Hire the Best Cybersecurity Developers

Clients rate our Cybersecurity Developers
Rating is 4.8 out of 5.
4.8/5
Based on 1,046 client reviews
Thilina V.

Matara, Sri Lanka

$35/hr
4.7
53 jobs

I help companies design, automate, secure, and optimize cloud platforms on AWS, Azure, and GCP. With 8+ years of hands-on experience in Cloud, DevOps, Security, and Platform Engineering, I have led cloud transformation, infrastructure automation, Kubernetes modernization, FinOps initiatives, and enterprise security programs for Fortune 500 organizations and large-scale global environments. My expertise goes beyond infrastructure deployment—I focus on building scalable, secure, highly available, and cost-efficient platforms that accelerate software delivery while reducing operational overhead. I currently work as a Technical Lead responsible for cloud operations, platform engineering, security governance, automation, infrastructure modernization, cost optimization, and DevSecOps initiatives across multi-cloud environments. What I Can Help You With Cloud Architecture & Platform Engineering ✔ AWS Landing Zones & Multi-Account Architectures ✔ AWS Organizations & Control Tower ✔ Cloud Migration & Modernization ✔ High Availability & Disaster Recovery ✔ Hybrid Cloud & Multi-Cloud Architectures ✔ Platform Engineering & Internal Developer Platforms ✔ Infrastructure Standardization & Governance ✔ FinOps & Cloud Cost Optimization DevOps & CI/CD ✔ GitHub Actions ✔ GitLab CI/CD ✔ Jenkins ✔ AWS CodePipeline ✔ Bitbucket Pipelines ✔ ArgoCD ✔ Blue/Green Deployments ✔ Canary Releases ✔ Zero-Downtime Deployments ✔ Release Automation ✔ Environment Promotion Strategies Kubernetes & Container Platforms ✔ Amazon EKS ✔ Amazon ECS (EC2 & Fargate) ✔ Kubernetes Administration ✔ Cluster Upgrades & Modernization ✔ Helm ✔ Ingress Controllers ✔ Service Mesh ✔ Container Security ✔ Docker ✔ Container Registries (ECR, Docker Hub) ✔ Production Kubernetes Operations Infrastructure as Code & Automation ✔ Terraform ✔ OpenTofu ✔ CloudFormation ✔ Ansible ✔ Packer ✔ Python Automation ✔ Bash Scripting ✔ Infrastructure Lifecycle Management ✔ GitOps ✔ Self-Service Provisioning Platforms AI Infrastructure, MLOps & AIOps ✔ Amazon Bedrock ✔ Amazon Q ✔ OpenAI API Integrations ✔ AI-Powered DevOps Workflows ✔ LLM Infrastructure Deployment ✔ AI Agent Hosting Platforms ✔ Vector Databases ✔ RAG Infrastructure ✔ GPU Workloads ✔ Kubernetes for AI Platforms ✔ MLOps Pipelines ✔ AI Observability ✔ AIOps & Intelligent Incident Management ✔ AI-Assisted Infrastructure Automation Cloud Security & DevSecOps ✔ AWS Security Best Practices ✔ IAM Governance ✔ Identity Federation & SSO ✔ Security Baselines ✔ Secrets Management ✔ WAF & Edge Security ✔ Vulnerability Management ✔ Security Automation ✔ Compliance Automation ✔ SOC2 Readiness ✔ ISO 27001 Controls ✔ CIS Benchmark Implementations ✔ Cloud Security Reviews & Audits AWS Expertise ✔ EC2 ✔ ECS ✔ EKS ✔ Lambda ✔ API Gateway ✔ VPC ✔ Route 53 ✔ CloudFront ✔ ALB / NLB ✔ S3 ✔ RDS ✔ DynamoDB ✔ Aurora ✔ Elasticache ✔ Secrets Manager ✔ Systems Manager ✔ Control Tower ✔ Organizations ✔ Config ✔ CloudTrail ✔ GuardDuty ✔ Security Hub ✔ Compute Optimizer ✔ Cost Explorer ✔ Budgets ✔ Savings Plans & Reserved Instances Monitoring, Observability & Reliability Engineering ✔ CloudWatch ✔ Prometheus ✔ Grafana ✔ ELK Stack ✔ OpenSearch ✔ OpenTelemetry ✔ Distributed Tracing ✔ New Relic ✔ Datadog ✔ Dynatrace ✔ Incident Response ✔ SRE Practices ✔ Reliability Engineering ✔ Capacity Planning Certifications 🏆 AWS Certified Solutions Architect – Professional 🏆 AWS Certified DevOps Engineer – Professional 🏆 AWS Certified Security – Specialty 🏆 AWS Certified AI Practitioner 🏆 Google Cloud Associate Cloud Engineer Why Clients Work With Me ✅ Technical Lead with real enterprise-scale cloud experience ✅ Strong architecture and hands-on implementation skills ✅ Security-first mindset ✅ Deep AWS expertise ✅ Cost optimization and FinOps experience ✅ Fast troubleshooting and root-cause analysis ✅ Clear communication and documentation ✅ Visiting Lecturer in Cloud, DevOps, and Security ✅ AWS Community Contributor and Public Speaker Areas I Commonly Support AWS Infrastructure Design Terraform Projects Kubernetes / EKS ECS Fargate Cloud Security Reviews CI/CD Automation Cloud Cost Optimization Platform Engineering AI Infrastructure MLOps & AIOps DevSecOps Cloud Migrations Production Troubleshooting Observability & Monitoring

