Hire the Best Information Security Audit Freelancers
in India

Web Penetration Testing(OWASP Top 10 methodology) | Network Penetration testing | OWASP API Security | Mobile Vulnerability Assessment(iOS and Android) | Source Code Reviews(.Net, Java, PHP) | Vulnerability Assessment and Penetration Testing | SIEM team (Cloud(AWS and Azure) Security, File Integrity Monitoring and Event Monitoring, Endpoint Security and Encryption, Data Loss Prevention, Network Access Control, Threat Monitoring (Email Traffic and Malware Analysis), Privileged Access and Identity Management) Have 7+ years of experience in both black box and white box testing penetration testing. Perform VAPT (Vulnerability Assessment and Penetration Testing) services for web applications, networks, mobile; source code reviews; malware analysis; server hardening; and security analysis etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4); SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats. Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also, perform source code reviews for many technologies like Java, NET, PHP etc. Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls: * Configuration and Deployment Management Testing * Identity Management Testing * Authentication Testing * Authorization Testing * Session Management Testing * Input Validation Testing * Testing for Error Handling * Testing for weak Cryptography * Business Logic Testing * Client Side Testing Tools that use for Automated Web Penetration Testing: Acunetix, Burp-Suite, Netsparker, Nexpose, Nikto, IBM AppScan, HP fortify, W3af etc. Network penetration testing: Provide both external and internal network Penetration Testing so that your Network Infrastructure is secured from the real world attacks. Do both manual and automated network penetration testing. Approach for Manual Network Penetration Testing: Manually check for IDS/IPS, Server, Networks switch, Network Router, VPN, Firewalls, Anti-virus, Password etc. Tools that use for automated network penetration testing: OpenVas, Wireshark, Nessus, Metasploit, Armitage, Scapy etc. Mobile Application Penetration Testing: Perform mobile applications application penetration testing with the latest OWASP methodology(MSTG). Performed both manual and automated penetration testing for vulnerabilities like Weak Server Side Controls, Insecure Data Storage, Insufficient Transport Layer Protection, Unintended Data Leakage, Poor Authorization and Authentication, Broken Cryptography, Client Side Injection, Security Decisions Via Untrusted Inputs, Improper Session Handling, Lack of Binary Protections. Tools: Burp-Suite, HP fortify, Dex2Jar, Apktool, framework-res.apk, iNalyzer. Source Code Reviews: Perform source code reviews for both front and back-end languages. Perform source code reviews standard methodology like OWASP top 10. Do manual and automated source code reviews for various web based security vulnerabilities like SQL injection, Cross site scripting (XSS), CSRF, RFI,LFI, Authentication bypass etc. Tools: CheckMarx, IBM Appscan source for analysis, Microfocus HP Fortify. Security Analysis and Server Hardening: Regularly check and maintain your systems, servers to ensure that they comply with the standards. Do hardening application checks the item automatically on a daily basis and monitors all critical networks and server components. We support various frameworks like CIS benchmarking for Desktops & Web Browsers, Mobile Devices, Network Devices, Servers – Operating Systems, Virtualization Platforms & Cloud etc. Social Engineering: Have experience in social engineering vectors: Vishing, Phishing, Smishing, Impersonation. Used the following social engineering cycle to conduct social engineering: Gather Information: Here Information gathered from company websites, social media and other publications. Plan Attack: Next step is outline how intends to execute the attack Acquire Tools: After planning, next include computer programs that an attacker will use when launching the attack. Attack: Exploit the weaknesses in the target system. Use acquired knowledge: Information gathered during the social engineering tactics is used in attacks such as password guessing. Tools: SET(Kali-Linux); GetGoPhish

