Hire the Best Certified Information Systems Security Professionals

More than 3,000 reviews on G2
Rating is 4.5 out of 5.
4.5/5
of Upwork by G2 peer reviewers
Najam U.

Gujranwala, Pakistan

$75/hr
5.0
87 jobs

Expert-Vetted on Upwork (Top 1% of security professionals). If you're building on the cloud and want to find the security gaps attackers would exploit — before they do — I can help. I’m a cybersecurity consultant and founder of Exfiltra, helping startups and enterprises secure their applications, cloud infrastructure, and DevOps pipelines. I have worked with organizations generating $6B+ in annual revenue and helped companies strengthen security across cloud environments, applications, and compliance programs. I personally lead security engagements and, when needed, bring in specialists from my team at Exfiltra to support larger or complex projects. Most clients hire me when they want to: ✔ Secure Azure / AWS / GCP environments ✔ Perform professional penetration testing ✔ Implement DevSecOps and secure CI/CD pipelines ✔ Prepare for SOC 2, ISO 27001, HIPAA, FedRAMP, or CMMC ✔ Improve security posture using industry frameworks CORE EXPERTISE AZURE & CLOUD SECURITY • Azure security architecture reviews • Microsoft Defender for Cloud & Sentinel • Identity security (Entra ID / Conditional Access) • Cloud configuration reviews and CIS Benchmark hardening APPLICATION SECURITY & PENETRATION TESTING • Web application penetration testing • API security testing • Mobile application security testing • Network and cloud penetration testing • Assessments aligned with OWASP Top 10 and OWASP ASVS DEVSECOPS & SECURITY AUTOMATION • Secure CI/CD pipelines (Azure DevOps / GitHub Actions) • Infrastructure as Code security (Terraform / Bicep) • SAST and DAST integration in pipelines SECURITY TOOLS • Snyk • Semgrep • OWASP ZAP • Burp Suite • Wazuh • CrowdStrike • Microsoft Sentinel AI & LLM SECURITY • AI application threat modeling • Prompt injection and model abuse testing • Secure architecture for AI-powered applications WHY CLIENTS WORK WITH ME • Upwork Expert-Vetted (Top 1% of freelancers) • Founder of Exfiltra – a cybersecurity services company • Supported by a team of security specialists for larger engagements • Contributor to OWASP ZAP • Experience securing environments for organizations generating $6B+ in revenue • Background in both software engineering and cybersecurity • Security research involving organizations like the U.S. Department of Defense NOT A GOOD FIT IF • You want to hack or recover social media accounts • You want enterprise-grade security but are not willing to invest in it If your goal is to build secure systems instead of reacting to breaches later, feel free to invite me to your job or send a message describing your project.

  • Information Security
  • System Security
  • Network Security
  • Kali Linux
  • Security Assessment & Testing
  • Penetration Testing
  • Information Security Consultation
  • Application Security
  • Vulnerability Assessment
  • Web Application Security
  • Ethical Hacking
  • Cloud Security
  • Web App Penetration Testing
  • Security Management
  • AI Security
  • Secure SDLC
  • Security Testing
  • Website Security
  • Database Security
  • Cybersecurity Management
Thomas W.

Tucson, Arizona

$125/hr
5.0
94 jobs

Need an effective, defensible, responsibly-priced cybersecurity program? My consultancy has helped a wide variety of organizations - from smaller SaaS startups to larger Fortune 1000 brands you know and trust - realize comprehensive, integrated, end-to-end cybersecurity aligned with: • Institutional goals and internal risk appetite. • Client supply chain questionnaires / contract requirements. • Industry and regulatory requirements (e.g. GLBA, PCI-DSS, HIPAA, NYS DFS 23 NYCRR 500, DFARS / CMMC) • NIST Cybersecurity Framework (CSF) and / or good industry practices (e.g. SOC Readiness, NIST Special Publications 800-30, 800-37, 800-53, 800-171) My consulting practice is reputable, insured, and responsibly priced, and you can expect quality results, because I’m an award-winning, former IT / cybersecurity leader with: • Two decades of experience. • M.Sc. in Information Security & Assurance • M.B.A. in Information Technology Management • A wide variety of advanced industry certifications, including the CISSP and CISA. Beyond cybersecurity program compliance, I can represent your organization as a Chief Information Security Officer on a cost-effective, fractional basis supporting any further cybersecurity needs, including: • Risk assessments. • Audit response / defense. • Vulnerability scanning & penetration testing. • Policy development (e.g. Incident Response, Vulnerability Management, Secure Development) • Disaster recovery & business continuity planning. • Third-party risk / supply chain reviews. • Cybersecurity marketing (e.g. architecture diagrams and white paper development that illustrate, showcase good practices) • Capability / tool implementation & support (e.g. Data Loss Prevention, Multi-Factor Authentication) Wherever your organization stands in its cybersecurity journey, I’m almost always able to come up with a responsible, defensible solution within the budget available - often at a fixed cost - so please book a consultation with me to discuss your unique circumstances!