  • Cybersecurity Management
  • Network Security
  • Cloud Architecture
  • Amazon Web Services
  • DevOps
  • Cloud Management
  • Cloud Security
  • AWS Application
  • Cloud Computing
  • CI/CD
  • Infrastructure as Code
  • Terraform
  • Solution Architecture
  • Cloud Engineering
  • DevOps Engineering
  • AIOps
Youssef E.

Kenitra, Morocco

$20/hr
5.0
23 jobs

I find the vulnerabilities in your web apps, APIs, and networks before attackers do, then hand your team a clear, reproducible penetration testing report they can act on. GXPN and GCIH certified. Top Rated on Upwork with 100% Job Success across web application, API, and network security engagements. No scanner dump and no jargon wall. Every finding comes with a severity rating (CVSS), working proof of concept, and a concrete fix your developers can ship. What I test: - Web application penetration testing (OWASP Top 10, PTES, NIST) - API security testing (REST, GraphQL, auth/OAuth, IDOR, broken access control) - SaaS and multi-tenant assessments (Supabase / Firebase data-isolation testing) - Network and external perimeter penetration testing - Source code / secure code review How I work: authorized testing only, on systems you own or have permission to test. Everything is documented over Upwork so you get a written record of every finding, not a verbal hand-wave. I retest after you patch to confirm the holes are actually closed. Credentials: GXPN (GIAC Advanced Penetration Tester & Exploit Researcher), GCIH (GIAC Certified Incident Handler), SANS CTF winner, and an active national/international CTF competitor (web, reverse, crypto, forensics). I also handle WordPress malware removal and incident response. See my Project Catalog for a fixed-price option.

  • Penetration Testing
  • Web Application Security
  • WordPress
  • Malware Removal
  • Website Security
  • Vulnerability Assessment
  • Network Penetration Testing
  • OWASP
  • Information Security
  • API
Muhammad Shoaib .

Peshawar, Pakistan

$25/hr
4.6
35 jobs

Penetration tester and WordPress security expert. Web app, API, network, and WordPress security testing. Vulnerability assessment, malware removal, and OWASP audits. Manual testing, real exploitation analysis, and clear remediation steps your developers can act on. Not automated scan exports. Core services: - Penetration testing — web apps, APIs, networks (OWASP Top 10, OWASP API Top 10) - WordPress malware removal & hacked site recovery (24-hour turnaround) - WordPress security hardening — WAF, 2FA, file permissions, security headers - Vulnerability assessment & security audits with CVSS scoring - OSINT investigations & digital footprint analysis - Cyber threat intelligence & dark web monitoring - Mobile application security assessments (CASA Tier 2) - AI/n8n workflow security audits — LLM integrations, prompt injection - Red-team tooling & phishing simulation (Evilginx, custom phishlets) What you get on a penetration test: - Manual testing with Burp Suite — not just Nessus/Nuclei exports - Validated vulnerabilities with working proof of concept — no false positives - CVSS-scored findings with reproduction steps - Executive summary + developer-ready technical report - Free retest within 14 days What you get on WordPress malware removal: - Full malware scan & manual cleanup (file system + database) - Hidden admin accounts removed, backdoors closed - Core, theme, and plugin integrity restored - Google blacklist & SafeBrowsing review request - Security hardening included — WAF, 2FA, file permissions - 30-day reinfection guarantee Selected past work: - Penetration testing engagements — web apps, APIs, network scope - CASA Tier 2 mobile application security assessment - Dark web monitoring & cyber threat intelligence reporting - Cyber SOC Analyst consulting - Evilginx phishlet development & red-team tooling - Qualys vulnerability scanning, CVSS scoring, CWE classification - IDS ruleset development and Linux root cause analysis - WordPress malware removal & site hardening engagements Tools: Burp Suite, OWASP ZAP, Nmap, Wireshark, Metasploit, Nuclei, Qualys, Sucuri, Wordfence, MalCare, Maltego, Autopsy, custom Python. Methodology: OWASP Top 10, OWASP API Top 10, NIST SP 800-115, PTES, MITRE ATT&CK. Trained on EC-Council CEH curriculum with CodeRed coursework in OWASP ZAP pentesting, OSINT, malware analysis, and digital forensics. Share your scope or describe what you need. I'll respond within a few hours with a clear plan and a fixed price.

