Hire the Best Certified Systems Security Practitioners

Clients rate our Certified Systems Security Practitioners
Rating is 4.7 out of 5.
4.7/5
Based on 295 client reviews
Hien N.

Padova, Italy

$39/hr
5.0
3 jobs

LLM Security Engineer | AI Security | AppSec | DevSecOps | Cloud Security I help startups, SaaS companies, and enterprises secure modern AI systems, web applications, cloud infrastructure, and digital assets — from development to production. My work covers: AI & LLM Security • LLM application security assessments • Prompt injection and jailbreak testing • RAG pipeline security reviews • Agentic workflow security • Model abuse and data leakage testing • AI threat modeling (STRIDE, MITRE ATLAS, OWASP LLM Top 10) • Secure API integrations (OpenAI, Anthropic, vector databases) Application & API Security • Web application penetration testing • API security assessments • Authentication & authorization testing • Business logic testing • Secure architecture reviews • Vulnerability discovery and remediation guidance Incident Response & Malware Removal • WordPress malware cleanup and security hardening • Backdoor detection and persistence analysis • Reinfection root cause analysis • Webshell investigation • Redirect/spam injection cleanup • Post-compromise hardening and monitoring DevSecOps & Cloud Security • Secure CI/CD pipelines • Infrastructure as Code (IaC) security • Container and supply chain security • Secrets management • AWS & GCP security reviews • Runtime detection engineering • Security automation and secure SDLC improvements Compliance & Security Governance • Security assessments aligned with OWASP, NIST, ISO 27001, PCI DSS, GDPR, and SOC 2 • Threat modeling and risk analysis • Security control validation • Security architecture reviews My background combines 7+ years of hands-on cybersecurity experience across application security, penetration testing, cloud security, DevSecOps, threat modeling, detection engineering, and adversarial machine learning research. I work with clients across: AI/ML platforms, SaaS, FinTech, E-commerce, Healthcare, Telecom, CMS/WordPress, and cloud-native environments. Whether you need to secure your AI product, audit your application, clean a compromised website, or strengthen your cloud security posture, I can help you identify risks and implement practical fixes. Available for short-term audits, incident response, and long-term security consulting.

  • Information Security
  • Cybersecurity Management
  • Python
  • NIST Cybersecurity Framework
  • Splunk
  • PCI DSS
  • Cloud Security
  • Vulnerability Assessment
  • Security Analysis
  • Kubernetes
  • Amazon Web Services
  • Security Assessment & Testing
  • CI/CD
  • Governance, Risk & Compliance Software
  • Information Security Audit
David M.

Tonbridge, United Kingdom

$50/hr
5.0
4 jobs

🔒 You need security that actually works — not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. 🎯 Where can I help: 🗡️ Network & Infrastructure Penetration Testing — adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. 🌐 Application Penetration Testing — web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. ☁️ Microsoft 365 Security Assessment — Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. 🔷 Azure Security Assessment — identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. 🟢 Google Workspace, GCP & AWS Security Assessments — configuration and access control assessments across Google and Amazon cloud environments. 🏛️ Security Architecture and Risk Advisory — senior technical input on architecture decisions, control design and risk without a full engagement commitment. 👤 Every engagement is delivered directly by me — David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. 📋 How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: ✅ A visually structured report with clear separation between executive summary, findings and remediation roadmap — written to be read by people who are not security specialists ✅ Risk ratings adjusted to your specific environment and context, not defaulted from a tool ✅ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially ✅ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement — you are never waiting until the end to hear something important ✅ Daily status updates so you always know where the engagement stands ✅ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure — not whether it looks configured — I am worth a conversation.

  • Penetration Testing
  • Web Application Security
  • Network Penetration Testing
  • Office 365
  • Microsoft Azure
  • Cloud Security
  • Network Security
  • Vulnerability Assessment
  • Security Assessment & Testing
  • Cybersecurity Management
  • Zero Trust Architecture
  • Security Analysis
  • Google Cloud Platform
  • Google Workspace
  • Amazon Web Services
  • NIST Cybersecurity Framework
  • Microsoft 365 Copilot
  • Internet Security
  • Information Security Audit
  • Information Security Consultation
Najam U.

