Cloud Security - SDLC ( Consultancy Needed for Initial Contract)
Worldwide
Scope of Work: SDLC Security Review, Cloud Security Audit & Penetration Testing Project Overview We are seeking an experienced Cybersecurity Consultant or Security Firm to conduct a comprehensive security assessment of our web and cloud-based application. The objective is to identify vulnerabilities, evaluate our Secure Software Development Lifecycle (SDLC), assess our cloud infrastructure, and perform penetration testing to ensure the platform meets industry security best practices. Scope of Work 1. Secure SDLC Assessment Review the application’s software development lifecycle and provide recommendations for improving security throughout the development process. The assessment should include: * Secure coding standards review * Authentication and authorization architecture review * Secrets and credential management * Dependency and third-party library risk assessment * CI/CD pipeline security review * Source code security analysis (where applicable) * API security review * Logging, monitoring, and audit controls * Security policies and development practices * Compliance with OWASP ASVS and OWASP Top 10 2. Cloud Security Audit Perform a comprehensive audit of the cloud infrastructure. The audit should include: * Identity and Access Management (IAM) review * Role and permission analysis * Storage security configuration * Database security assessment * Network configuration review * Firewall and security group validation * Encryption at rest and in transit * Secret management * Backup and disaster recovery review * Cloud logging and monitoring * Infrastructure configuration review * Security posture against CIS Benchmarks (where applicable) Platforms may include: * AWS * Google Cloud Platform (GCP) * Microsoft Azure * Supabase (if applicable) * Vercel / Netlify (if applicable) 3. Web & API Penetration Testing Conduct both automated and manual penetration testing against the application. Testing should include: * Authentication vulnerabilities * Authorization and privilege escalation * Session management * SQL Injection * Cross-Site Scripting (XSS) * Cross-Site Request Forgery (CSRF) * SSRF * Command Injection * File upload vulnerabilities * Remote Code Execution (where applicable) * API security testing * Rate limiting * Business logic flaws * Broken Object Level Authorization (BOLA) * Insecure Direct Object References (IDOR) * Security headers * Input validation * OWASP Top 10 coverage 4. Infrastructure & Configuration Review Review: * Domain security * SSL/TLS configuration * DNS configuration * CORS policies * WAF configuration (if applicable) * CDN security * Server hardening * Container security (Docker/Kubernetes if applicable) 5. Deliverables The selected consultant will provide: * Executive Security Assessment Report * Detailed Technical Report * Risk severity classification (Critical, High, Medium, Low) * Proof of Concept (PoC) for identified vulnerabilities * Recommended remediation steps * Secure architecture recommendations * Cloud security recommendations * SDLC improvement recommendations * Final security score and overall risk assessment * Re-test/validation report after fixes (optional but preferred) Expected Standards Assessments should align with industry best practices, including: * OWASP Top 10 * OWASP ASVS * OWASP API Security Top 10 * CIS Benchmarks * NIST Cybersecurity Framework * CWE/SANS Top 25 (where applicable) Required Experience Applicants should have experience with: * Web Application Penetration Testing * API Security Testing * Cloud Security (AWS, GCP, Azure) * Secure SDLC implementation * Infrastructure Security * Mobile application security (if applicable) * Security reporting and remediation guidance Relevant certifications such as OSCP, OSWE, CEH, PNPT, CISSP, AWS Security Specialty, or equivalent are preferred. Engagement Requirements * NDA may be required before access is granted. * All testing must be authorized and conducted in a controlled manner. * No production data should be exposed or retained. * Applicant should provide examples of previous security assessment reports (redacted versions acceptable). Project Outcome The goal is to identify and remediate security vulnerabilities, strengthen the application’s SDLC and cloud security posture, and provide actionable recommendations to improve the overall security and resilience of the platform.
$300.00
Fixed-price- ExpertExperience Level
- Remote Job
- One-time projectProject Type
Skills and Expertise
Activity on this job
- Proposals:5 to 10
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- India10:06 PM
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by