ColdFusion Engineer – Security Upgrade & Version Migration (CFML / API Hardening)

About this contract We're a B2B SaaS platform serving enterprise and public-sector clients in compliance and reporting. Our backend API runs on a legacy ColdFusion version with a known security vulnerability. A client's security team has flagged it and paused rollout — we need to resolve this fast. We're hiring an experienced ColdFusion developer for a two-phase engagement: first to diagnose and plan, then (contingent on findings) to execute the upgrade and harden the API. This is a great fit if you've done ColdFusion upgrades, CFML security audits, or legacy modernisation work before. Phase 1 — Security Audit & Upgrade Plan (fixed scope, immediate start) Audit current ColdFusion version, server config, and exposed API surface Identify and document the specific CVE / vulnerability flagged by the customer Deliver a written upgrade plan covering: target CF version, breaking changes, estimated effort, and risk assessment Deliverable: a clear technical writeup suitable for internal sign-off Phase 2 — Upgrade Execution & API Hardening (contingent on Phase 1) Execute the upgrade from legacy to target ColdFusion version Resolve breaking changes and regression issues Apply API-layer hardening and security configuration best practices Hand off to our internal engineering team with clean documentation Required skills & experience ColdFusion / CFML development — multiple versions including modern CF releases (CF 2018, CF 2021, CF 2023) ColdFusion version migration — hands-on experience upgrading from older or EOL releases API vulnerability diagnosis — ability to identify and articulate security exposure at the API layer Clear written communication — Phase 1 ends in a document, not just a conversation Bonus points for: CVE triage and security patch experience Adobe ColdFusion security hardening (lockdown guide, server settings) Lucee / OpenBD familiarity Handing off upgrade work to internal teams Engagement 100% remote, async-friendly (we're timezone-flexible) Open to hourly or fixed-price — tell us what suits Phase 1 Estimated Phase 1 duration: a few days to one week depending on codebase complexity Codebase access provided via our handoff engineer after contract is signed To apply — please answer these four questions: Which ColdFusion versions have you worked across? (include oldest and most recent) Describe the most recent CF upgrade you led — what version, what broke, how you resolved it, and how long it took Your hourly rate, and a rough fixed-price estimate for Phase 1 Your earliest available start date Proposals that don't address these four points will not be reviewed.