Gujranwala, Pakistan

$75/hr
5.0
88 jobs

Expert-Vetted on Upwork (Top 1% of security professionals). If you're building on the cloud and want to find the security gaps attackers would exploit — before they do — I can help. I’m a cybersecurity consultant and founder of Exfiltra, helping startups and enterprises secure their applications, cloud infrastructure, and DevOps pipelines. I have worked with organizations generating $6B+ in annual revenue and helped companies strengthen security across cloud environments, applications, and compliance programs. I personally lead security engagements and, when needed, bring in specialists from my team at Exfiltra to support larger or complex projects. Most clients hire me when they want to: ✔ Secure Azure / AWS / GCP environments ✔ Perform professional penetration testing ✔ Implement DevSecOps and secure CI/CD pipelines ✔ Prepare for SOC 2, ISO 27001, HIPAA, FedRAMP, or CMMC ✔ Improve security posture using industry frameworks CORE EXPERTISE AZURE & CLOUD SECURITY • Azure security architecture reviews • Microsoft Defender for Cloud & Sentinel • Identity security (Entra ID / Conditional Access) • Cloud configuration reviews and CIS Benchmark hardening APPLICATION SECURITY & PENETRATION TESTING • Web application penetration testing • API security testing • Mobile application security testing • Network and cloud penetration testing • Assessments aligned with OWASP Top 10 and OWASP ASVS DEVSECOPS & SECURITY AUTOMATION • Secure CI/CD pipelines (Azure DevOps / GitHub Actions) • Infrastructure as Code security (Terraform / Bicep) • SAST and DAST integration in pipelines SECURITY TOOLS • Snyk • Semgrep • OWASP ZAP • Burp Suite • Wazuh • CrowdStrike • Microsoft Sentinel AI & LLM SECURITY • AI application threat modeling • Prompt injection and model abuse testing • Secure architecture for AI-powered applications WHY CLIENTS WORK WITH ME • Upwork Expert-Vetted (Top 1% of freelancers) • Founder of Exfiltra – a cybersecurity services company • Supported by a team of security specialists for larger engagements • Contributor to OWASP ZAP • Experience securing environments for organizations generating $6B+ in revenue • Background in both software engineering and cybersecurity • Security research involving organizations like the U.S. Department of Defense NOT A GOOD FIT IF • You want to hack or recover social media accounts • You want enterprise-grade security but are not willing to invest in it If your goal is to build secure systems instead of reacting to breaches later, feel free to invite me to your job or send a message describing your project.

  • System Security
  • Network Security
  • Kali Linux
  • Security Assessment & Testing
  • Penetration Testing
  • Information Security Consultation
  • Application Security
  • Vulnerability Assessment
  • Information Security
  • Web Application Security
  • Ethical Hacking
  • Cloud Security
  • Web App Penetration Testing
  • Security Management
  • AI Security
  • Secure SDLC
  • Security Testing
  • Website Security
  • Database Security
  • Cybersecurity Management
Mihai V.

