I find the vulnerabilities in your web apps, APIs, and networks before attackers do, then hand your team a clear, reproducible penetration testing report they can act on.
GXPN and GCIH certified. Top Rated on Upwork with 100% Job Success across web application, API, and network security engagements.
No scanner dump and no jargon wall. Every finding comes with a severity rating (CVSS), working proof of concept, and a concrete fix your developers can ship.
What I test:
- Web application penetration testing (OWASP Top 10, PTES, NIST)
- API security testing (REST, GraphQL, auth/OAuth, IDOR, broken access control)
- SaaS and multi-tenant assessments (Supabase / Firebase data-isolation testing)
- Network and external perimeter penetration testing
- Source code / secure code review
How I work: authorized testing only, on systems you own or have permission to test. Everything is documented over Upwork so you get a written record of every finding, not a verbal hand-wave. I retest after you patch to confirm the holes are actually closed.
Credentials: GXPN (GIAC Advanced Penetration Tester & Exploit Researcher), GCIH (GIAC Certified Incident Handler), SANS CTF winner, and an active national/international CTF competitor (web, reverse, crypto, forensics).
I also handle WordPress malware removal and incident response. See my Project Catalog for a fixed-price option.
Penetration Testing
Web Application Security
WordPress
Malware Removal
Website Security
Vulnerability Assessment
Network Penetration Testing
OWASP
Information Security
API
Shaheer A.
Lahore Cantt, Pakistan
$30/hr
4.6
128 jobs
Your GA4 numbers don't match your ad platforms. Conversion events fire twice, or not at all. And every month someone rebuilds the same dashboard by hand because last month's stopped being believable. The tracking underneath is broken, so nothing built on top of it can be trusted, and you're left guessing which number to spend against.
I fix the whole chain, end to end: from the tag firing on your site, to the BigQuery pipeline that cleans and unifies the data, to the dashboard your team makes decisions on.
I'm an Analytics Engineer who builds the data engineering layer (automated pipelines, BigQuery modeling, BI) on top of deep, hands-on tracking implementation roots. That combination is the point. Because I own both the server-side tracking and the pipelines it feeds, the data stays coherent the whole way down, with no hand-offs between three specialists who each blame the other when the numbers don't add up.
I work almost exclusively with e-commerce brands and marketing, growth, and advertising agencies (white-label welcome). I speak ROAS, MER, CAC, and LTV, so you tell me the business goal, not the technical spec.
---
What I build
Marketing & e-commerce data pipelines (GCP / BigQuery), the core of what I do:
- Automated ETL/ELT from GA4, Shopify, ad platforms (Meta, Google, TikTok), and CRM into BigQuery
- Ingestion via Python, dbt, Fivetran, Stitch, or the GA4 native BigQuery export
- BigQuery data modeling: staging, intermediate, and mart layers, partitioning, clustering, incremental models
- Data cleaning, normalization, deduplication, and identity stitching across sources
- Orchestration and scheduling on GCP: Cloud Run, Cloud Functions, Pub/Sub, Cloud Scheduler
- Cost optimization, query tuning and table design so the warehouse scales without surprising your bill
- Deliverables: automated pipeline, single source of truth in BigQuery, attribution-ready datasets, documented and modeled tables refreshed on schedule, a warehouse your next analyst can actually read
Tracking & analytics implementation, the foundation the data depends on:
- GA4: advanced e-commerce, custom events, funnels, attribution-ready data layer
- Google Tag Manager, client-side and server-side (Stape or GCP)
- Conversion APIs: Meta CAPI, TikTok Events API, Google Ads enhanced conversions, Snapchat, LinkedIn
- Client-to-server migration to recover conversions lost to iOS, ITP, and ad blockers
- Consent Mode v2 and CMP setup (OneTrust, Usercentrics), first-party capture, hashing, deduplication
- dataLayer, JavaScript, and DOM work for custom event tracking
- Deliverables: documented tracking plan, validated event and conversion setup, tag and trigger audit, numbers that reconcile across platforms
BI & reporting, the part your team actually looks at:
- Looker Studio dashboards powered by BigQuery (Power BI / Tableau / Metabase on request)
- Revenue analytics, channel performance, funnels, ROAS/CAC/LTV scorecards
- Automated SQL transformations and scheduled workflows, no manual monthly rebuilds
- Deliverables: CEO-ready dashboard, automated refresh, documentation your team can follow
---
Why clients hire me:
I combine data engineering, analytics implementation, and BI automation into one workflow. Instead of isolated dashboards or pipelines built on shaky tracking, you get a full-stack, maintainable, accurate data system, with one person accountable from the tag on your site to the number on the dashboard. Agencies can put me behind their own client work: on calls if you want me there, invisible if you don't.
