I help startups, SaaS companies, fintech organizations, healthcare providers, and enterprises identify and eliminate security vulnerabilities before they become data breaches.
With 10+ years of offensive security experience and more than 200 successful penetration testing engagements, I provide manual, risk-focused security assessments that uncover vulnerabilities automated scanners often miss.
My assessments follow industry-recognized methodologies, including OWASP Testing Guide, OWASP ASVS, OWASP MASVS, PTES, NIST SP 800-115, and MITRE ATT&CK, delivering actionable findings that improve your security posture and support compliance initiatives.
Core Expertise
• Web Application Penetration Testing (OWASP Top 10)
• API Security Testing (REST, GraphQL, SOAP)
• Mobile Application Security (Android & iOS)
• Network Penetration Testing (Internal & External)
• Active Directory Security Assessments
• Cloud Security Reviews (AWS, Azure & Google Cloud)
• Authentication & Authorization Testing
• Business Logic Vulnerability Assessment
• LLM/AI Application Security Assessment
• Red Team & Adversary Simulation
• Secure Configuration Reviews
Industries Served
• Financial Services & FinTech
• Healthcare
• SaaS Platforms
• E-commerce
• Government
• Telecommunications
Deliverables
Every engagement includes:
✔ Executive Summary for management
✔ Detailed technical report
✔ CVSS-based risk ratings
✔ Step-by-step Proof of Concept
✔ Remediation guidance
✔ Security consultation
✔ Complimentary revalidation after remediation
Compliance Support
My assessments help organizations prepare for or strengthen compliance with:
• ISO 27001
• SOC 2
• PCI DSS
• HIPAA
• OWASP
Certifications
OSCP+ •OSCP• CREST • LPT Master • CRTP • C|PENT • CEH • ISO 27001 Lead Auditor and Lead Implementor
I believe penetration testing should provide clear business value—not just vulnerability lists. Every assessment is tailored to your environment, your threat model, and your compliance requirements, with practical recommendations your team can act on immediately.
If you're planning a new product launch, preparing for an audit, or simply want confidence in your security posture, let's discuss your scope. I'll provide a clear testing plan, timeline, and deliverables before the engagement begins.
Application Security
Ethical Hacking
Cryptography
Penetration Testing
Network Penetration Testing
Web App Penetration Testing
Cybersecurity Tool
Kali Linux
Vulnerability Assessment
Information Security
Governance, Risk Management & Compliance
AI Governance
OWASP
Security Testing
ISO 27001
Red Team Assessment
AI Security
Security Operation Center
Digital Forensics
GM Salman A M.
Satkhira, Bangladesh
$30/hr
5.0
56 jobs
🚨 If your application, SaaS platform, or cloud environment has never undergone a professional security assessment, you may have unknown vulnerabilities that attackers can exploit.
I’m a Certified Penetration Tester and Ethical Hacker providing Vulnerability Assessment and Penetration testing (VAPT) services for web applications, APIs, cloud infrastructure, mobile apps, SaaS platforms, and network environments. My goal is not just to find vulnerabilities — but to help you understand real security risks and fix them effectively.
I perform manual penetration testing supported by professional security tools to identify exploitable weaknesses such as authentication flaws, privilege escalation paths, injection vulnerabilities, and business logic issues.
You will receive a clear and actionable security report that helps developers resolve issues and allows management to understand the real business impact.