San Diego, California

$75/hr
5.0
5 jobs

I design and build production-grade security systems for companies that need to secure cloud infrastructure, pass audits, and operate in regulated environments. Most teams don’t have a security tool problem. They have an architecture, integration, and execution problem. That’s where I come in. What I Do I help startups and enterprise teams move from: ❌ fragmented tools and partial controls ❌ audit delays and failing security reviews ❌ reactive fixes and security debt → to ✅ engineered, scalable security architecture ✅ audit-ready, continuously compliant environments ✅ automated, integrated security operations Core Expertise Cloud Security & Cryptography • Multi-cloud security architecture (AWS, Azure, GCP) • TLS PKI systems with automated certificate lifecycle (IaC + CI/CD) • Encryption architecture (CMEK, KMS, data masking, data protection) • Cryptographic hardening aligned with FIPS and modern standards • DNS security, network isolation, and zero-trust patterns Identity & Access Management • SSO (SAML, OIDC), enterprise identity federation • RBAC and least-privilege system design at scale • SCIM provisioning and identity lifecycle automation • Integration with enterprise IdPs (PingFederate, Azure AD, Okta) • Cross-account and multi-environment access control Compliance & Audit Readiness • SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP-aligned environments • End-to-end delivery: gap assessment → implementation → audit support • Control design, remediation, and evidence automation (Vanta, Drata, custom pipelines) • Continuous compliance monitoring vs point-in-time audits • Closing audit findings fast (not just identifying them) Security Engineering & Incident Response • CI/CD security (SAST, DAST, IaC scanning, secret management) • Vulnerability management with automated remediation workflows • Cloud misconfiguration detection (CIS benchmarks, runtime analysis) • Secure system design across infrastructure and application layers • Incident response, forensics support, and system hardening AI-Driven Security I don’t just integrate tools — I design security platforms. I have built and architected multi-agent AI-driven cybersecurity systems combining: • Cloud security analysis (AWS integrations, IAM analysis, misconfiguration detection) • Offensive security (recon, exploitation, privilege escalation simulation) • Vulnerability management (SAST, DAST, fuzzing, CI/CD integration) • SOC automation (SIEM/SOAR integrations, alert enrichment, playbooks) • Forensics and incident investigation workflows • Compliance reporting mapped to frameworks (SOC 2, ISO 27001, PCI, HIPAA) Key capabilities: • Multi-agent orchestration and communication • Automated remediation workflows • MITRE ATT&CK mapping and executive reporting • API-driven integrations across security tooling ecosystem • Role-based access for security, DevOps, and compliance teams This enables: → Continuous security instead of periodic assessments → 80% reduction in manual security effort → Faster audit readiness and real-time visibility How I Work • Engineering-first — I build and implement, not just advise • Work directly in production systems (cloud, identity, pipelines) • Design for real audit constraints, not theoretical compliance • Fast execution, clear communication, and ownership Typical Clients • SaaS companies preparing for SOC 2 / ISO 27001 / HIPAA • Cloud-native platforms handling sensitive or regulated data • Startups entering enterprise sales with security blockers • Organizations with fragmented security tools that don’t work together Important I’m not a fit for checklist-based security or surface-level audits. If you need: • real security architecture • working implementations • systems that pass audits and hold up in production - we’ll work well together.

  • Artificial Intelligence
  • Cybersecurity Tool
  • NIST Cybersecurity Framework
  • FedRAMP
  • PCI DSS
  • Cryptography
  • Information Security Threat Mitigation
  • Software
  • Linux
  • macOS
  • Security Engineering
  • Cloud Security
  • Metasploit
  • Software Architecture
  • Software Architecture & Design
Muhammad A.

