๐ You need security that actually works โ not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them.
I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities.
There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring.
๐ฏ Where can I help:
๐ก๏ธ Network & Infrastructure Penetration Testing โ adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does.
๐ Application Penetration Testing โ web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws.
โ๏ธ Microsoft 365 Security Assessment โ Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365.
๐ท Azure Security Assessment โ identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage.
๐ข Google Workspace, GCP & AWS Security Assessments โ configuration and access control assessments across Google and Amazon cloud environments.
๐๏ธ Security Architecture and Risk Advisory โ senior technical input on architecture decisions, control design and risk without a full engagement commitment.
๐ค Every engagement is delivered directly by me โ David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report.
๐ How I work is as important as what I find
Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that.
What you receive:
โ A visually structured report with clear separation between executive summary, findings and remediation roadmap โ written to be read by people who are not security specialists
โ Risk ratings adjusted to your specific environment and context, not defaulted from a tool
โ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially
โ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement โ you are never waiting until the end to hear something important
โ Daily status updates so you always know where the engagement stands
โ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered
CISSP | ISSAP | Microsoft Security certifications | 27 years
If you need to know whether your environment is genuinely secure โ not whether it looks configured โ I am worth a conversation.
Penetration Testing
Web Application Security
Network Penetration Testing
Office 365
Microsoft Azure
Cloud Security
Network Security
Vulnerability Assessment
Security Assessment & Testing
Cybersecurity Management
Zero Trust Architecture
Security Analysis
Google Cloud Platform
Google Workspace
Amazon Web Services
NIST Cybersecurity Framework
Microsoft 365 Copilot
Internet Security
Information Security Audit
Information Security Consultation
Ahmar S.
Milton Keynes, United Kingdom
$20/hr
4.8
43 jobs
An ambitious and optimistic person with excellent communication and team leading skills and clear career goals. Result oriented and well-disciplined with ability to manage multiple assignments efficiently under extreme pressure while meeting tight schedules.
I have 6+ years experience of Data Entry & Web Researching with proficiency in Microsoft Office & task management softwares. I have worked as VA & Data Entry Professional for tech, healthcare, ecommerce & real estate companies and carry knowledge in following categories with working on various projects.
- Virtual Assistant(5+ Years)
- Web Researching (5+ Years)
- Lead Generation (3+ Years)
- Information Security(1 Year)
- Software Engineering
- Quality Assurance(2-3 Years)
- Penetration Testing (Masters Degree in Information Security with Research Thesis)
I have done Masters in Information Security with Certification in Ethical Hacking and i am all-rounder in various domains mentioned above.
Penetration Testing
Network Security
Vulnerability Assessment
Firewall
Information Security
Data Entry
Security Analysis
Microsoft Excel
Google Docs
Security Infrastructure
English
Critical Thinking Skills
Martin N.
Worcester, United Kingdom
$45/hr
5.0
98 jobs
Hi, Iโm Martin โ a Principal Penetration Tester with over 13 years of hands-on experience (since 2011). Iโve delivered high-impact security assessments for clients ranging from innovative startups to global enterprises across the UK, Europe, East Asia, and the Middle East.
My expertise spans the full spectrum of offensive security, including:
โข Web Application Penetration Testing
โข Mobile Application Penetration Testing
โข API Penetration Testing (REST, SOAP, GraphQL)
โข Thick Client & Desktop Application Testing
โข External & Internal Infrastructure Penetration Testing
โข Cloud Security Assessments (AWS, Azure, Office 365)
โข Red Team Operations & Simulated Phishing
โข Wireless Assessments, IoT Security, and Embedded Hardware
โข Server & Workstation Build Reviews
โข Mobile Device & MDM Testing
โข Network Device Security Reviews
What sets me apart is my depth of experience combined with a relentless, methodical approach. As a Tigerscheme and CREST certified penetration tester, I stay at the forefront of evolving threats and techniques. I donโt just find vulnerabilities
I provide clear, actionable insights that help organisations meaningfully strengthen their security posture.