🎯 My Services
- Vulnerability Assessment & Penetration Testing (VAPT)
- Web Application Penetration Testing (OWASP Top 10)
- API Penetration Testing (REST, GraphQL, authentication flaws, IDOR, injection)
- Cloud Infrastructure Security (AWS, Azure — misconfigurations, IAM, exposed services)
- Network Penetration Testing (internal & external)
- Mobile Application Security (Android & iOS)
- SaaS Platform Security & Penetration Testing (multi-tenant logic, RBAC, privilege escalation)
- CMS Security (WordPress, Laravel, custom apps)
- Retesting after remediation
📋 What You Will Receive
A clear, structured security report designed for both technical teams and business stakeholders, including:
• Executive summary for management and decision-makers
• Detailed vulnerability findings with severity ratings
• CVSS scoring and risk prioritization
• Proof-of-concept evidence (screenshots, request/response captures)
• Business impact explanation for each issue
• Step-by-step remediation guidance for developers
• Retesting validation after fixes are applied
• Reporting that can support ISO 27001 and SOC 2 compliance preparation
🏆 Certifications
- Certified Ethical Hacker Practical — EC-Council
- eLearnSecurity Junior Penetration Tester (eJPT) — INE
- Certified API Penetration Tester — APISec University
- IBM Cybersecurity Analyst
- Cisco Verified Ethical Hacker
- ISO 27001:2022 Lead Auditor
🛠️ Tools I work with
Burp Suite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, MobSF, Wireshark, Postman, and custom Python/Bash scripts and so on.
Whether you're preparing for a security review, compliance audit, or investor due diligence, I can help you understand your attack surface and security risks.
📩 Send me your scope or asset list and I’ll help you determine the best testing approach.
Application Security
Penetration Testing
Vulnerability Assessment
Malware Removal
Information Security
Security Assessment & Testing
Cybersecurity Management
Web App Penetration Testing
WordPress Malware Removal
Website Security
Ethical Hacking
Web Application Security
Network Penetration Testing
System Administration
OWASP
NAHID M.
Nabinagar, Bangladesh
$15/hr
5.0
8 jobs
I have conducted and led hundreds of security audits, penetration tests and red team engagements for a variety of companies, ranging from multinational corporations with thousands of hosts in scope to startups or small clients that want to have an edge over their competition security-wise.
My day-to-day job is that of an ethical hacker, which has allowed me to amass great hands-on experience in the field of Penetration Testing, Cyber Security and Vulnerability Assessment, and to have a great understanding of the most widespread and modern technology stacks currently in use around the globe and their flaws from a security standpoint.
I am able to provide the following services:
✅ Penetration Testing Engagement ✅
This includes both thorough manual testing of all functionalities and automated testing for all websites, applications, servers or infrastructure included in the scope of work, using both professional enterprise grade software such as BurpSuite Professional and Nessus and also personal scripts and tools gathered over past engagements. This services extends as well to internal penetration tests and network infrastructure testing as well.
✅ Professional Report & Statistics ✅
Detailed report explaining step-by-step the exploitation and discovery method of each and every vulnerability discovered. Proof-of-Concept screen captures, full requests and responses, CVSS v3.0 standardised risk score, impact and ownership included.
✅ Remediation Advice & Guidance ✅
Remediation advice regarding all security issues discovered, how to fix them and warnings associated with the impact and risk of these vulnerabilities.
✅ Asset Discovery ✅
Through both active and passive methods, I can help you asses how big your digital footprint is on the internet and what is the attack platform visible from an outsider threat perspective. This includes subdomain enumeration and service/port discovery.
✅ Free Checkup ✅
Included in the price will be a checkup/retest of all aforementioned vulnerabilities present in the report in order to ensure that the implemented security controls and/or fixes are working as intended and that there is no other way to bypass them or exploit that vulnerability any longer.
✅ OSINT Reconnaissance ✅
Gathering of all valuable data pertaining to your company available on the internet. This includes any breached email addresses and related passwords available in cleartext on the internet, usually being traded on the dark web. Full access to over 4 billion records of personally curated lists of such information will help you to asses how vulnerable you are and what passwords need to be changed as soon as possible.
✅ Briefing ✅
I am available for calls/meetings discussing what the Scope of Work will be, where the focus of the penetration testing engagement will be, if all subdomains need to be included, if you want a black-box type of engagement or a white-box engagement, if accounts will be required, preferred hours for load testing and any other guidance your company would require if this is the first penetration test engagement that you are doing.
✅ Debriefing ✅
I am available for calls/meetings after the penetration test is completed in order to discuss with you the results of the engagement, what the main issues were and what my concerns regarding the security of your company are. This includes any further clarification regarding any vulnerability and the impact/risk associated with it.