Multan, Pakistan

$35/hr
5.0
60 jobs

Certified SOC Analyst | Certified Incident Handler | Certified Network Security Expert I'm Muhammad Ahtsham, a Senior SOC Analyst and Cybersecurity Specialist with 5+ years of hands-on experience defending enterprise environments across worldwide. I don't just respond to alerts — I hunt threats, engineer detections, and build the security infrastructure that stops breaches before they happen. ──────────────────────────────────────── 🛡️ WHAT I DELIVER FOR YOU ──────────────────────────────────────── ✦ SOC Operations & Management Build, optimize, or manage your SOC from the ground up. I handle alert triage, incident investigation, escalation workflows, and daily/weekly reporting. ✦ Threat Detection & Hunting Using MITRE ATT&CK, LOLBAS, and hypothesis-based methodologies, I proactively hunt threats hiding in your environment before they trigger alarms. ✦ Detection Engineering & Use Case Development I've built 100+ custom detection rules across SIEM, EDR, XDR, and CASB platforms. I reduce alert fatigue by eliminating false positives and tuning detection logic for precision. ✦ Incident Response & Digital Forensics End-to-end IR: containment, investigation, root cause analysis, and post-incident reporting. I handle credential theft, malware analysis, network forensics, and executive-ready reports. ✦ Threat Intelligence (CTI) Hands-on experience with OpenCTI, MISP, and Group-IB. I build threat intelligence pipelines, integrate STIX/TAXII feeds, and translate raw IOCs into actionable detections. ✦ SIEM/SOAR Deployment & Administration Expert-level experience with LogRhythm, Splunk, Microsoft Sentinel, and Trellix SIEM. I onboard log sources, build correlation rules, automate response playbooks via SOAR, and tune your environment for maximum detection fidelity. ✦ Security Policy & Compliance Documentation ISO 27001-aligned policy writing, security procedure documentation, and security awareness program development for teams of any size. ✦ Vulnerability Assessment & Penetration Testing From Nessus-based VA scanning to web application testing with Burp Suite and network assessments with Nmap — I find your exposures before attackers do. ✦ Consulting & Mentoring Need guidance on OpenCTI deployment, SIEM architecture, or building a SOC from scratch? I offer consultations for teams, MSSPs, and security leaders. ──────────────────────────────────────── 🔧 TOOLS & PLATFORMS I WORK WITH DAILY ──────────────────────────────────────── SIEM: LogRhythm | Splunk | Microsoft Sentinel | Trellix | Wazuh | QRadar EDR/XDR: CrowdStrike | Microsoft Defender (MDO/MDE) | Trellix EDR | IVX CTI: OpenCTI | MISP | Group-IB | STIX/TAXII | arcX Email Sec: Abnormal Security | Microsoft Defender for Office 365 CASB: Skyhigh CASB VA/PT: Nessus | Burp Suite | Nmap | Kali Linux | Metasploit Network: Wireshark | Fortinet | Palo Alto | Cisco ASA SOAR: XSIAM | XSOAR | Cortex | Custom PowerShell Playbooks Cloud: Microsoft Azure | Azure Sentinel | Microsoft 365 Security ──────────────────────────────────────── 📜 CREDENTIALS ──────────────────────────────────────── ✦ Certified SOC Analyst (CSA) — EC-Council ✦ Certified Ethical Hacker (CEH) — EC-Council ✦ Certified Incident Handler (CIH) — EC-Council ✦ Fortinet Certified Professional (FCP) NSE5 — Fortinet ✦ Cyber Threat Intelligence 101 — arcX ✦ Splunk Power User ✦ Practical Ethical Hacking — TCM Security ──────────────────────────────────────── Let's talk about securing your environment — send me a message.

  • Cybersecurity Monitoring
  • Cybersecurity Tool
  • Cyber Threat Intelligence
  • Cybersecurity Management
  • Information Security
  • Information Security Threat Mitigation
  • Information Security Consultation
  • Security Operation Center
  • Technical Writing
  • Security Analysis
  • NIST Cybersecurity Framework
  • Information & Communications Technology
  • Firewall
Wafa A.