In addition to technical excellence, Iโm a strong communicator who excels at translating complex findings into clear, business-relevant language. I work closely with clients to understand their unique risk landscape and deliver tailored testing programs that align with their objectives.
I run a professional, focused penetration testing company and take great pride in the quality of our deliverables. All engagements include comprehensive, high-standard reports (example reports available upon request). I am also a Cyber Essentials and Cyber Essentials Plus Assessor and work with a recognised certification body.
Top Rated on Upwork, Iโm known for consistent quality, clear communication, and delivering real value. Whether you need infrastructure testing, web/mobile application assessments, API reviews, cloud configuration audits, or full Red Team exercises.
Iโm here to help you identify and mitigate risks before attackers do.
Feel free to reach out, I would be happy to discuss how I can support your security needs.
Cybersecurity Management
Information Security
Security Infrastructure
Penetration Testing
Security Analysis
Web Application Security
Vulnerability Assessment
Security Testing
Cloud Security
Security Assessment & Testing
WordPress
Certified Information Systems Security Professional
Ethical Hacking
Website Security
Web App Penetration Testing
Creston V.
Wembley, United Kingdom
$75/hr
4.9
27 jobs
Microsoft 365 Architecture Expert!
Microsoft Certified: Cybersecurity Architect Expert
E-Learn Certified Professional Penetration Tester
Dedicated and ambitious Cyber Security Solutions Architect with a extensive experience in information security principles and industry leading best security practices with over 10 years of experience in the corporate world.
I have helped companies achieve compliancy & audited for Cyber Security Frameworks such as ISO 27001, SOC 2, Cyber Essentials Plus, GDPR and many more by carefully planning based on budget, current Infrastructure assessment, Security testings and remediation efforts.
Proficient in conducting risk assessments, penetrations testing, implementing security controls, and assisting in incident response. Skilled in utilizing cybersecurity tools and technologies to detect and mitigate threats. Committed to learning and expanding knowledge in the field to contribute to the organization's security objectives. Strong teamwork and communication skills, with a passion for maintaining a secure and resilient IT environment.
Application Security
System Security
Security Engineering
VPN
Cloud Security Framework
User Identity Management
Microsoft Active Directory
Office 365
Enterprise Architecture
Virtualization
Insurance & Risk Management
Malware Detection
Security Management
Threat Detection
Data Protection
Osama Z.
Middlewich, United Kingdom
$25/hr
4.9
16 jobs
โ Protect your website, SaaS platform, or IoT system from hackers. I deliver penetration testing + clear reports that keep your business safe and compliant.
Iโm a cybersecurity consultant helping businesses, startups, and SaaS platforms secure their websites, web applications, and digital products against todayโs evolving threats.
With an MSc in Cybersecurity (UK) and hands-on project experience, I deliver penetration testing + clear business-ready reports that help clients strengthen security without drowning in technical jargon.
๐น Services I Offer
Website & Web Application Security Testing (WordPress, SaaS, APIs)
Penetration Testing (Web, Cloud, Network, IoT)
IoT & Embedded Device Risk Audits
Secure Architecture Reviews (STRIDE, SaaS, cloud platforms)
Malware / Vulnerability Assessments & Compliance Reports
Detailed Reporting (CVSS scores, PoCs, and step-by-step remediation)
๐น Recent Work
Audited an e-reader app for token manipulation, DRM bypass, and scraping resistance.
Compared IDS tools (Snort vs Suricata) for high-throughput network monitoring.
Delivered red-team simulations using Kali Linux, Burp Suite, Nessus, and Metasploit.
๐น Why Clients Hire Me
MSc Cybersecurity (Distinction, UK) + real-world Upwork client results
Tools: Burp Suite, ZAP, Wireshark, Nessus, Snort, Suricata, Ghidra, Splunk
Clear communication for both executives & technical teams
100% satisfaction or money-back guarantee
๐ฌ Letโs discuss your project โ Iโll help secure your website, app, or IoT system with expert-led testing and compliance-ready reporting.