Application
Penetration Testing
Testing
Website
Software Testing
Ethical Hacking
Cyber Threat Intelligence
Security Testing
Digital Forensics
Cybersecurity Management
Web Application Security
WordPress Security
Network Penetration Testing
QA Testing
QA Software & Testing Tools
Iftekharul I.
Dhaka, Bangladesh
$30/hr
5.0
33 jobs
✅7+ years of expertise ✅100+ Pentest ✅Upwork Top 10%
With 7+ years of experience in offensive security and penetration testing, I’ve secured renowned fintech, E-commerce, SaaS, Banking, LMS and enterprise web apps/APIs. I deliver clear, actionable security reports that help dev teams remediate findings and support compliance and security efforts.
I have extensive experience in Vulnerability Assessment, Penetration Testing, and Vulnerability Management. Helped securing big names some of the Leading international bank; national government ministry; top regional payment gateways.
My Services:
===========
▪️ Manual, automated, agentic AI vulnerability assessment & Penetration Testing
▪️ Web, Network, System & Cloud Penetration Testing
▪️ Simulate attackers' techniques to test defense
▪️ SAST / DAST Security Scanning
▪️ Application Security Audits for Compliance (PCI-DSS, ISO 27001, HIPAA, FDA, SOC 2, etc.)
▪️ Cloud Configuration Reviews & Threat Modeling (AWS, Azure, GCP)
▪️ Cybersecurity & Penetration Testing Training
▪️ Visual Security Reports with Technical & Executive Summaries
▪️ Provide step-by-step fixes to strengthen your app
My Core Expertise:
================
1. Web & API testing using Burp Suite, OWASP ZAP, AI Agents
2. Network pentesting with Nmap, Nessus, Metasploit, Hydra
3. Cloud security assessments using ScoutSuite, Prowler, and manual checks
4. Active Directory & internal infrastructure exploitation
5. Secure code review with Semgrep, Snyk
6. Scripting in Python, Bash, JavaScript, PHP
7. SIEM analysis, threat hunting with Splunk, and QRadar
Read about my certifications, projects, reviews, and portfolios below 👇
Penetration Testing
Information Security
Ethical Hacking
Network Security
Cybersecurity Management
Web Application Security
Vulnerability Assessment
Internet Security
Security Testing
Security Analysis
Information Security Audit
Cloud Security
IT Compliance Audit
Website Security
Web App Penetration Testing
MD S.
Faridpur, Bangladesh
$40/hr
5.0
5 jobs
I am an ethical hacker and Cyber Security Expert. I am a "Dedicated Security Expert" I have successfully handled malware & hack issues for hundreds of websites in the last few years, and also provide security for corporate and individuals. In my deliverables, I create Professional Penetration testing reports detailing each vulnerability I find, proofs-of-concept, and solutions to how you fix those vulnerabilities. Provide The Right Way To Prevent Vulnerabilities and Protect your web application, Network, and System from hackers.
I am passionate about creating a safer world where businesses are protected from Cyber-criminals, and I have worked tirelessly to make that dream a reality.
Website Hacking Penetration Testing:
✅ Penetration Testing Engagement ✅
This includes both thorough manual testing of all functionalities and automated testing for all websites, applications, servers or infrastructure included in the scope of work, using both professional enterprise grade software such as BurpSuite Professional and Nessus and also personal scripts and tools gathered over past engagements. This services extends as well to internal penetration tests and network infrastructure testing as well.
01 - Information Gathering
02- File Upload Vulnerabilities
03- Code Execution Vulnerabilities
04- Local File Inclusion Vulnerabilities (LFI)
05- Remote File Inclusion Vulnerabilities (RFI)
06- SQL Injection Vulnerabilities
07- SQL Injection Vulnerabilities - SQLi In Login Pages My Service Including
08- SQL injection Vulnerabilities - Extracting Data From The Database
09- SQL injection Vulnerabilities - Advanced Exploitation
10- XSS Vulnerabilities
11- XSS Vulnerabilities - Exploitation
12- Insecure Session Management
13- Brute Force & Dictionary Attacks
14- Discovering Vulnerabilities Automatically Using Owasp ZAP
15- Post Exploitation
Web-Application Penetration Testing based on OWASP TOP 10
✅Hacking and Pen-testing Android Applications
✅Hacking and Pen-testing iOS Applications
✅Network Penetration Testing / Hacking
✅Clean malware-hosting server.