  • Penetration Testing
  • Vulnerability Assessment
  • Ethical Hacking
  • Web Application Security
  • Network Security
  • Malware Removal
  • Website Security
  • WordPress Security
  • Security Testing
  • Cyber Threat Intelligence
  • AI Security
  • Digital Forensics
  • Information Security
  • Application Security
  • WordPress Malware Removal
  • Security Assessment & Testing
  • Web App Penetration Testing
  • OWASP
  • Information Security Audit
  • Network Penetration Testing
Luca F.

Valdagno, Italy

$100/hr
5.0
74 jobs

OSCP & CEH-certified Penetration Tester with 8+ years of hands-on experience in Web, Mobile (iOS/Android), API, and Cloud security testing. 65+ projects delivered, 100% Job Success Score, Top Rated on Upwork. I help SaaS companies, healthcare platforms, FinTech, E-commerce and EdTech startups find real, exploitable vulnerabilities before attackers do, through manual penetration testing that goes far beyond automated scans. — What makes my testing different — I focus on real exploitation, not theoretical findings. Automated scanners miss business logic flaws, broken access control, and chained vulnerabilities. My OSCP-trained approach simulates how a motivated attacker would actually compromise your application, then documents the path so your developers can fix it for good. Every engagement includes a free retest after remediation, so you know the fix worked. — Core services — • Web Application Penetration Testing (OWASP WSTG v4.2 methodology) • Mobile App Security Testing for iOS & Android (OWASP MASVS / MASTG) • API Security Testing — REST, GraphQL, OWASP API Top 10 • Cloud Security Reviews — AWS / GCP / Azure misconfiguration testing • Source Code Security Review (PHP, Node.js, Python) • AI / LLM Security — Prompt Injection, Data Leakage, OWASP LLM Top 10 • WordPress & PHP Application Hardening • WAF Bypass Testing & Detection Engineering — Tools & methodologies — Burp Suite Professional, Frida, Nmap, sqlmap, Metasploit, OWASP ZAP, Nuclei, Genymotion, MobSF, OWASP WSTG, OWASP MASVS, MITRE ATT&CK, NIST SP 800-115. — Industries I've worked with — Healthcare & medical devices (compliance-grade pentest + documentation), EdTech mobile platforms (iOS app dynamic analysis with Frida, Keychain audit), SaaS startups (full-stack web + API testing), e-commerce (WAF bypass, payment flow security). — Compliance support — GDPR, PCI-DSS, ISO 27001, SOC 2, HIPAA — I provide the technical evidence and remediation documentation auditors expect. — How I work — 1. Send me your application URL or scope description, I'll review it and respond within 24 hours 2. Fixed-price or hourly proposal with clear deliverables, no surprises 3. Manual testing with detailed PoC for every finding 4. Executive summary + technical report (CVSS-scored, remediation-ready) 5. Free retest after your team applies the fixes — Certifications — • OSCP — Offensive Security Certified Professional • CEH — Certified Ethical Hacker • MSc in Information Systems & Network Security — University of Milan Send me your application URL or a brief scope description, and within 24 hours you'll get a focused assessment and a clear, fixed-price estimate.

  • Cybersecurity Management
  • Penetration Testing
  • Security Testing
  • Vulnerability Assessment
  • Web Application Security
  • Web App Penetration Testing
  • Security Assessment & Testing
  • Cloud Security
  • Black Box Testing
  • Information Security Awareness
  • Kali Linux
  • Network Penetration Testing
  • OWASP
  • Risk Assessment
  • Information Security
  • WordPress Security
  • Bug Bounty
  • AI Security
  • Better Mobile Security Better
  • Red Team Assessment
David M.

Tonbridge, United Kingdom

$50/hr
5.0
3 jobs

🔒 You need security that actually works — not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. 🎯 Where can I help: 🗡️ Network & Infrastructure Penetration Testing — adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. 🌐 Application Penetration Testing — web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. ☁️ Microsoft 365 Security Assessment — Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. 🔷 Azure Security Assessment — identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. 🟢 Google Workspace, GCP & AWS Security Assessments — configuration and access control assessments across Google and Amazon cloud environments. 🏛️ Security Architecture and Risk Advisory — senior technical input on architecture decisions, control design and risk without a full engagement commitment. 👤 Every engagement is delivered directly by me — David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. 📋 How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: ✅ A visually structured report with clear separation between executive summary, findings and remediation roadmap — written to be read by people who are not security specialists ✅ Risk ratings adjusted to your specific environment and context, not defaulted from a tool ✅ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially ✅ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement — you are never waiting until the end to hear something important ✅ Daily status updates so you always know where the engagement stands ✅ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure — not whether it looks configured — I am worth a conversation.

