Application Security Auditor & Open Source Architect
Worldwide
Job Description: We are looking for one senior expert who can single-handedly cover both application security auditing and open-source target architecture design for a 3-month consulting mission (12 weeks, part-time/intermittent). The mission involves auditing a set of legacy enterprise applications built on Omnis Studio 11 (proprietary 4GL/RAD platform) with a PostgreSQL backend, and delivering a complete open-source reconstruction blueprint for these applications. This is a diagnostic, audit, and specification mission only — no coding, remediation, or deployment of the new platform is required from you. Why Omnis Studio matters for this role: The applications are entirely developed in Omnis Studio 11, using its native 4GL scripting language, class-based object model, and built-in UI/form engine. Omnis Studio 11 supports full export of libraries as structured JSON (classes, schemas, 4GL methods, UI metadata), which enables systematic code analysis. Candidates with direct hands-on Omnis Studio experience — whether as a developer, analyst, or auditor — will have a significant advantage in understanding the application structure, data bindings, and business logic embedded in the platform's proprietary constructs. Experience with Omnis Studio is the single most differentiating factor for this role. Scope of Work: A. Omnis Studio Application Security & Code Audit Deep-dive analysis of Omnis Studio 11 application libraries (exported JSON): class hierarchy, form/UI structure, 4GL method logic, server-side tasks Application security audit (OWASP Top 10): SQL injection via native Omnis SQL commands, secrets/credentials management, session handling, access control, audit trails Vulnerability/risk matrix by criticality, mapped to specific Omnis code patterns Code quality, technical debt, and maintainability assessment specific to the Omnis Studio 4GL paradigm Full reverse engineering of the PostgreSQL data model (tables, relationships, triggers, stored procedures) Documentation of business workflows, user roles/permissions, and application modules B. Open Source Target Architecture & Reconstruction Specification Design of the target architecture for a modern, shared/reusable open-source platform replacing the Omnis Studio applications Technology stack selection and justification (Java/Spring Boot, JPA, Angular, microservices, REST APIs, or equivalent) Specification of cross-cutting components: federated authentication (Keycloak/OIDC), document management, workflow engine, notifications, audit trail, reporting Reconstruction of the complete data model (DDL) from the reverse-engineered Omnis/PostgreSQL schemas Functional/technical reconstruction specification: user roles, screens, fields, use cases (UML sequence diagrams for critical flows), business rules, non-functional requirements, acceptance criteria Migration plan and development roadmap (team setup, methodology, tooling, QA process, knowledge transfer) Required Skills & Experience: Bachelor's/Master's degree in Computer Science or Software Engineering Direct experience with Omnis Studio (development, analysis, or auditing of Omnis-based applications) — strongly required Solid knowledge of Omnis Studio 11 architecture: library structure, 4GL scripting, class model, remote form/server tasks, JSON export format 5+ years combined experience in application security auditing AND open-source web application architecture Strong knowledge of OWASP Top 10, SQL injection patterns, and secure coding practices Hands-on experience with Java/Spring Boot, JPA, Angular, microservices, REST APIs Strong PostgreSQL skills (schema analysis, DDL, triggers, stored procedures) Experience with federated authentication (Keycloak / OIDC) Experience writing detailed technical/functional specifications and software project plans Experience using generative AI tools to accelerate legacy code analysis, audit, or specification work — strong plus Security certification (CISSP, OSCP, or equivalent) — preferred Fluent professional French required (written and spoken — all deliverables and client meetings are in French) Engagement Details: Duration: 3 months (12 weeks), part-time/intermittent Location: Hybrid — combination of remote work and on-site deployment (travel required; location details shared with shortlisted candidates under NDA) On-site visits: At least one on-site deployment period required during the mission for stakeholder interviews, system access, and presentation of findings; remaining work can be performed remotely Deliverables-based milestones: phased payments tied to milestone approvals (security audit findings around mid-mission; architecture and reconstruction spec in the second half) CV and copies of relevant certifications required with application Project details are confidential at this stage and will be shared under NDA with shortlisted candidates
- More than 30 hrs/weekHourly
- 1-3 monthsDuration
- ExpertExperience Level
- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:Less than 5
- Last viewed by client:16 hours ago
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- MauritiusPhoenix2:49 AM
- $5.6K total spent13 hires, 0 active
- 8 hours
- Mid-sized company (10-99 people)
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by