✅protect your online accounts from hackers.
✅WordPress protection solution.
✅Social Engineering.
✅Malware Analysis- Dissecting Malicious Software
✅Location Tracking
✅Vulnerability Analysis
✅SQL i Injection Web Attacks test
✅Computer Forensics Investigation
Any More Information Please Feel Free Direct Contact Me. Thank You Regard MD. SHAHIN
Penetration Testing
Cloud Security Framework
Testing
Software Testing
Cloud Security
Network Penetration Testing
Static Testing
Alpha Testing
Software QA
Web Application Security
Web App Penetration Testing
Web Analytics Bug Fix
SOC 2 Report
SOC 2
Cloud Security Alliance
Neamul Kabir E.
Dhaka, Bangladesh
$40/hr
5.0
81 jobs
✅ Top Rated | $30K+ Earned | 100+ DevOps Projects | 5+ Yrs in Cloud & Security
I'm a DevOps Engineer & Security Specialist helping businesses automate CI/CD pipelines, secure cloud infrastructure, and optimise AWS, Kubernetes, and Terraform deployments — so you deploy faster, cut costs, and stay breach-free. Struggling with slow releases, cloud misconfigurations, or surprise AWS bills? Let’s fix that.
✔️ 100% Risk-Free Guarantee — if you're not happy, you don't pay.
𝗛𝗲𝗿𝗲’𝘀 𝘄𝗵𝗮𝘁 𝗜 𝗱𝗲𝗹𝗶𝘃𝗲𝗿:
———
✅ 50–80% faster application deployments with automated CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, CodePipeline)
✅ End-to-end cloud security implementation, including proactive security audits, IAM hardening, and Zero Trust architecture from day one
✅ 30–60% cloud cost optimization through rightsizing, auto-scaling, and serverless architecture across AWS, Azure, and GCP
✅ 99.99% application uptime with Kubernetes-powered self-healing, autoscaling systems designed for cloud-native scalability and resilience
𝗪𝗵𝗮𝘁 𝗜 𝗛𝗲𝗹𝗽 𝗬𝗼𝘂 𝗔𝗰𝗵𝗶𝗲𝘃𝗲:
———
🔹 Faster, Safer DevOps Deployments
• End-to-end CI/CD pipelines with GitHub Actions, GitLab CI, Jenkins, and AWS CodePipeline for rapid, secure software delivery
• Infrastructure as Code (IaC) with Terraform, CloudFormation, and Ansible for consistent, secure cloud provisioning
• Kubernetes and Docker microservices designed for autoscaling, high availability, and resilience in cloud-native environments
🔹 Cloud Security That Stops Breaches
• Comprehensive web, API, and cloud penetration testing (CEH-certified) covering OWASP Top 10, misconfigurations, and emerging threats
• Secure IAM, secrets management, and Zero Trust architecture implementations for bulletproof cloud environments
• Real-time threat detection and monitoring setups using Prometheus, Grafana, and the ELK Stack (Elastic, Logstash, Kibana)
🔹 Lower Cloud Costs and Higher Efficiency
• Cloud cost optimization through serverless architecture (Lambda, API Gateway) and resource rightsizing
• Strategic cloud spend reduction across AWS, Azure, and GCP without sacrificing performance
🔹 Seamless Cloud Migrations & Strategic Consulting
• Smooth, minimal-downtime cloud migrations tailored for business continuity and scalability
• DevOps strategy consulting to align cloud infrastructure, automation, and security with your long-term business goals
🎓 Certifications:
———
✅ AWS Certified DevOps Engineer – Professional
✅ Certified Ethical Hacker (CEH)
✅ HashiCorp Certified Terraform Associate
✅ Google Cybersecurity Professional Certificate
✅ IBM Certified DevOps & Software Engineer
✅ AWS Certified Developer Associate
✅ Certified in Cybersecurity (ISC2-CC)
𝗪𝗵𝘆 𝗖𝗵𝗼𝗼𝘀𝗲 𝗠𝗲?