TOP RATED Freelancer | 10+ Years of Experience | Your Trusted Compliance Partner 70+ clients served all with 5 * ratings They call me "Mr. Compliance"—and for good reason. While you focus on growing your business, I take care of everything compliance-related, ensuring you meet industry standards and win more deals with confidence. Whether it's SOC 2, ISO 27001, HIPAA, PCI DSS, CMMC, or FedRAMP, I make compliance effortless so you can unlock new opportunities without the hassle. Why Clients Trust Me: - Seamless Compliance: I simplify audits, security assessments, and certifications—no stress, no delays. - Growth-Driven Compliance: Compliance isn’t just a checkbox; it’s a competitive advantage. I help shorten sales cycles by getting you audit-ready fast. - End-to-End Support: From policies to risk assessments, vendor due diligence, and security questionnaires—I handle it all. - vCISO Services: Need expert guidance but not ready for a full-time CISO? I offer affordable virtual CISO (vCISO) solutions tailored to your business. - Security Strategy & TPRM: Managing third-party risks? Struggling with cloud or endpoint security? I’ve got you covered. - Maximizing Compliance Tools: Already using Vanta, Drata, Hyperproof, or Scrut but unsure what’s next? Let’s optimize your investment. Proactive, not reactive. I don’t just tick boxes—I future-proof your security and compliance programs. ** Tools & Frameworks: 🔹 Tools Expertise: JIRA, Vanta, Hyperproof, Drata, ServiceNow, AWS, Confluence, Archer, Scrut Automation 🔹 Compliance Frameworks: ISO 27001, SOC 2, FedRAMP, NIST, HIPAA, PCI-DSS, CMMC, TPRM, and more 📢 Ready to Make Compliance Work for You? Click "Invite" to connect, and let's build a stronger, more secure, and audit-ready business together. ⚠️ Note: If you're not fully committed to compliance or tend to be unresponsive, I may not be the right fit. I prioritize working with businesses serious about security and compliance success.

I am an accomplished risk management professional with extensive experience managing Third Party risk management (TPRM) from onboarding to offboarding of all vendors, Vendor risk management covering Cyber Security, Data Privacy and Information security, Risk management, Risk assessment, Designing TPRM framework, Third Party, Risk Assurance, Contract Review/Due Diligence, Procurement Governance/Assurance Review, Project Management, Stakeholder management, My expertise spans across designing and implementing comprehensive TPRM frameworks, overseeing risk assessments, and managing vendor-related activities. Core Competencies: a) Third-Party Risk Management (TPRM): I lead and oversee the entire risk assessment and due diligence process for third-party vendors. This includes managing the onboarding processes and checklists to ensure thorough risk evaluations. I design and implement detailed TPRM project plans, outlining tasks, timelines, and milestones to ensure effective risk management. b) Vendor and Contract Management: My role involves handling contract management processes for hardware and software, including new contracts, amendments, and renewals. I coordinate with external vendors, internal stakeholders, and legal teams to ensure timely contract execution and issue resolution. c) Stakeholder Engagement: I engage with key stakeholders from various departments and external vendors to ensure smooth communication and collaboration throughout the risk management process. I manage expectations and provide direction on risk assessments and non-compliance issues. d) Risk Assessment and Audits: I conduct comprehensive risk assessments and audits focusing on people, processes, and technology. My work includes identifying gaps, risks, and opportunities for improvement, and providing recommendations for enhancing policies and standards. e) Reporting and Process Improvement: I create regular reports on the status of third-party assessments, highlighting roadblocks and key issues to management and stakeholders. I have successfully implemented process improvements, such as transitioning quarterly scorecard activities from manual processes to Google Forms to minimize errors and enhance efficiency. f) Team Leadership and Development: I lead and develop teams of TPRM specialists and consultants, providing knowledge sharing, training, and motivation. I manage projects, stakeholder presentations, and client relationships to drive successful outcomes.