  • Cybersecurity Management
  • Penetration Testing
  • Web Application Security
  • Network Penetration Testing
  • Office 365
  • Microsoft Azure
  • Cloud Security
  • Network Security
  • Vulnerability Assessment
  • Security Assessment & Testing
  • Zero Trust Architecture
  • Security Analysis
  • Google Cloud Platform
  • Google Workspace
  • Amazon Web Services
  • NIST Cybersecurity Framework
  • Microsoft 365 Copilot
  • Internet Security
  • Information Security Audit
  • Information Security Consultation
Hassan S.

Karachi, Pakistan

$15/hr
5.0
4 jobs

Your applications and infrastructure are only as secure as the last person who tried to break in. I make sure that person is me — before a real attacker gets there. I'm an offensive security specialist with 7+ years in ethical hacking, and I've led hundreds of penetration tests, security audits, and red team engagements — for multinational enterprises with thousands of assets and for startups that need to prove security to win their first big customer. My focus is hands-on, manual exploitation: finding the flaws automated scanners miss, then showing you exactly how an attacker would chain them into real damage. Every engagement ends with a report your developers can actually act on — not a 200-page scanner dump. Here's how I help: 🔍 Penetration Testing Comprehensive manual + automated testing of web apps, APIs, mobile apps, servers, and networks (internal and external). I work with industry-standard tooling — Burp Suite Professional, Nessus — alongside custom scripts refined across past engagements to dig deeper than off-the-shelf tools allow. 📑 Professional Reporting & Risk Analysis A clear, professionally written report for every finding, including step-by-step exploitation methodology, full HTTP requests/responses, annotated proof-of-concept screenshots, standardized CVSS v4.0 ratings, and the real business impact tied to each affected asset. 🛠️ Remediation Guidance Tailored, best-practice fixes for every issue — explained so both your engineers and your decision-makers understand the risk and the path to closing it. 🌐 Asset Discovery & Mapping Active and passive reconnaissance to reveal your true attack surface: subdomain enumeration, port and service discovery, and identification of exposed public-facing assets. 🔁 Free Retest & Validation A complimentary re-test after you've remediated — verifying fixes hold and confirming no alternate exploitation paths remain. 🕵️ OSINT Reconnaissance Open-source intelligence to surface what attackers already know about you: breached credentials, leaked documents, exposed metadata, and chatter on forums and the dark web — backed by access to a curated repository of 4+ billion records. 🤝 Pre-Engagement Consulting Scoping sessions to define your Scope of Work, choose the right engagement type (black-box, grey-box, or white-box), set access requirements, and guide first-time clients through the process end to end. 🎯 Post-Engagement Debrief A walkthrough of every finding — clarifying technical impact in plain language, prioritizing by real-world risk, and mapping out how to strengthen your security posture going forward. If you're protecting customer data, preparing for a compliance or vendor security review, or simply want to know where you stand before someone else finds out — let's talk. Send me a message with a bit about your project and I'll tell you honestly how I can help.

  • Cybersecurity Management
  • Information Security
  • Penetration Testing
  • Security Assessment & Testing
  • Vulnerability Assessment
  • Security Testing
  • Web App Penetration Testing
  • Kali Linux
  • Web Application Security
  • Cloud Security
  • Black Box Testing
  • Information Security Awareness
  • Network Penetration Testing
  • OWASP
  • Risk Assessment
  • WordPress Security
  • Bug Bounty

How it works

Post a job for free Post a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Cybersecurity Developer on Upwork?

You can hire a Cybersecurity Developer on Upwork in four simple steps:

  • Create a job post tailored to your Cybersecurity Developer project scope. We’ll walk you through the process step by step.
  • Browse top Cybersecurity Developer talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Cybersecurity Developer profiles and interview.
  • Hire the right Cybersecurity Developer for your project from Upwork, the world’s largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Cybersecurity Developer?

Rates charged by Cybersecurity Developers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Cybersecurity Developer on Upwork?

As the world’s work marketplace, we connect highly-skilled freelance Cybersecurity Developers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Cybersecurity Developer team you need to succeed.

Can I hire a Cybersecurity Developer within 24 hours on Upwork?

Depending on availability and the quality of your job post, it’s entirely possible to sign up for Upwork and receive Cybersecurity Developer proposals within 24 hours of posting a job description.