Certifications:
- Google Cloud Professional Data Engineer (2025)
- Google Analytics Individual Qualification (verified by Upwork)
- Meta Certified Marketing Developer (Credly)
Whether you need a GA4-to-BigQuery pipeline, broken tracking fixed, Shopify analytics modeling, or a complete analytics foundation, tell me what you're trying to decide with the data, and I'll build the system that gets you there.
BigQuery
ETL Pipeline
SQL
Data Engineering
dbt
Python
Data Modeling
Google Cloud Platform
Data Warehousing
Looker Studio
Data Analytics
Tableau
Google Analytics 4
Google Tag Manager
Tracking Pixel
Marketing Analytics
Shopify
Google Sheets
Supermetrics
Data Warehousing & ETL Software
Kunal N.
Pune, India
$20/hr
5.0
4 jobs
I help SaaS companies, and enterprises identify critical security vulnerabilities before they become costly breaches, compliance issues, or business disruptions.
As an Application Security Consultant and Penetration Tester, I specialize in uncovering real-world security weaknesses across web applications, APIs, network infrastructure, cloud environments, and modern technology platforms. My goal is not only to identify vulnerabilities but also to help organizations understand their security risks, prioritize remediation efforts, and strengthen their overall security posture.
I have worked on security assessments involving enterprise applications, banking platforms, healthcare systems, cloud infrastructures, and business-critical applications. My experience includes identifying authentication flaws, access control weaknesses, business logic vulnerabilities, network misconfigurations, cloud security gaps, API security issues, and attack paths that automated scanners frequently miss.
Core Security Services
• Web Application Penetration Testing (OWASP Top 10 & Business Logic Testing)
• API Security Testing (REST & GraphQL)
• Network & Infrastructure Security Testing
• Cloud Security Assessments (AWS)
• Red Team Operations & Adversary Simulation
• AI / LLM Security Testing
• Vulnerability Assessment & Risk Analysis
• Security Architecture Review
• Email Security Implementation (SPF, DKIM & DMARC)
What You Can Expect
• Comprehensive Manual Security Testing
• Detailed Vulnerability Reports
• Proof-of-Concept Validation
• Risk-Based Prioritization
• Clear Remediation Guidance
• Remediation Validation & Retesting
• Executive and Technical Reporting
Tools & Technologies
• Burp Suite Professional
• Nmap
• Metasploit Framework
• Nessus
• OWASP ZAP
• Wireshark
• SQLMap
• AWS Security Tools
• Kali Linux
Long-Term Security Partnership
Many organizations engage me beyond a single penetration test. I work with clients on recurring security assessments, monthly security reviews, remediation verification, secure development guidance, and continuous security improvement initiatives.
Whether you need a one-time security assessment or a long-term security partner, I focus on delivering actionable security insights that help protect your applications, infrastructure, customers, and reputation.
If you are looking for a security professional who can think like an attacker and provide practical, business-focused security recommendations, I would be happy to discuss your project.
Penetration Testing
Web Application Security
Vulnerability Assessment
Ethical Hacking
OWASP
API Testing
Network Penetration Testing
Metasploit
Cloud Security
Cybersecurity Tool
Security Testing
Network Security
Application Security
Red Team Assessment
Information Security
M Rizki K.
Kampar, Indonesia
$3/hr
4.9
42 jobs
I’m a Software/AI & VPS Engineer, I can fix anything with zero mistakes n build everythings easily n fastest, i got unlimited Codex token, love to do things OpenClaw, Blockchain, Pipeline, flutter, flutterflow, build tools, Internal tools, Modules, Bot, PineScript, Mod, sys Linux n i can copy any site 100% match quick n easy n i strong in backend and full-stack systems and build Web apps, Mobile Apps, Desktop Apps, Rust/Tauri, Electron, Browser Extension n trading system, n strong Web3 edge (EVM, Stellar & Solana). I turn ambiguous ideas into secure, reliable, human-centered products using TypeScript/JavaScript, React/Next.js, Node.js/Nest, Go, Python, Solidity, Rust (Anchor), and modern infra. I care about clean architecture, measurable impact, and great developer experience (DX) also so features ship fast and safe, also love building an Apps & AI things. for the security side, I bring pentest/audit mindset to every build: threat modeling, fuzzing & invariants, automated checks in CI, and clear, actionable reports. I also provide English technical translation/localization for whitepapers, docs, and UI strings.