TOP-Rated Plus Upwork Member. (Top 3%) We are a Cyber Security Consulting firm operated by former government and Fortune 500 hackers. Our team has been inside networks big and small, from electrical grids to water facilities. No network is too complex for us. We have expertise helping and securing SaaS organizations. Our Services: - Penetration Testing: - ISO27001 - SOC2 - GDPR - HIPAA - Phishing Engagements - External Assessments Why Choose Us? Unmatched Expertise: Our team comprises international banks, SaaS applications and Fortune 500 clients who bring unparalleled skills and insights to every project. With hands-on experience in securing some of the most complex networks in the world, we possess a deep understanding of the cyber threat landscape and the tactics used by attackers. Results-Focused: We are dedicated to delivering actionable results. Our assessments and tests are designed to provide you with clear, practical recommendations that can be implemented to enhance your security posture. Our focus is on ensuring that your network is not only secure but also resilient against evolving threats. Our Certifications: Our team holds industry-leading certifications that validate our expertise and commitment to excellence: CEH: Certified Ethical Hacking CRTO (Certified Red Team Operator): Demonstrates our proficiency in performing advanced red team operations to identify and exploit vulnerabilities. CRTL (Certified Red Team Leader): Reflects our ability to lead and manage complex red team engagements with custom and secure infrastructure. Not even EDR will inhibit our performance so that way we can provide even greater impact. OSCP (Offensive Security Certified Professional): Highlights our skill in conducting thorough penetration tests and developing creative solutions to security challenges. At Ownux Global, we cater to enterprise but also to the startups, web application developers, offering a professional yet relaxed approach to cyber security. Our mission is to safeguard your digital assets with the highest level of expertise and dedication, providing you with peace of mind in an increasingly digital world. Ready to secure your network? Let’s get started. Contact us today to discuss how we can help protect your business from cyber threats.

Hi, I am an IT Advisor / Strategist with 25+ years of experience in IT. I work with organisations as a Fractional IT Head / vCISO to help them devise the IT strategy, implement robust IT security, build a powerful IT team and effectively manage IT operations. My International Certifications include ISO 27001 LA, ISO 27701 LA, CISA, AZ-104, SC-200 and AZ-700. I can help you with: 1. IT infrastructure strategy 2. M365 Security 3. IT cost optimisation 4. Penetration testing and vulnerability assessment 5. Web and Database server administration 6. CMMC Level 1 / 2 assessment, documentation and implementation 7. ISO 27001 / 27701 implementation and audit 8. Linux / Ubuntu Administration 9. Windows Server Administration 10. Basic IT operations and much more....

Need an AI/LLM application pentested before launch? I'm a CREST-registered, OSCP-certified penetration tester currently doing product security at HackerOne. In the last 7 years I've found vulnerabilities reported in the Hall of Fame at SkyScanner, Under Armour, Western Union, Binance, and Intel. AI/ML Security Specialist & Senior Penetration Tester | OSCP • CREST CRT • CREST CPSA • ISC2 CC • ISO 27001 LA | 7+ Years | Currently Product Security @ HackerOne I help AI startups and SaaS companies ship products that don't get breached. My focus: securing LLM applications, MCP servers, agentic systems, and the REST/GraphQL APIs that power them — using the same offensive playbook that earned me Hall of Fame recognition from SkyScanner, Under