What Makes Me Different ?
(Top 10% on Upwork and 100% Job Success Rate since 2022) | ๐ก๏ธ 7+ Years in CyberSecurity, Application Security and Penetration Testing, Securing Multinational Companies.
Experience across Technology , Travel-tech, banking, insurance, Healthcare, oil & gas, Technology and government.
Experience Product Security, QA, DevSecOps, AWS security hardening, SAST/DAST pipelines, secure code review, infrastructure security, and vulnerability remediation across modern application stacks.
๐ผ Services Include :
- Application Security & Penetration Testing
- SOC 2 Type II Readiness Evidence & Hardening and Support
- AWS Security
๐ My Industry Penetration Testing | Application Security certifications :
OSCP โ Offensive Security Certified Professional
OSWE โ Offensive Security Web Expert
ECIR โ Certified Incident Responder
๐ My Recent Multinational Cybersecurity Project Experience
๐ Financial & Banking Sector
๐ Technology & Digital Platforms
๐ก๏ธ Insurance Sector
๐ข๏ธ Energy & Oil Sector
๐๏ธ Government & Public Sector
๐ฅ Healthcare Sector
๐ Education & Universities Sector
Penetration Testing | OSCP | OSWE | OSCE | OSEP | Web App Security | Network Security Testing | Mobile App Penetration Testing | API Security Testing | Security Assessment | Ethical Hacking | Application Security Testing | Bug Bounty | Red Team Assessment | White Hat Hacker | Vulnerability Scan | System Security Audit | Cloud Security Assessment | Security Compliance Testing | Risk Assessment | Cybersecurity Expert | Application Vulnerability Assessment | Server Hardening | Information Security | Security Audit Report | Cyber Risk Management | Secure Coding Review | Source Code Review | CI/CD Security Testing | Container Security (Docker/Kubernetes) | Cloud Security Testing | Threat Modeling | OWASP Top 10 | OWASP WSTG | SAST (Static Analysis Security Testing) | DAST (Dynamic Analysis Security Testing) | SAST (SAST Application Security Testing) | Mobile App Security | Web Security Audit | Security Configuration Review | Data Protection Testing | Infrastructure Security Testing | Application Security Automation | Burp Suite | OWASP ZAP | Metasploit | Nmap | Nikto | Wireshark | MobSF | Postman | Kali Linux | Nessus | Acunetix | OpenVAS | Invicti | Parrot OS | Hydra | web security | Nessus | Active Directory security Audit
Information Security
Cloud Security Framework
Cloud Security
Penetration Testing
Application Security
Vulnerability Assessment
Security Testing
Information Security Consultation
Security Assessment & Testing
Network Security
Kali Linux
Web App Penetration Testing
Web Application Audit
OWASP
Network Penetration Testing
WordPress Security
Security Analysis
Cybersecurity Monitoring
Information Security Audit
QA Testing
Najam U.
Gujranwala, Pakistan
$75/hr
5.0
88 jobs
Expert-Vetted on Upwork (Top 1% of security professionals). If you're building on the cloud and want to find the security gaps attackers would exploit โ before they do โ I can help.
Iโm a cybersecurity consultant and founder of Exfiltra, helping startups and enterprises secure their applications, cloud infrastructure, and DevOps pipelines.
I have worked with organizations generating $6B+ in annual revenue and helped companies strengthen security across cloud environments, applications, and compliance programs.
I personally lead security engagements and, when needed, bring in specialists from my team at Exfiltra to support larger or complex projects.
Most clients hire me when they want to:
โ Secure Azure / AWS / GCP environments
โ Perform professional penetration testing
โ Implement DevSecOps and secure CI/CD pipelines
โ Prepare for SOC 2, ISO 27001, HIPAA, FedRAMP, or CMMC
โ Improve security posture using industry frameworks
CORE EXPERTISE
AZURE & CLOUD SECURITY
โข Azure security architecture reviews
โข Microsoft Defender for Cloud & Sentinel
โข Identity security (Entra ID / Conditional Access)
โข Cloud configuration reviews and CIS Benchmark hardening
APPLICATION SECURITY & PENETRATION TESTING
โข Web application penetration testing
โข API security testing
โข Mobile application security testing
โข Network and cloud penetration testing
โข Assessments aligned with OWASP Top 10 and OWASP ASVS
DEVSECOPS & SECURITY AUTOMATION
โข Secure CI/CD pipelines (Azure DevOps / GitHub Actions)
โข Infrastructure as Code security (Terraform / Bicep)
โข SAST and DAST integration in pipelines
SECURITY TOOLS
โข Snyk
โข Semgrep
โข OWASP ZAP
โข Burp Suite
โข Wazuh
โข CrowdStrike
โข Microsoft Sentinel
AI & LLM SECURITY
โข AI application threat modeling
โข Prompt injection and model abuse testing
โข Secure architecture for AI-powered applications
WHY CLIENTS WORK WITH ME
โข Upwork Expert-Vetted (Top 1% of freelancers)
โข Founder of Exfiltra โ a cybersecurity services company
โข Supported by a team of security specialists for larger engagements
โข Contributor to OWASP ZAP
โข Experience securing environments for organizations generating $6B+ in revenue
โข Background in both software engineering and cybersecurity
โข Security research involving organizations like the U.S. Department of Defense
NOT A GOOD FIT IF
โข You want to hack or recover social media accounts
โข You want enterprise-grade security but are not willing to invest in it
If your goal is to build secure systems instead of reacting to breaches later, feel free to invite me to your job or send a message describing your project.