Languages: TypeScript/JavaScript, Vue, Go, Python, Solidity, Rust (Anchor), Php, Ruby, C & C++
Frontend: React, Next.js, Tailwind, Radix/shadcn, Vite, SSR/SSG/ISR, Flutter
Backend: Node.js (Nest/Express/Fastify), Go (Gin/Fiber), GraphQL, REST, gRPC, WebSockets
Web3: Solidity, Rust/Anchor, Hardhat, Foundry, OpenZeppelin, viem/wagmi, ethers.js, WalletConnect v2, Safe, The Graph, IPFS
Testing: Jest/Vitest, Playwright, Supertest, Foundry (fuzz/invariants), Slither, Echidna
Data: PostgreSQL, MySQL, SQLite, Prisma/TypeORM/Knex, Redis
DevOps: Docker, GitHub Actions, basic K8s, AWS/GCP basics, Sentry, OpenTelemetry, Tenderly, OpenZeppelin Defender
Security: OWASP ASVS/API, RBAC/ABAC, token design, key/secret rotation, rate limiting & anomaly detection, audit reports
DeFi staking: with upgradeable proxies storage-safe upgrades, 0 criticals in audit
NFT marketplace royalty splits, subgraph indexing, gas-optimized listings
Solana program PDA-secured escrow with CPI, wallet-adapter UX, >95% test coverage
Payments & off-chain settlement Webhooks + queues, idempotent APIs, chargeback handling
Security engagement BOLA/IDOR class bugs identified; implemented header-precedence fixes & authZ binding
Blockchain Architecture
Web Development
NFT
App Development
iOS Development
Web Application
Product Development
Android App Development
Web3
Flutter
Full-Stack Development
AI Builder
Flutter Stack
Technical SEO
Linux
Carlos A.
San Luis Potosi, Mexico
$40/hr
5.0
46 jobs
If a website fights back - enterprise anti-bot, hidden APIs, protected platforms - that's exactly what I've specialized in for 9+ years. Data extraction at scale from sources that don't want to give it up: real estate portals, marketplaces, retail, court and government platforms. When standard scraping tools and AI scrapers hit a wall, that's where my work starts.
Real estate and property data, marketplace and price monitoring, court and public records, B2B lead generation - different sources, same problem: getting clean data out reliably, and keeping the pipeline alive long after the demo.
Whatever the source, you get working infrastructure that runs daily - not a zip file with a script in it.
20+ years in technology, with a network security background. I turn extraction into systems clients run their businesses on: deal sourcing, lead generation, price monitoring, market intelligence.
Clients usually come to me when:
- An existing extraction process keeps breaking and the data it feeds can't be trusted anymore
- The data lives behind protected sites, anti-bot, or a hidden API no off-the-shelf tool reaches
- Prices, catalogs or listings need tracking across marketplaces and competitors at a cadence no manual process can hold
- The work spans many sites, counties or platforms and needs one system, not one-offs per source
- Public records need turning into lead generation and skip-tracing workflows
- The data has to stay current - ongoing monitoring, not a one-time export
Where I'm genuinely hard to replace:
Protected sites and hidden APIs. Akamai, Cloudflare, DataDome, PerimeterX, reCaptcha, device fingerprinting. Mobile and web reverse engineering to reach hidden APIs when the protocol allows it - direct platform connections over headless browsers. And if a target is technically or legally not viable, I'll tell you that too, before you spend money.
Court and government platforms. Tyler Odyssey, Socrata, Granicus, Laserfiche, CivicPlus, ArcGIS and a few dozen more I've already mapped. Here's the thing most people miss: what looks like hundreds of different government websites is usually a handful of underlying platforms. On a recent project, 250+ government sites came down to 10 integrations. Build the adapter once and the same system covers an entire state. Your project starts further ahead because of every project before it.
Pipelines that stay alive. Monitoring, alerting, retries, data quality checks, AI-assisted classification where it makes sense. I've taken over plenty of projects where the previous solution worked great in the demo and died three weeks later.
Getting the data out is half the job. I also wire it into the systems your team already runs - CRM, database, sheets, scheduled reports (HubSpot, Postgres and the like) - so the pipeline ends where you actually work, not in a raw file.
Selected work:
- 150,000+ grocery products monitored every 2-5 hours across major UK retailers
- 125,000+ automotive parts synchronized daily from marketplaces behind enterprise anti-bot
- Court records pipeline detecting ownership distress signals across 225+ counties, feeding real estate acquisition workflows
- 100,000+ real estate listings deduplicated and merged with ownership, tax and valuation data for AVM workflows
- 96,000+ business entities extracted from government registries, classified by industry with LLMs, enriched with contact data
- 5,000+ municipal meetings scraped and analyzed with AI keyword intelligence across five government platforms; adding a new jurisdiction requires zero code changes
Not sure if your target is even extractable? Every project starts with a short feasibility check: I map the source, the protection layer and the realistic effort, so you know what is viable before committing to a build. If it cannot be done reliably (or legally), I tell you upfront and you spend nothing chasing it.