Armour, Redox, Western Union, Indeed, Binance, and Intel. ━━━━━━━━━━━━━━━━━━━━━━ AI / ML SECURITY (PRIMARY) ━━━━━━━━━━━━━━━━━━━━━━ ✅ LLM Vulnerability Assessments aligned with OWASP Top 10 for LLM Applications (2025) — prompt injection, sensitive info disclosure, supply-chain, data/model poisoning, improper output handling, excessive agency, system prompt leakage, vector/embedding flaws, misinformation, unbounded consumption ✅ AI Red Teaming using PyRIT, Garak, DeepTeam, PentAGI, Strix — single-turn + multi-turn jailbreaks, indirect injection, tool-poisoning, RAG poisoning ✅ Model Context Protocol (MCP) Security — auditing MCP servers/clients for tool poisoning, OAuth/token theft, command-injection (CVE-2025-6514, CVE-2025-49596 class issues), capability-confusion, and STDIO RCE patterns ✅ Threat Modeling for Generative AI mapped to MITRE ATLAS + NIST AI RMF + OWASP Agentic AI Top 10 (Dec 2025) ✅ MLSecOps & AI Security in CI/CD — automated red-team pipelines via N8N, Nuclei, ars0n framework, OWASP Nettacker, integrated into GitHub Actions/GitLab/Jenkins so every model + prompt change is tested before merge ━━━━━━━━━━━━━━━━━━━━━━ TRADITIONAL VAPT (SECONDARY) ━━━━━━━━━━━━━━━━━━━━━━ ✅ Web App & API Penetration Testing — Django, FastAPI, NestJS, REST, GraphQL with Burp Suite Pro ✅ OWASP Top 10:2025 + OWASP API Top 10 — IDOR, SSRF, auth bypass, business-logic flaws, mass assignment, JWT/session attacks ✅ Mobile (Android/iOS), Network (internal/external), Cloud (AWS/Azure/GCP) pentesting ✅ Smart Contract Security Audits — Solidity, common DeFi attack patterns ✅ DevSecOps — SAST/DAST integration, WAF tuning, secure-SDLC consultation ━━━━━━━━━━━━━━━━━━━━━━ PROOF OF WORK ━━━━━━━━━━━━━━━━━━━━━━ - Hall of Fame: SkyScanner, Under Armour, Redox, Western Union, Indeed, Binance, Intel - Currently: Product Security Analyst @ HackerOne (the world's largest bug-bounty platform) - Active: Lead AI Product Security freelancer for a US-based AI startup building agentic LLM tooling - Certs: OSCP (offensive security), CREST CRT (UK gold-standard pentest), CREST CPSA, ISC2 CC, ISO 27001 LA ━━━━━━━━━━━━━━━━━━━━━━ WHAT YOU GET ━━━━━━━━━━━━━━━━━━━━━━ 1. A scoping call within 24 hours under NDA 2. Hybrid manual + automated testing (zero scanner-only "100-page PDF" reports) 3. Executive summary + technical findings, each with reproduction steps, CVSS, business impact, and developer-friendly remediation 4. Mapping to your compliance frameworks: SOC 2, ISO 27001, HIPAA, PCI-DSS, EU AI Act, NIST AI RMF 5. Free remediation re-test within 30 days — every finding re-validated until closure ━━━━━━━━━━━━━━━━━━━━━━ IDEAL CLIENTS ━━━━━━━━━━━━━━━━━━━━━━ 🚀 AI/ML startups shipping LLM apps, RAG systems, MCP servers, or agentic workflows that need a real adversary before launch or before SOC 2 🌐 SaaS / fintech / healthtech teams needing OWASP-aligned web + API VAPT with a clean, auditor-ready report If you're building with GPT-4o, Claude, Llama, Gemini, custom fine-tunes, LangChain, LangGraph, CrewAI, AutoGen, or MCP — and you need someone who actually breaks things instead of running a scanner — let's talk. 📩 Send your scope (and ideally a 1-line description of the LLM/agent stack). You'll get a tailored test plan within 24 hours. Keywords: AI Security, LLM Security, AI Red Teaming, AI Penetration Testing, GenAI Security, Prompt Injection Testing, Jailbreak Testing, MCP Security, Model Context Protocol Audit, MLSecOps, OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, Agentic AI Security, RAG Security, Vector Database Security, Penetration Testing, VAPT, Web Application Penetration Testing, API Penetration Testing, REST API Security, GraphQL Security, Burp Suite Pro, OWASP Top 10, Mobile Pentest, Cloud Security AWS Azure GCP, Smart Contract Audit, DevSecOps, SAST DAST, OSCP, CREST CRT.