Information Security
Cloud Security
Network Security
Kali Linux
Security Assessment & Testing
Penetration Testing
Information Security Consultation
Application Security
Vulnerability Assessment
Web Application Security
Ethical Hacking
Web App Penetration Testing
Security Management
System Security
AI Security
Secure SDLC
Security Testing
Website Security
Database Security
Cybersecurity Management
Rishabh B.
Bangalore, India
$45/hr
5.0
74 jobs
Your infrastructure breaks at 2 AM. Your deploys take 45 minutes. Your AWS bill climbed 40% and nobody can explain why. I fix all three - and I've done it 100+ times on this platform.
Former SRE Lead at Yellow AI (100M+ users, AWS + on-prem). Now I run Skybyte, a DevOps and cloud consulting practice focused on startups and mid-market teams that need senior infrastructure work without the senior hire.
What 61+ Upwork jobs and a 100% Job Success Score actually look like:
Cloud cost optimization - cut AWS/Azure/GCP spend by 40-60% through right-sizing, Reserved Instances, spot fleets, and architecture cleanup. Not guesswork; I run the cost audit, build the dashboard, and hand you the savings.
Kubernetes migration and management - moved production workloads to EKS, AKS, and self-managed clusters on Hetzner. Helm charts, ArgoCD GitOps, zero-downtime cutovers. I've handled clusters running 200+ pods and clusters running 6.
CI/CD pipeline engineering - GitHub Actions, GitLab CI, Azure DevOps Pipelines, Bitbucket Pipelines. Took teams from 45-minute manual deploys to sub-5-minute automated releases with rollback built in.
Infrastructure as Code with Terraform - full AWS, Azure, and GCP environments defined in Terraform modules. State management, drift detection, and PR-based infrastructure reviews that your team can maintain without me.
DevSecOps and compliance - SOC 2 infrastructure from scratch, cloud security audits, Cloudflare WAF and DDoS protection, network security architecture, and DPDP-aligned data handling. I've built the controls and written the documentation auditors actually accept.
Monitoring, observability, and SRE - Prometheus, Grafana, OpenTelemetry, Datadog, PagerDuty. Full observability stacks that catch failures before your users file tickets. I set up SLOs, runbooks, and on-call workflows.
Beyond core DevOps - SSO/SAML integration, n8n workflow automation, MLOps pipelines, Docker deployments on bare metal and VPS, GCP Cloud Run serverless, and technical documentation your team won't ignore.
I work best with funded startups burning money on cloud, engineering teams stuck in deployment hell, and companies scaling past the point where one developer can manage the infrastructure part-time.
Stack: AWS (EKS, EC2, Lambda, RDS, S3) ยท Azure (AKS, DevOps, AD) ยท GCP (GKE, Cloud Run) ยท Kubernetes ยท Helm ยท Terraform ยท Docker ยท GitHub Actions ยท GitLab CI ยท ArgoCD ยท Prometheus ยท Grafana ยท OpenTelemetry ยท Datadog ยท Cloudflare ยท n8n
Not a "set it up and disappear" contractor. I document everything, train your team, and build systems designed to run without me and scale.
Cloud Security Framework
Cloud Computing
Kubernetes
SOC 2
Amazon Web Services
Python
Terraform
Deployment Automation
Docker
Microsoft Azure
Automated Deployment Pipeline
Git
CI/CD
System Administration
Network Security
Google Cloud Platform
Cloud Migration
DevOps Engineering
DevOps
AI Security
Iftekharul I.