---
web scraping, data extraction, price monitoring, product data, catalog data, marketplace data, ecommerce data, competitor intelligence, real estate data, property data, real estate leads, mls data, foreclosure data, court records monitoring, government data, municipal data, foia, lead generation, b2b data, skip tracing, anti-bot bypass, bot detection, cloudflare, akamai, datadome, perimeterx, captcha solving, device fingerprinting, reverse engineering, hidden api, headless browser, proxy rotation, browser automation, data pipeline, scheduled extraction, data orchestration, etl pipeline, python, scrapy, playwright, postgresql, supabase, api integration, data normalization, data enrichment, data validation, document extraction, llm integration, demandstar, tyler odyssey, tyler energov, granicus, primegov, legistar, civicplus, laserfiche, accela, socrata, arcgis hub, ckan, opengov, clerk of courts, property appraisers.
Web Scraping
Data Extraction
Python
API Integration
ETL Pipeline
Browser Automation
Data Engineering
PostgreSQL
Real Estate
Lead Generation
Reverse Engineering
Scrapy
Real Estate Lead Generation
Web Crawling
Data Mining
Artificial Intelligence
Data Scraping
Automation
Selenium
Ecommerce
Mahesh T.
Bengaluru, India
$40/hr
5.0
127 jobs
🔐 Certified Penetration Tester | AWS & Azure Cloud Security | Incident Response Expert 🔐
I’m a results-driven cybersecurity specialist with 13+ years of experience securing cloud infrastructure, web applications, and enterprise environments. I help companies prevent breaches, mitigate risks, and ensure compliance through advanced security architecture and real-world offensive security skills.
🎯 What I Do:
✔️ Cloud Security Hardening – AWS (IAM, EC2, S3, VPC, RDS, Route 53) & Azure (VNET, NSGs, Azure Security Center, Defender)
✔️ Penetration Testing – Full-scope internal/external pentests, web/app/API testing, business logic abuse, OWASP Top 10
✔️ Vulnerability Assessments – Nessus, OpenVAS, Nmap, custom exploit validation, CVSS scoring & prioritization
✔️ Threat Detection & Response – Wazuh setup, real-time event correlation, SIEM deployment, log analysis
✔️ Security Architecture – Designing scalable, secure cloud solutions with strong IAM, encryption, and DR practices
✔️ Cloudflare Optimization – Harden DNS, implement WAF rulesets, rate-limiting, Zero Trust setup
✔️ Incident Response – Triage, forensics, log collection, remediation and recovery plans (NIST, MITRE ATT&CK aligned)
📌 Security Tools I Work With:
- **Offensive Security**: Burp Suite, Metasploit, Nmap, Hydra, SQLmap
- **Defensive Tools**: Wazuh, AWS GuardDuty, Azure Sentinel, Nessus, Suricata
- **Languages/Scripting**: Bash, PowerShell, HTML/JavaScript (for attack emulation & automation)
- **Frameworks/Standards**: OWASP, MITRE ATT&CK, NIST CSF, CIS Benchmarks
🛡️ Certifications:
- AWS Certified Security – Specialty
- Microsoft Certified: Azure Security Engineer Associate
- Licensed Penetration Tester (LPT) | Certified Penetration Testing Professional (CPENT)
- CEH, CCSK
📈 Highlights:
- $200K+ earned, 97% Job Success on Upwork
- 9,300+ hours across 90+ successful projects
- Trusted by startups, fintechs, and regulated industries (HIPAA, GDPR, SOC2)
I’m known for delivering real-world, **actionable security results** — not just checkbox audits. If you’re looking to **secure your infrastructure, detect threats faster, or simulate real-world attacks**, let’s connect!
Cloudflare
Kali Linux
Microsoft Azure
Security Testing
Vulnerability Assessment
Application Security
Security Analysis
Penetration Testing
Amazon Web Services
Information Security
Web App Penetration Testing
Security Assessment & Testing
Security Infrastructure
Information Security Consultation
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
“Upwork provides an umbrella-level of security. I can see a talent’s work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.”
KD
Kim Darling
Emerald Tiger
“Upwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.”
DM
David Merry
Kinetic Investments
“Our very specific requirements can be a challenge—With Upwork, we’re able to access a bigger community to ensure the success of our projects.”
KK
Katja Krohn
Summa Linguae
How do I hire a Hashing Specialist on Upwork?
You can hire a Hashing Specialist on Upwork in four simple steps:
Create a job post tailored to your Hashing Specialist project scope. We’ll walk you through the process step by step.
Browse top Hashing Specialist talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Hashing Specialist profiles and interview.
Hire the right Hashing Specialist for your project from Upwork, the world’s largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Hashing Specialist?
Rates charged by Hashing Specialists on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Hashing Specialist on Upwork?
As the world’s work marketplace, we connect highly-skilled freelance Hashing Specialists and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Hashing Specialist team you need to succeed.
Can I hire a Hashing Specialist within 24 hours on Upwork?
Depending on availability and the quality of your job post, it’s entirely possible to sign up for Upwork and receive Hashing Specialist proposals within 24 hours of posting a job description.