Application Security
Firewall
Digital Forensics
Information Security Consultation
Security Testing
Penetration Testing
Information Security
Information Security Audit
Risk Assessment
Incident Response Plan
AI Security
Business with 10-99 Employees
Business with 1-9 Employees
IT Consultation
Threat Detection
Brandyn M.
London, United Kingdom
$100/hr
5.0
3 jobs
I help founders and CTOs launch securely with confidence, guided by an industry-recognised expert in web, API & AI security.
CREST & OffSec certified Web App & API Penetration Tester. 10+ years experience, 200+ tests, 300+ responsible disclosures. I help founders understand what actually puts their product and users at risk, without drowning them in technical noise.
My approach goes far beyond a traditional penetration test - I give teams the clarity they need to deploy new applications, functionality and features to their customers without worrying about security.
๐ค Organizations Iโve helped secure:
๐๐ฆ๐๐ณ๐จ๐ง
๐๐๐
๐๐ฏ๐ข๐๐ข๐
๐๐ข๐๐
๐๐ข๐๐ฅ๐๐ฌ๐ญ๐ซ๐๐๐ญ
๐๐ญ๐ซ๐ข๐ฉ๐
๐๐ข๐ซ๐ ๐ข๐ง ๐๐๐๐ข๐ ๐๐
๐๐ซ๐จ๐ฉ๐ณ๐จ๐ง๐ ๐๐
Services
๐ก๏ธ Web Application Penetration Testing
Manual, attacker-mindset testing to uncover real-world vulnerabilities and logic flaws, including VAPT testing.
๐ API Penetration Testing (REST & GraphQL)
Auth flows, rate-limit bypass, schema misuse, injection paths, privilege escalation, and more.
๐งช SaaS Penetration Testing
Testing focused on multi-tenant risks, permission abuse, data exposure, and tenant isolation issues.
๐ฆ SaaS Product Security Assessment
Comprehensive reviews for teams preparing for launch, onboarding customers, or SOC2 readiness.
๐ OWASP Top 10 & SOC2-Aligned Web Application Security Reviews
Industry-standard testing aligned with compliance and enterprise expectations.
๐ Manual Vulnerability Discovery
Deep human-led testing for IDOR, SSRF, XSS, BOLA, deserialization, logic flaws, and chained vulnerabilities.
Deliverables
๐ Executive summary: High-level overview of findings, risk, and how to address them.
๐ Finding overview: Clear, reproducible details for developers (risk, impact, steps to reproduce).
๐ ๏ธ Remediation steps: Concrete, prioritized fixes your team can implement immediately.
If you're preparing to launch and want a definitive understanding of your real-world security risks, let's talk.
Penetration Testing
Web App Penetration Testing
Information Security
AI Security
AI Consulting
Generative AI Prompt Engineering
LLM Prompt Engineering
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
โUpwork provides an umbrella-level of security. I can see a talentโs work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.โ
KD
Kim Darling
Emerald Tiger
โUpwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.โ
DM
David Merry
Kinetic Investments
โOur very specific requirements can be a challengeโWith Upwork, weโre able to access a bigger community to ensure the success of our projects.โ
KK
Katja Krohn
Summa Linguae
How do I hire a Application Security Freelancer in the United Kingdom on Upwork?
You can hire a Application Security Freelancer in the United Kingdom on Upwork in four simple steps:
Create a job post tailored to your Application Security Freelancer project scope. We'll walk you through the process step by step.
Browse top Application Security Freelancer talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Application Security Freelancer profiles and interview.
Hire the right Application Security Freelancer for your project from Upwork, the world's largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Application Security Freelancer?
Rates charged by Application Security Freelancers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Application Security Freelancer in the United Kingdom on Upwork?
As the world's work marketplace, we connect highly-skilled freelance Application Security Freelancers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Application Security Freelancer team you need to succeed.
Can I hire a Application Security Freelancer in the United Kingdom within 24 hours on Upwork?
Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Application Security Freelancer proposals within 24 hours of posting a job description.
Find more freelancers
Top cities for Application Security Freelancers in the United Kingdom