Dhaka, Bangladesh
$30/hr
5.0
33 jobs
โ 7+ years of expertise โ 100+ Pentest โ Upwork Top 10%
With 7+ years of experience in offensive security and penetration testing, Iโve secured renowned fintech, E-commerce, SaaS, Banking, LMS and enterprise web apps/APIs. I deliver clear, actionable security reports that help dev teams remediate findings and support compliance and security efforts.
I have extensive experience in Vulnerability Assessment, Penetration Testing, and Vulnerability Management. Helped securing big names some of the Leading international bank; national government ministry; top regional payment gateways.
My Services:
===========
โช๏ธ Manual, automated, agentic AI vulnerability assessment & Penetration Testing
โช๏ธ Web, Network, System & Cloud Penetration Testing
โช๏ธ Simulate attackers' techniques to test defense
โช๏ธ SAST / DAST Security Scanning
โช๏ธ Application Security Audits for Compliance (PCI-DSS, ISO 27001, HIPAA, FDA, SOC 2, etc.)
โช๏ธ Cloud Configuration Reviews & Threat Modeling (AWS, Azure, GCP)
โช๏ธ Cybersecurity & Penetration Testing Training
โช๏ธ Visual Security Reports with Technical & Executive Summaries
โช๏ธ Provide step-by-step fixes to strengthen your app
My Core Expertise:
================
1. Web & API testing using Burp Suite, OWASP ZAP, AI Agents
2. Network pentesting with Nmap, Nessus, Metasploit, Hydra
3. Cloud security assessments using ScoutSuite, Prowler, and manual checks
4. Active Directory & internal infrastructure exploitation
5. Secure code review with Semgrep, Snyk
6. Scripting in Python, Bash, JavaScript, PHP
7. SIEM analysis, threat hunting with Splunk, and QRadar
Read about my certifications, projects, reviews, and portfolios below ๐
Information Security
Cloud Security
Penetration Testing
Ethical Hacking
Network Security
Cybersecurity Management
Web Application Security
Vulnerability Assessment
Internet Security
Security Testing
Security Analysis
Information Security Audit
IT Compliance Audit
Website Security
Web App Penetration Testing
Nandy B.
Lehigh County, Pennsylvania
$85/hr
5.0
280 jobs
๐ฝ U.S. and ๐ Canada -only clients โ๏ธ Upwork Expert-Vetted ๐ | 100% Job Success โ | 10,000+ hours ๐ป on 200+ projects
Hi there! ๐ Iโm an Upwork veteran with over 10,000 hours delivered, 200+ successful projects, and $1M+ earned helping U.S. companies secure and scale their cloud and hybrid environments.
โ๏ธ I specialize in Azure, Microsoft 365, and security-focused systems โ delivering:
โข Secure infrastructure using Zero Trust, IaC (Terraform/Bicep), and DevSecOps pipelines
โข Incident response, forensics, and breach containment across regulated industries
โข Compliance-ready solutions aligned to SOC 2, HIPAA, ISO 27001, and NIST 800-53
As a certified consultant, I work directly with technical teams to deliver secure cloud transformation, implement controls, and respond to threats โ fast. I also collaborate with Microsoftโs internal dev teams, giving me early-access insights and practical fixes 3โ4 release cycles ahead of public rollout.
Why Choose Me?
