Closing Statement Stay Connected Plus is a serious platform operating in a regulated and sensitive environment. I need a contractor who is skilled, fast, thorough, and professional. If you are the right person for this role, you already understand everything I have described and you know exactly how to execute it. I am not looking for someone to discover, explore, or investigate over several weeks. I am looking for someone who can arrive prepared, execute a comprehensive audit and lockdown, deliver complete documentation, and leave the infrastructure in a measurably more secure state — all in a single day. If that describes you, I want to hear from you. Submit a proposal that demonstrates you have read and understood this posting, and tell me specifically how you would approach this project.

  • Less than 30 hrs/week
    Hourly
  • < 1 month
    Duration
  • Intermediate
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
DevOps
CI/CD
Amazon Web Services
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:2 weeks ago
  • Interviewing:
    6
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Apr 25, 2024
  • United States
    Seattle10:26 AM
  • $41K total spent
    52 hires, 1 active
  • 246 hours

Explore similar jobs on Upwork

Chef and Helpers for Biryani and GraviesFixed-price‐ Posted 3 weeks ago
Cooking
Docker
DevOps
Linux System Administration

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo