Hire the Best Application Security Freelancers
in the United Kingdom

More than 3,000 reviews on G2
Rating is 4.5 out of 5.
4.5/5
of Upwork by G2 peer reviewers
David M.

Tonbridge, United Kingdom

$50/hr
5.0
5 jobs

๐Ÿ”’ You need security that actually works โ€” not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. ๐ŸŽฏ Where can I help: ๐Ÿ—ก๏ธ Network & Infrastructure Penetration Testing โ€” adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. ๐ŸŒ Application Penetration Testing โ€” web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. โ˜๏ธ Microsoft 365 Security Assessment โ€” Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. ๐Ÿ”ท Azure Security Assessment โ€” identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. ๐ŸŸข Google Workspace, GCP & AWS Security Assessments โ€” configuration and access control assessments across Google and Amazon cloud environments. ๐Ÿ›๏ธ Security Architecture and Risk Advisory โ€” senior technical input on architecture decisions, control design and risk without a full engagement commitment. ๐Ÿ‘ค Every engagement is delivered directly by me โ€” David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. ๐Ÿ“‹ How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: โœ… A visually structured report with clear separation between executive summary, findings and remediation roadmap โ€” written to be read by people who are not security specialists โœ… Risk ratings adjusted to your specific environment and context, not defaulted from a tool โœ… A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially โœ… Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement โ€” you are never waiting until the end to hear something important โœ… Daily status updates so you always know where the engagement stands โœ… A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure โ€” not whether it looks configured โ€” I am worth a conversation.

  • Penetration Testing
  • Web Application Security
  • Network Penetration Testing
  • Office 365
  • Microsoft Azure
  • Cloud Security
  • Network Security
  • Vulnerability Assessment
  • Security Assessment & Testing
  • Cybersecurity Management
  • Zero Trust Architecture
  • Security Analysis
  • Google Cloud Platform
  • Google Workspace
  • Amazon Web Services
  • NIST Cybersecurity Framework
  • Microsoft 365 Copilot
  • Internet Security
  • Information Security Audit
  • Information Security Consultation
Ahmar S.

Milton Keynes, United Kingdom

$20/hr
4.8
43 jobs

An ambitious and optimistic person with excellent communication and team leading skills and clear career goals. Result oriented and well-disciplined with ability to manage multiple assignments efficiently under extreme pressure while meeting tight schedules. I have 6+ years experience of Data Entry & Web Researching with proficiency in Microsoft Office & task management softwares. I have worked as VA & Data Entry Professional for tech, healthcare, ecommerce & real estate companies and carry knowledge in following categories with working on various projects. - Virtual Assistant(5+ Years) - Web Researching (5+ Years) - Lead Generation (3+ Years) - Information Security(1 Year) - Software Engineering - Quality Assurance(2-3 Years) - Penetration Testing (Masters Degree in Information Security with Research Thesis) I have done Masters in Information Security with Certification in Ethical Hacking and i am all-rounder in various domains mentioned above.

  • Penetration Testing
  • Network Security
  • Vulnerability Assessment
  • Firewall
  • Information Security
  • Data Entry
  • Security Analysis
  • Microsoft Excel
  • Google Docs
  • Security Infrastructure
  • English
  • Critical Thinking Skills
Martin N.

Worcester, United Kingdom

$45/hr
5.0
98 jobs

Hi, Iโ€™m Martin โ€” a Principal Penetration Tester with over 13 years of hands-on experience (since 2011). Iโ€™ve delivered high-impact security assessments for clients ranging from innovative startups to global enterprises across the UK, Europe, East Asia, and the Middle East. My expertise spans the full spectrum of offensive security, including: โ€ข Web Application Penetration Testing โ€ข Mobile Application Penetration Testing โ€ข API Penetration Testing (REST, SOAP, GraphQL) โ€ข Thick Client & Desktop Application Testing โ€ข External & Internal Infrastructure Penetration Testing โ€ข Cloud Security Assessments (AWS, Azure, Office 365) โ€ข Red Team Operations & Simulated Phishing โ€ข Wireless Assessments, IoT Security, and Embedded Hardware โ€ข Server & Workstation Build Reviews โ€ข Mobile Device & MDM Testing โ€ข Network Device Security Reviews What sets me apart is my depth of experience combined with a relentless, methodical approach. As a Tigerscheme and CREST certified penetration tester, I stay at the forefront of evolving threats and techniques. I donโ€™t just find vulnerabilities I provide clear, actionable insights that help organisations meaningfully strengthen their security posture. In addition to technical excellence, Iโ€™m a strong communicator who excels at translating complex findings into clear, business-relevant language. I work closely with clients to understand their unique risk landscape and deliver tailored testing programs that align with their objectives. I run a professional, focused penetration testing company and take great pride in the quality of our deliverables. All engagements include comprehensive, high-standard reports (example reports available upon request). I am also a Cyber Essentials and Cyber Essentials Plus Assessor and work with a recognised certification body. Top Rated on Upwork, Iโ€™m known for consistent quality, clear communication, and delivering real value. Whether you need infrastructure testing, web/mobile application assessments, API reviews, cloud configuration audits, or full Red Team exercises. Iโ€™m here to help you identify and mitigate risks before attackers do. Feel free to reach out, I would be happy to discuss how I can support your security needs.

  • Cybersecurity Management
  • Information Security
  • Security Infrastructure
  • Penetration Testing
  • Security Analysis
  • Web Application Security
  • Vulnerability Assessment
  • Security Testing
  • Cloud Security
  • Security Assessment & Testing
  • WordPress
  • Certified Information Systems Security Professional
  • Ethical Hacking
  • Website Security
  • Web App Penetration Testing
Creston V.

Wembley, United Kingdom

$75/hr
4.9
27 jobs

Microsoft 365 Architecture Expert! Microsoft Certified: Cybersecurity Architect Expert E-Learn Certified Professional Penetration Tester Dedicated and ambitious Cyber Security Solutions Architect with a extensive experience in information security principles and industry leading best security practices with over 10 years of experience in the corporate world. I have helped companies achieve compliancy & audited for Cyber Security Frameworks such as ISO 27001, SOC 2, Cyber Essentials Plus, GDPR and many more by carefully planning based on budget, current Infrastructure assessment, Security testings and remediation efforts. Proficient in conducting risk assessments, penetrations testing, implementing security controls, and assisting in incident response. Skilled in utilizing cybersecurity tools and technologies to detect and mitigate threats. Committed to learning and expanding knowledge in the field to contribute to the organization's security objectives. Strong teamwork and communication skills, with a passion for maintaining a secure and resilient IT environment.

  • Application Security
  • System Security
  • Security Engineering
  • VPN
  • Cloud Security Framework
  • User Identity Management
  • Microsoft Active Directory
  • Office 365
  • Enterprise Architecture
  • Virtualization
  • Insurance & Risk Management
  • Malware Detection
  • Security Management
  • Threat Detection
  • Data Protection
Osama Z.

Middlewich, United Kingdom

$25/hr
4.9
16 jobs

โœ… Protect your website, SaaS platform, or IoT system from hackers. I deliver penetration testing + clear reports that keep your business safe and compliant. Iโ€™m a cybersecurity consultant helping businesses, startups, and SaaS platforms secure their websites, web applications, and digital products against todayโ€™s evolving threats. With an MSc in Cybersecurity (UK) and hands-on project experience, I deliver penetration testing + clear business-ready reports that help clients strengthen security without drowning in technical jargon. ๐Ÿ”น Services I Offer Website & Web Application Security Testing (WordPress, SaaS, APIs) Penetration Testing (Web, Cloud, Network, IoT) IoT & Embedded Device Risk Audits Secure Architecture Reviews (STRIDE, SaaS, cloud platforms) Malware / Vulnerability Assessments & Compliance Reports Detailed Reporting (CVSS scores, PoCs, and step-by-step remediation) ๐Ÿ”น Recent Work Audited an e-reader app for token manipulation, DRM bypass, and scraping resistance. Compared IDS tools (Snort vs Suricata) for high-throughput network monitoring. Delivered red-team simulations using Kali Linux, Burp Suite, Nessus, and Metasploit. ๐Ÿ”น Why Clients Hire Me MSc Cybersecurity (Distinction, UK) + real-world Upwork client results Tools: Burp Suite, ZAP, Wireshark, Nessus, Snort, Suricata, Ghidra, Splunk Clear communication for both executives & technical teams 100% satisfaction or money-back guarantee ๐Ÿ’ฌ Letโ€™s discuss your project โ€” Iโ€™ll help secure your website, app, or IoT system with expert-led testing and compliance-ready reporting.