Islamabad, Pakistan

$15/hr
5.0
26 jobs

💪 Top Rated I help startups, SaaS companies, and enterprises identify security vulnerabilities before attackers do. With 5+ years of cybersecurity experience, I specialize in manual penetration testing, application security, API security, cloud security, compliance assessments, and privacy audits. I have worked with organizations across the United States, United Kingdom, Germany, and Canada, delivering security assessments aligned with international standards and industry best practices. My assessments have uncovered critical vulnerabilities including Account Takeover, Remote Code Execution (RCE), IDOR, Authentication & Authorization flaws, Business Logic vulnerabilities, SSRF, XSS, CSRF, SQL Injection, Sensitive Data Exposure, Security Misconfigurations, and Insecure API Implementations. My Services Penetration Testing • Web Application Penetration Testing (OWASP Top 10) • Mobile Application Security Testing (Android & iOS) • REST & GraphQL API Security Testing • External & Internal Network Penetration Testing • Authentication & Authorization Testing • Business Logic Testing • Secure Code Review (SAST) • Cloud Security Assessments (AWS, Azure & GCP) Privacy & Tracking Audits I perform non-destructive privacy and tracking audits to evaluate how websites collect, process, and share user data without making any changes to production environments. My privacy audits include: • Tracking & Analytics Review (Google Analytics, Meta Pixel, LinkedIn Insight Tag, etc.) • Cookie & Consent Compliance Assessment • Third-Party Script & Tag Analysis • Privacy & Data Collection Review • Browser Storage Review (Cookies, Local Storage & Session Storage) • Sensitive Data Leakage Detection • Tracking Request Analysis • GDPR Privacy Assessment • Actionable Privacy & Security Recommendations Important: I do not modify, delete, or update website code, tracking configurations, analytics settings, or production systems. My work is strictly read-only and results in a detailed report highlighting privacy concerns, security risks, and practical recommendations for improvement. Compliance & Security Frameworks • CASA Tier 2 Security Testing • CMMC Level 2 • NIST SP 800-171 • NIST SP 800-53 • ISO 27001 • SOC 2 • GDPR Security Automation I develop custom security automation solutions that help organizations reduce manual effort and improve their security posture. Automation services include: • Vulnerability Management Automation • Security Testing Automation • Compliance Reporting Automation • Security Workflow Automation • Custom Security Scripts & Tools Technical Toolkit Security Tools • Burp Suite Professional • OWASP ZAP • Nmap • Nessus • Metasploit • SonarQube • Veracode • Appknox • Bandit Infrastructure & Cloud Security • Cloudflare • Imperva WAF • Firewall Configuration • Identity & Access Management (IAM) • Access Control Management • Database Security Programming & Automation • Python • Bash • Node.js • Java Why Clients Hire Me ✅ 5+ Years of Professional Cybersecurity Experience ✅ Manual Security Testing Not Just Automated Scanner Reports ✅ Clear, Actionable Reports with Risk Ratings and Remediation Guidance ✅ Independent Security Consultant (No Agency, No Subcontracting) ✅ Strong Communication Throughout the Engagement ✅ Flexible Across Multiple Time Zones (Including EST Overlap) Deliverables Every assessment includes: • Executive Summary • Technical Findings with Evidence • Risk Severity (CVSS/OWASP where applicable) • Step-by-Step Reproduction • Screenshots & Proof of Concept • Practical Remediation Recommendations • Optional Re-Testing After Fixes Due to client confidentiality, I do not publicly share full penetration testing reports. However, I can demonstrate redacted professional reports during a screen-sharing meeting or after an NDA is signed. Whether you need a comprehensive penetration test, a privacy and tracking audit, an application security assessment, or compliance guidance, I'm here to help you strengthen your security posture and reduce risk. Let's discuss your project.

  • Computer Network
  • Information Security
  • Network Penetration Testing
  • Penetration Testing
  • Testing
  • Software Testing
  • Malware Removal
  • Digital Forensics
  • Web App Penetration Testing
  • Security Testing
  • Cloud Testing
  • Cloud Security
  • Compliance
  • SOC 2
  • IT Compliance Audit
  • AI Compliance
  • GDPR Compliance Review
  • SOC 2 Report
  • Compliance Consultation

How it works

Post a job for freePost a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Certified Systems Security Practitioner on Upwork?

You can hire a Certified Systems Security Practitioner on Upwork in four simple steps:

  • Create a job post tailored to your Certified Systems Security Practitioner project scope. We’ll walk you through the process step by step.
  • Browse top Certified Systems Security Practitioner talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Certified Systems Security Practitioner profiles and interview.
  • Hire the right Certified Systems Security Practitioner for your project from Upwork, the world’s largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Certified Systems Security Practitioner?

Rates charged by Certified Systems Security Practitioners on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Certified Systems Security Practitioner on Upwork?

As the world’s work marketplace, we connect highly-skilled freelance Certified Systems Security Practitioners and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Certified Systems Security Practitioner team you need to succeed.

Can I hire a Certified Systems Security Practitioner within 24 hours on Upwork?

Depending on availability and the quality of your job post, it’s entirely possible to sign up for Upwork and receive Certified Systems Security Practitioner proposals within 24 hours of posting a job description.