———
✅ Proven Record: 100+ successful DevOps, cloud, and cybersecurity projects delivered
✅ Certified & Experienced: AWS DevOps Engineer, CEH, Terraform, Kubernetes, Cloud Security
✅ Security & Compliance: ISO 27001, HIPAA, PCI-DSS, GDPR expertise
✅ Automation & Efficiency: CI/CD, Kubernetes, IaC, Terraform, cloud cost optimisation
✅ Detail-Oriented: Fast response, secure solutions, and high-quality work
𝗪𝗵𝗲𝗻 𝘆𝗼𝘂 𝘄𝗼𝗿𝗸 𝘄𝗶𝘁𝗵 𝗺𝗲, 𝘆𝗼𝘂’𝗿𝗲 𝗻𝗼𝘁 𝗷𝘂𝘀𝘁 𝗵𝗶𝗿𝗶𝗻𝗴 𝗮 𝗳𝗿𝗲𝗲𝗹𝗮𝗻𝗰𝗲𝗿—𝘆𝗼𝘂’𝗿𝗲 𝗴𝗮𝗶𝗻𝗶𝗻𝗴 𝗮 𝘁𝗿𝘂𝘀𝘁𝗲𝗱 𝗗𝗲𝘃𝗢𝗽𝘀 & 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗲𝘅𝗽𝗲𝗿𝘁 𝗰𝗼𝗺𝗺𝗶𝘁𝘁𝗲𝗱 𝘁𝗼 𝘆𝗼𝘂𝗿 𝘀𝘂𝗰𝗰𝗲𝘀𝘀.
💬 Client Feedback:
———
📣 “Neamul’s expertise in DevOps, AWS and Kubernetes reduced our deployment time by 60% while improving security compliance — highly recommended!”
📣 “We had security vulnerabilities in our cloud setup — Neamul’s penetration testing and hardening strategies saved us from potential breaches.”
𝗛𝗼𝘄 𝗪𝗲 𝗖𝗮𝗻 𝗪𝗼𝗿𝗸 𝗧𝗼𝗴𝗲𝘁𝗵𝗲𝗿:
———
1. Send me a message — click the green “Send Message” button.
2. Discuss your needs — I’ll listen to your goals and recommend solutions.
3. Get results — scalable, secure, efficient systems built for your business.
I uphold the highest standards of ethics and integrity, ensuring that my work not only meets but exceeds your expectations.
🟢 Let’s build a secure, scalable, and efficient future together. Contact me today to kickstart your project!
DevOps
Penetration Testing
Vulnerability Assessment
CI/CD
Infrastructure as Code
Information Security
Network Security
Ethical Hacking
Solution Architecture
DevOps Engineering
Cloud Computing
Amazon Web Services
Python
Kubernetes
Terraform
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
“Upwork provides an umbrella-level of security. I can see a talent’s work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.”
KD
Kim Darling
Emerald Tiger
“Upwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.”
DM
David Merry
Kinetic Investments
“Our very specific requirements can be a challenge—With Upwork, we’re able to access a bigger community to ensure the success of our projects.”
KK
Katja Krohn
Summa Linguae
How do I hire a Application Security Freelancer in Bangladesh on Upwork?
You can hire a Application Security Freelancer in Bangladesh on Upwork in four simple steps:
Create a job post tailored to your Application Security Freelancer project scope. We'll walk you through the process step by step.
Browse top Application Security Freelancer talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Application Security Freelancer profiles and interview.
Hire the right Application Security Freelancer for your project from Upwork, the world's largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Application Security Freelancer?
Rates charged by Application Security Freelancers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Application Security Freelancer in Bangladesh on Upwork?
As the world's work marketplace, we connect highly-skilled freelance Application Security Freelancers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Application Security Freelancer team you need to succeed.
Can I hire a Application Security Freelancer in Bangladesh within 24 hours on Upwork?
Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Application Security Freelancer proposals within 24 hours of posting a job description.
Find more freelancers
Top cities for Application Security Freelancers in Bangladesh