  • Certified Information Systems Security Professional
  • Application Security
  • IT Compliance Audit
  • HIPAA
  • Vulnerability Assessment
  • Security Infrastructure
  • Information Technology Strategy
  • Email Deliverability
  • Network Security
  • Security Analysis
  • Security Assessment & Testing
  • PCI DSS
  • SOC 2
  • NIST Cybersecurity Framework
  • Cybersecurity Management
Jason A.

Poulsbo, Washington

$160/hr
4.9
24 jobs

As a 15-year cybersecurity professional and security researcher, I have a broad, deep understanding of end-to-end security processes and technologies. With my experience in the academic and business worlds, I have provided information security expertise to a variety of companies operating globally. I hold several security certifications, including: ► Offensive Security Certified Professional (OSCP) ► GIAC Penetration Tester (GPEN) ► GIAC Reverse Engineering Malware (GREM) ► Certified Information Systems Security Professional (CISSP) In addition to my hands-on work in security research, penetration testing, and reverse engineering, I hold a Doctoral degree in Computer Science. I regularly write and speak on security topics, including data security, network security, penetration testing, and digital forensics.

  • Information Security
  • Network Security
  • Technical Writing
  • Writing
  • Certified Information Systems Security Professional
Ray M.

Dallas, Texas

$80/hr
5.0
16 jobs

Misconfigurations, shadow identities, and unsecured AI pipelines silently raise breach odds. I partner with business owners to close those gaps fast! What I’ll Deliver • Cloud-native hardening – Entra ID Conditional Access, AWS IAM least-privilege, GCP VPC SC, Microsoft Defender & Purview tuning • AI security & governance – Threat modeling for LLM/agentic systems, secure Vertex AI/Bedrock pipelines, TRiSM-aligned policies • Compliance-ready architecture—ISO 27001, SOC 2, HIPAA evidence packs, Zero-Trust roadmaps • Incident preparedness—24-hour containment playbooks, forensic workflows, automated Sentinel/Chronicle detections Proven Impact • 70 % cut in high-risk privileges across multi-cloud estate • Inbox placement boosted from 60 % to 95 via SPF/DKIM/DMARC • ISO 27001 audit pass in six weeks—saving $40K in outside fees Want me to walk you through the three quickest wins I already see? Message me What my clients say: Top rated : "Best investment I made on Upwork, Ray is quick, thoughtful, organized and made this project SO easy. He's incredibly communicative and so on top of it. 10/10 "Ray did an excellent job solving some email delivery issues for us. He was extremely timely and his communication was consistent and clear. Definitely recommend Ray!" Microsoft 365 Security | Azure Security | Cloud Security Consulting | ISO 27001 Implementation | SOC 2 Readiness | Google Workspace Security | Email Deliverability | SPF | DKIM | DMARC | Microsoft Intune | Conditional Access | Microsoft Defender for Endpoint | Risk Assessment | Vulnerability Assessment | Compliance Consulting

  • Information Security
  • Microsoft Azure Administration
  • Microsoft Intune
  • OKTA
  • Email Deliverability
  • Incident Response Plan
  • AWS Server Migration
  • Computing & Networking
  • Google Cloud Platform
  • Compliance
  • Network Engineering
  • Microsoft 365 Copilot
  • AWS CloudTrail
  • AI Security
  • NIST Cybersecurity Framework
Mostafa A.