โ $1M+ in security projects delivered across healthcare, fintech, crypto, and gov sectors
๐ Architected Azure landing zones, GitOps pipelines, and zero trust cloud environments
๐จ Led incident response and forensic investigations for Fortune 500 and defense clients
๐ Built compliance workflows and policy-as-code enforcement for audit success
๐ช Secured crypto CI/CD pipelines and smart contract environments with GitHub, Checkov, GHAS
๐ง Career Highlights:
โช Delivered security modernization and audit readiness for global government contractors and Fortune 500 companies
โช Led compliance remediation and data protection initiatives across healthcare, fintech, and public sector clients
โช Migrated global users to Microsoft 365 with security-first design โ Exchange, Purview, Intune, Defender
โช Built hybrid identity strategies (Entra ID, ADFS, GoDaddy 365, Azure AD B2C, custom policy support)
โช Managed VMware-to-Azure hardening with conditional access, audit enforcement, and security baselines
๐ง Solutions I Deliver:
โข Azure Infra Security: Terraform, Bicep, Azure Policy, RBAC, Defender for Cloud
โข DevSecOps: GitHub Actions, tfsec, Checkov, Trivy, GHAS, pipeline reviews
โข Microsoft 365 Hardening: Defender, Purview, Compliance Center, Intune, Exchange
โข Compliance & Audits: SOC 2, ISO 27001, HIPAA, GDPR, NIST, CIS Benchmarks
โข Incident Response & Forensics: Malware analysis, reverse engineering, breach recovery
โข Crypto Security: CI/CD for smart contracts, wallet infra hardening, Web3 audits
โข Reverse-engineered malware to identify attack vectors and harden systems post-breach
โข Hardened Microsoft Exchange Online and Defender for Email in phishing-prone orgs
โข Integrated Azure Sentinel analytics with dashboards for cross-cloud visibility
๐ค Retainer & Advisory Support:
โข Ongoing guidance for CISOs, security architects, and compliance teams
โข Monthly retainers for SOC 2 evidence collection, security tool reviews, and policy automation
โข Rapid-response engagements for forensics, malware recovery, and breach root cause analysis
๐งฐ Platforms & Tools:
โข Azure, Microsoft 365, Azure Sentinel, Microsoft Defender (all modules), Intune
โข Terraform, Bicep, GitHub, Azure DevOps, GitOps, GHAS
โข Splunk, FTK, EnCase, Wireshark, Autopsy, Cisco ASA/Firepower
โข Checkov, Trivy, Aqua Security, smart contract security tooling
โข Compliance: SOC 2, HIPAA, ISO 27001, CIS, NIST, GDPR
๐ Letโs set up a free 30-minute consultation to explore how I can help you with security transformation, compliance readiness, or urgent recovery โ no fluff, just fast, proven results.
I bring the calm in chaos โ whether you're planning secure growth or cleaning up after a breach, Iโll steady the course and deliver results.
๐ Helped a fintech client pass SOC 2 in under 60 days
๐ Responded to ransomware, restored 95% of systems in 48 hours
๐ Hardened crypto wallet infra securing $100M+ in assets
Thanks again for stopping by. You can invite me to your job post or simply send a message to arrange a quick discovery call โ I respond fast, and weโll keep everything inside Upwork.
โ Nandy Bo
๐ฃ๏ธโ ๐๐ฉ ๐๐๐จ ๐๐๐๐ฃ ๐ ๐ฅ๐ก๐๐๐จ๐ช๐ง๐ ๐ฉ๐ค ๐ฌ๐ค๐ง๐ ๐ฌ๐๐ฉ๐ ๐๐๐ฃ๐๐ฎ ๐๐ช๐ง๐๐ฃ๐ ๐ฉ๐๐ ๐ฉ๐ง๐๐ฃ๐จ๐๐ฉ๐๐ค๐ฃ ๐ค๐ ๐พ๐๐ก๐ก๐๐ค๐ข. ๐๐๐ฃ๐๐ฎ ๐๐จ ๐ซ๐๐ง๐ฎ ๐๐๐ฃ๐ช๐๐ฃ๐, ๐๐ค๐ฃ๐๐จ๐ฉ ๐๐ฃ๐ ๐๐๐ก๐ฅ๐๐ช๐ก ๐๐ฃ ๐ฃ๐๐ฉ๐ช๐ง๐. ๐๐ ๐๐ก๐จ๐ค ๐๐๐จ ๐ ๐ซ๐๐ง๐ฎ ๐๐ฃ-๐๐๐ฅ๐ฉ๐ ๐ ๐ฃ๐ค๐ฌ๐ก๐๐๐๐ ๐ค๐ ๐๐ ๐ฌ๐๐๐ก๐ ๐ข๐๐๐ฃ๐ฉ๐๐๐ฃ๐๐ฃ๐ ๐ ๐ซ๐๐ง๐ฎ ๐๐ง๐ค๐๐ ๐ฅ๐ง๐ค๐๐ก๐๐ข-๐จ๐ค๐ก๐ซ๐๐ฃ๐ ๐ค๐ช๐ฉ๐ก๐ค๐ค๐ . ๐๐๐๐จ๐ ๐๐๐๐ฉ๐ช๐ง๐๐จ ๐ข๐๐ ๐ ๐๐๐ข ๐ฃ๐ค๐ฉ ๐ค๐ฃ๐ก๐ฎ ๐ ๐ฅ๐ก๐๐๐จ๐ช๐ง๐ ๐ฉ๐ค ๐ฌ๐ค๐ง๐ ๐ฌ๐๐ฉ๐ ๐๐ช๐ฉ ๐๐ก๐จ๐ค ๐ซ๐๐ง๐ฎ ๐๐ฃ๐จ๐ฅ๐๐ง๐๐ฉ๐๐ค๐ฃ๐๐ก. โ
โ ๐ ๐ค๐ง๐๐ค๐ฃ ๐ฝ๐๐ก๐ก - ๐๐๐ฃ๐๐๐๐ฃ๐ ๐ฟ๐๐ง๐๐๐ฉ๐ค๐ง - ๐พ๐๐ก๐ก๐๐ค๐ข ๐๐ฃ๐ฉ๐๐ง๐ฃ๐๐ฉ๐๐ค๐ฃ๐๐ก
Information Security
Cloud Security
Solution Architecture Consultation
Cloud Implementation
Microsoft Endpoint Manager
Risk Assessment
Cloud Engineering Consultation
Microsoft Azure
Office 365
Email Security
Microsoft Exchange Online
Digital Forensics
Incident Response Readiness Assessment
Information Security Audit
Elastos C.