  • Application Security
  • Firewall
  • Digital Forensics
  • Information Security Consultation
  • Security Testing
  • Penetration Testing
  • Information Security
  • Information Security Audit
  • Risk Assessment
  • Incident Response Plan
  • AI Security
  • Business with 10-99 Employees
  • Business with 1-9 Employees
  • IT Consultation
  • Threat Detection
Brandyn M.

London, United Kingdom

$100/hr
5.0
3 jobs

I help founders and CTOs launch securely with confidence, guided by an industry-recognised expert in web, API & AI security. CREST & OffSec certified Web App & API Penetration Tester. 10+ years experience, 200+ tests, 300+ responsible disclosures. I help founders understand what actually puts their product and users at risk, without drowning them in technical noise. My approach goes far beyond a traditional penetration test - I give teams the clarity they need to deploy new applications, functionality and features to their customers without worrying about security. ๐Ÿค Organizations Iโ€™ve helped secure: ๐€๐ฆ๐š๐ณ๐จ๐ง ๐€๐–๐’ ๐๐ฏ๐ข๐๐ข๐š ๐“๐ข๐๐ž ๐˜๐ข๐ž๐ฅ๐๐ฌ๐ญ๐ซ๐ž๐ž๐ญ ๐’๐ญ๐ซ๐ข๐ฉ๐ž ๐•๐ข๐ซ๐ ๐ข๐ง ๐Œ๐ž๐๐ข๐š ๐Ž๐Ÿ ๐ƒ๐ซ๐จ๐ฉ๐ณ๐จ๐ง๐ž ๐€๐ˆ Services ๐Ÿ›ก๏ธ Web Application Penetration Testing Manual, attacker-mindset testing to uncover real-world vulnerabilities and logic flaws, including VAPT testing. ๐Ÿ”— API Penetration Testing (REST & GraphQL) Auth flows, rate-limit bypass, schema misuse, injection paths, privilege escalation, and more. ๐Ÿงช SaaS Penetration Testing Testing focused on multi-tenant risks, permission abuse, data exposure, and tenant isolation issues. ๐Ÿ“ฆ SaaS Product Security Assessment Comprehensive reviews for teams preparing for launch, onboarding customers, or SOC2 readiness. ๐Ÿ”Ž OWASP Top 10 & SOC2-Aligned Web Application Security Reviews Industry-standard testing aligned with compliance and enterprise expectations. ๐Ÿ” Manual Vulnerability Discovery Deep human-led testing for IDOR, SSRF, XSS, BOLA, deserialization, logic flaws, and chained vulnerabilities. Deliverables ๐Ÿ“ Executive summary: High-level overview of findings, risk, and how to address them. ๐Ÿ“„ Finding overview: Clear, reproducible details for developers (risk, impact, steps to reproduce). ๐Ÿ› ๏ธ Remediation steps: Concrete, prioritized fixes your team can implement immediately. If you're preparing to launch and want a definitive understanding of your real-world security risks, let's talk.

  • Penetration Testing
  • Web App Penetration Testing
  • Information Security
  • AI Security
  • AI Consulting
  • Generative AI Prompt Engineering
  • LLM Prompt Engineering

How it works

Post a job for freePost a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Application Security Freelancer in the United Kingdom on Upwork?

You can hire a Application Security Freelancer in the United Kingdom on Upwork in four simple steps:

  • Create a job post tailored to your Application Security Freelancer project scope. We'll walk you through the process step by step.
  • Browse top Application Security Freelancer talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Application Security Freelancer profiles and interview.
  • Hire the right Application Security Freelancer for your project from Upwork, the world's largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Application Security Freelancer?

Rates charged by Application Security Freelancers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Application Security Freelancer in the United Kingdom on Upwork?

As the world's work marketplace, we connect highly-skilled freelance Application Security Freelancers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Application Security Freelancer team you need to succeed.

Can I hire a Application Security Freelancer in the United Kingdom within 24 hours on Upwork?

Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Application Security Freelancer proposals within 24 hours of posting a job description.