Cairo, Egypt

$50/hr
5.0
46 jobs

✅ Top Rated Expert ✅ Senior Penetration Tester ✅ Digital Forensics ✅ Cyber Investigation I help companies and individuals secure their systems with proven cybersecurity expertise. I'm a cybersecurity expert and Information Security projects manager and founder at XEye Security, I have more than 13 years of work experience including Penetration Testing, Digital Forensics, and OSINT, and I am also a Top-Rated freelancer on Upwork with a 100% Job Success Score. ⇨ Certificates we hold: CEH, OSCP, OSCP+, CRTP, OSEP, eMAPT, CRTE, GCIA, GCIH, SSCP, GRISC, CISA, CCSP, CompTIA Security+, and CompTIA Pentest+. Together with my teams from XEye Security, we will provide you the following services with highest quality and best results: • Penetration Testing (Manual and Automated) to identify and fix vulnerabilities with high quality official report from XEye Security and in compliance with all security standards. • Digital Forensics and Cyber Investigations to uncover the hidden attacks, root cause, the evidence and we will support you in legal proceedings. • Cyber Intelligence and OSINT (Open-Source Intelligence) to reveal information about intruders or cyber criminals who committed any blackmail or cybercrime against you. we will collect and reveal evidence, detect threats and also data breaches. • Reputation Management to protect, repair, and enhance your business online digital image. • Dark Web Monitoring and Investigation to detect and find all breached data. • Social Media Accounts Recovery, we recover lost social media accounts as far as it belongs to you. • Email Security and Reputation Enhancement to protect your emails and domains from all kinds of cyber threats and ensuring that your emails not marked as spam. • Information Security Compliance Consulting, Audits for SOC 2, ISO 27001, and ISO 27701. At XEye Security, we have worked with renowned enterprises and small and medium sized companies around the US, the EU, the MENA, and South Africa and we have provided high-quality services, and solutions allowing our clients to stay secure and compliant. We have a sub company named XEye Academy, we provide private trainings with certified and skilled expert trainers for almost all cybersecurity majors with dedicated labs and support, and in partnership with PECB, we provide internationally recognized certification courses such as ISO/IEC 27001 Information Security Management, ISO/IEC 27002 Controls Implementation, ISO/IEC 31000 Risk Management, and specialized Cybersecurity Management programs including Cybersecurity Foundation and Lead Cybersecurity Manager. ⇨ Why choose XEye Security? • Proven expertise in all cybersecurity majors • Global reach with diverse industry experience • Affordable, accessible cybersecurity solutions and services • Client‑ready and high-quality standards • More than 97% client satisfaction rate • Your cybersecurity is our top priority Please reach out to me through Upwork, I and my team are happy to support you and provide you with the best services at any time.

  • Information Security
  • Digital Forensics
  • Security Assessment & Testing
  • Penetration Testing
  • Web App Penetration Testing
  • Ethical Hacking
  • Vulnerability Assessment
  • Manual Testing
  • Kali Linux
  • SOC 2
  • ISO 27001
  • SOC 2 Report
  • Cloud Security
  • Security Engineering
  • OWASP
David M.

Tonbridge, United Kingdom

$50/hr
5.0
3 jobs

🔒 You need security that actually works — not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. 🎯 Where can I help: 🗡️ Network & Infrastructure Penetration Testing — adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. 🌐 Application Penetration Testing — web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. ☁️ Microsoft 365 Security Assessment — Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. 🔷 Azure Security Assessment — identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. 🟢 Google Workspace, GCP & AWS Security Assessments — configuration and access control assessments across Google and Amazon cloud environments. 🏛️ Security Architecture and Risk Advisory — senior technical input on architecture decisions, control design and risk without a full engagement commitment. 👤 Every engagement is delivered directly by me — David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. 📋 How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: ✅ A visually structured report with clear separation between executive summary, findings and remediation roadmap — written to be read by people who are not security specialists ✅ Risk ratings adjusted to your specific environment and context, not defaulted from a tool ✅ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially ✅ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement — you are never waiting until the end to hear something important ✅ Daily status updates so you always know where the engagement stands ✅ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure — not whether it looks configured — I am worth a conversation.

  • Penetration Testing
  • Web Application Security
  • Network Penetration Testing
  • Office 365
  • Microsoft Azure
  • Cloud Security
  • Network Security
  • Vulnerability Assessment
  • Security Assessment & Testing
  • Cybersecurity Management
  • Zero Trust Architecture
  • Security Analysis
  • Google Cloud Platform
  • Google Workspace
  • Amazon Web Services
  • NIST Cybersecurity Framework
  • Microsoft 365 Copilot
  • Internet Security
  • Information Security Audit
  • Information Security Consultation

How it works

Post a job for freePost a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Certified Information Systems Security Professional on Upwork?

You can hire a Certified Information Systems Security Professional on Upwork in four simple steps:

  • Create a job post tailored to your Certified Information Systems Security Professional project scope. We’ll walk you through the process step by step.
  • Browse top Certified Information Systems Security Professional talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Certified Information Systems Security Professional profiles and interview.
  • Hire the right Certified Information Systems Security Professional for your project from Upwork, the world’s largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Certified Information Systems Security Professional?

Rates charged by Certified Information Systems Security Professionals on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Certified Information Systems Security Professional on Upwork?

As the world’s work marketplace, we connect highly-skilled freelance Certified Information Systems Security Professionals and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Certified Information Systems Security Professional team you need to succeed.

Can I hire a Certified Information Systems Security Professional within 24 hours on Upwork?

Depending on availability and the quality of your job post, it’s entirely possible to sign up for Upwork and receive Certified Information Systems Security Professional proposals within 24 hours of posting a job description.