Harare, Zimbabwe
$50/hr
4.9
111 jobs
Elastos Chimwanda is a Virtual CISO (vCISO), Enterprise Security Architect & Cybersecurity, Cloud Security and AI Security Advisor, helping enterprises navigate AI adoption, cloud transformation, and compliance within unified, scalable security and governance architectures.
Core Specializations:
โข vCISO Advisory: Board-level risk reporting, security strategy, policy development, and roadmap execution.
โข Enterprise Security Architecture: Security architecture design aligned to enterprise frameworks, control rationalization, and modern security transformation.
โข Cloud Security Architecture: AWS, Azure, GCP, hybrid, and cloud-native security design and governance.
โข Security & Compliance Transformation: ISO/IEC 27001, SOC 2, NIST CSF, CMMC, HIPAA, PCI DSS.
โข AI Governance & Security: EU AI Act, NIST AI RMF, and ISO/IEC 42001 alignment.
His professional background combines hands-on enterprise security architecture with international framework development. As an Author and Lead Content Developer for ISACA Global, he has authored several of the foundational manuals and audit programs utilized globally by technology risk and cybersecurity professionals, including the Official CISA Review Manual (28th Edition), the Cybersecurity Audit Study Guide (2nd Edition) , and the Biometrics Audit Program (2nd Edition).
To strengthen his expertise in AI-enabled cybersecurity, Elastos has also earned the OpenAI Cyber Practitioner credential, demonstrating applied knowledge in secure AI adoption, AI-assisted security operations, AI governance, and responsible use of generative AI within enterprise environments. This complements his advisory work in helping organizations adopt AI securely while managing cyber risk, compliance, and governance
Backed by an MBA and globally recognized credentials including CISSP, CCSP, CCSK, CISA, ITIL Service (Version 5), ISO/IEC 27001 Lead Auditor and ISO 31000 Lead Risk Manager, he combines executive leadership, enterprise architecture thinking, and risk-based cybersecurity expertise to help enterprises securely scale digital transformation.
Information Security
Cloud Security Framework
Cloud Security
ISO 27001
Zero Trust Architecture
Risk Management
Application Security
SOC 2
NIST Cybersecurity Framework
Governance, Risk Management & Compliance
Cybersecurity Management
PCI DSS
CMMC
Security Engineering
AI Security
Information Security Audit
Information Security Governance
Information Security Consultation
AI Governance
HIPAA
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
โUpwork provides an umbrella-level of security. I can see a talentโs work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.โ
KD
Kim Darling
Emerald Tiger
โUpwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.โ
DM
David Merry
Kinetic Investments
โOur very specific requirements can be a challengeโWith Upwork, weโre able to access a bigger community to ensure the success of our projects.โ
KK
Katja Krohn
Summa Linguae
How do I hire a Certified Cloud Security Professional on Upwork?
You can hire a Certified Cloud Security Professional on Upwork in four simple steps:
Create a job post tailored to your Certified Cloud Security Professional project scope. Weโll walk you through the process step by step.
Browse top Certified Cloud Security Professional talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Certified Cloud Security Professional profiles and interview.
Hire the right Certified Cloud Security Professional for your project from Upwork, the worldโs largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Certified Cloud Security Professional?
Rates charged by Certified Cloud Security Professionals on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Certified Cloud Security Professional on Upwork?
As the worldโs work marketplace, we connect highly-skilled freelance Certified Cloud Security Professionals and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Certified Cloud Security Professional team you need to succeed.
Can I hire a Certified Cloud Security Professional within 24 hours on Upwork?
Depending on availability and the quality of your job post, itโs entirely possible to sign up for Upwork and receive Certified Cloud Security Professional proposals within 24 hours of posting a job description.
Find more freelancers
Similar Certified Cloud Security Professional Skills