Cloud Security - SDLC ( Consultancy Needed for Initial Contract)

Posted 4 days ago

Worldwide

Summary

Scope of Work: SDLC Security Review, Cloud Security Audit & Penetration Testing Project Overview We are seeking an experienced Cybersecurity Consultant or Security Firm to conduct a comprehensive security assessment of our web and cloud-based application. The objective is to identify vulnerabilities, evaluate our Secure Software Development Lifecycle (SDLC), assess our cloud infrastructure, and perform penetration testing to ensure the platform meets industry security best practices. Scope of Work 1. Secure SDLC Assessment Review the application’s software development lifecycle and provide recommendations for improving security throughout the development process. The assessment should include: * Secure coding standards review * Authentication and authorization architecture review * Secrets and credential management * Dependency and third-party library risk assessment * CI/CD pipeline security review * Source code security analysis (where applicable) * API security review * Logging, monitoring, and audit controls * Security policies and development practices * Compliance with OWASP ASVS and OWASP Top 10 2. Cloud Security Audit Perform a comprehensive audit of the cloud infrastructure. The audit should include: * Identity and Access Management (IAM) review * Role and permission analysis * Storage security configuration * Database security assessment * Network configuration review * Firewall and security group validation * Encryption at rest and in transit * Secret management * Backup and disaster recovery review * Cloud logging and monitoring * Infrastructure configuration review * Security posture against CIS Benchmarks (where applicable) Platforms may include: * AWS * Google Cloud Platform (GCP) * Microsoft Azure * Supabase (if applicable) * Vercel / Netlify (if applicable) 3. Web & API Penetration Testing Conduct both automated and manual penetration testing against the application. Testing should include: * Authentication vulnerabilities * Authorization and privilege escalation * Session management * SQL Injection * Cross-Site Scripting (XSS) * Cross-Site Request Forgery (CSRF) * SSRF * Command Injection * File upload vulnerabilities * Remote Code Execution (where applicable) * API security testing * Rate limiting * Business logic flaws * Broken Object Level Authorization (BOLA) * Insecure Direct Object References (IDOR) * Security headers * Input validation * OWASP Top 10 coverage 4. Infrastructure & Configuration Review Review: * Domain security * SSL/TLS configuration * DNS configuration * CORS policies * WAF configuration (if applicable) * CDN security * Server hardening * Container security (Docker/Kubernetes if applicable) 5. Deliverables The selected consultant will provide: * Executive Security Assessment Report * Detailed Technical Report * Risk severity classification (Critical, High, Medium, Low) * Proof of Concept (PoC) for identified vulnerabilities * Recommended remediation steps * Secure architecture recommendations * Cloud security recommendations * SDLC improvement recommendations * Final security score and overall risk assessment * Re-test/validation report after fixes (optional but preferred) Expected Standards Assessments should align with industry best practices, including: * OWASP Top 10 * OWASP ASVS * OWASP API Security Top 10 * CIS Benchmarks * NIST Cybersecurity Framework * CWE/SANS Top 25 (where applicable) Required Experience Applicants should have experience with: * Web Application Penetration Testing * API Security Testing * Cloud Security (AWS, GCP, Azure) * Secure SDLC implementation * Infrastructure Security * Mobile application security (if applicable) * Security reporting and remediation guidance Relevant certifications such as OSCP, OSWE, CEH, PNPT, CISSP, AWS Security Specialty, or equivalent are preferred. Engagement Requirements * NDA may be required before access is granted. * All testing must be authorized and conducted in a controlled manner. * No production data should be exposed or retained. * Applicant should provide examples of previous security assessment reports (redacted versions acceptable). Project Outcome The goal is to identify and remediate security vulnerabilities, strengthen the application’s SDLC and cloud security posture, and provide actionable recommendations to improve the overall security and resilience of the platform.

  • $300.00

    Fixed-price
  • Expert
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Network Security
Amazon Web Services
Activity on this job
  • Proposals:5 to 10
  • Interviewing:
    0
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Jul 4, 2026
  • India
    10:06 PM

Explore similar jobs on Upwork

UK Cybersecurity Sales ProfessionalHourly‐ Posted 3 weeks ago
Sales
Phone Communication
Telemarketing
Cold Calling
Help with cyber security photoshopHourly‐ Posted 10 months ago
Penetration Testing
System Security
Cybersecurity Management
Vulnerability Assessment
Security Assessment & Testing
Network Penetration Testing
Testing
Software Testing
Ethical Hacking
Threat Detection

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo