As a skilled and experienced ethical hacker and penetration tester, I bring a comprehensive understanding of cybersecurity to every project I take on. With a deep commitment to ethical practices and a dedication to helping clients protect their digital assets.
My approach is rooted in a thorough understanding of the latest trends and developments in the field, allowing me to identify and address vulnerabilities in even the most complex systems. Whether you need a comprehensive security audit, a targeted vulnerability assessment, or assistance with network security, I have the expertise to deliver results that meet your needs.
With a keen eye for detail and a natural ability to problem-solve, I am confident in my ability to secure your digital assets and protect your business from potential cyber attacks. By working closely with you to understand your unique needs and goals, I can develop a customized solution that meets your specific requirements.
If you're looking for a professional and experienced ethical hacker and penetration tester to help safeguard your digital assets, I would be honored to have the opportunity to work with you.
Penetration Testing
Encryption
Ethical Hacking
Information Security
Network Security
Vulnerability Assessment
Web App Penetration Testing
Malware Removal
Wireshark
Web Application Security
Social Engineering Assessment
WordPress Malware Removal
Network Administration
cPanel
Data Analytics
Foysal H.
Dhaka, Bangladesh
$29/hr
5.0
51 jobs
I help startups, SaaS companies, fintech organizations, healthcare providers, and enterprises identify and eliminate security vulnerabilities before they become data breaches.
With 10+ years of offensive security experience and more than 200 successful penetration testing engagements, I provide manual, risk-focused security assessments that uncover vulnerabilities automated scanners often miss.
My assessments follow industry-recognized methodologies, including OWASP Testing Guide, OWASP ASVS, OWASP MASVS, PTES, NIST SP 800-115, and MITRE ATT&CK, delivering actionable findings that improve your security posture and support compliance initiatives.
Core Expertise
• Web Application Penetration Testing (OWASP Top 10)
• API Security Testing (REST, GraphQL, SOAP)
• Mobile Application Security (Android & iOS)
• Network Penetration Testing (Internal & External)
• Active Directory Security Assessments
• Cloud Security Reviews (AWS, Azure & Google Cloud)
• Authentication & Authorization Testing
• Business Logic Vulnerability Assessment
• LLM/AI Application Security Assessment
• Red Team & Adversary Simulation
• Secure Configuration Reviews
Industries Served
• Financial Services & FinTech
• Healthcare
• SaaS Platforms
• E-commerce
• Government
• Telecommunications
Deliverables
Every engagement includes:
✔ Executive Summary for management
✔ Detailed technical report
✔ CVSS-based risk ratings
✔ Step-by-step Proof of Concept
✔ Remediation guidance
✔ Security consultation
✔ Complimentary revalidation after remediation
Compliance Support
My assessments help organizations prepare for or strengthen compliance with:
• ISO 27001
• SOC 2
• PCI DSS
• HIPAA
• OWASP
Certifications
OSCP+ •OSCP• CREST • LPT Master • CRTP • C|PENT • CEH • ISO 27001 Lead Auditor and Lead Implementor
I believe penetration testing should provide clear business value—not just vulnerability lists. Every assessment is tailored to your environment, your threat model, and your compliance requirements, with practical recommendations your team can act on immediately.
If you're planning a new product launch, preparing for an audit, or simply want confidence in your security posture, let's discuss your scope. I'll provide a clear testing plan, timeline, and deliverables before the engagement begins.
Penetration Testing
Ethical Hacking
Information Security
Network Penetration Testing
Vulnerability Assessment
Web App Penetration Testing
Cryptography
Cybersecurity Tool
Kali Linux
Governance, Risk Management & Compliance
AI Governance
OWASP
Security Testing
ISO 27001
Red Team Assessment
AI Security
Application Security
Security Operation Center
Digital Forensics
Md.Repon H.
Kushtia, Bangladesh
$25/hr
4.9
114 jobs
I am a certified cybersecurity professional specializing in Penetration Testing, VAPT, and Digital Forensics with extensive hands-on experience securing Web, Mobile, API, Network, and Server environments.
I help businesses identify real-world vulnerabilities, investigate cyber incidents, recover critical evidence, and strengthen their overall security posture with clear, actionable, and professional reports.
🛡️ Penetration Testing & VAPT Services
I provide manual + automated security assessments with detailed findings, including:
✔️ Web Application Penetration Testing (OWASP Top 10, 4000+ vulnerability checks)
✔️API Security Testing (REST, GraphQL, SOAP)
✔️ Mobile Application Security (Android & iOS)
✔️Network Penetration Testing (Internal & External)
✔️Active Directory Security Assessments
✔️Cloud Security Reviews (AWS, Azure & Google Cloud)
✔️Authentication & Authorization Testing
✔️Business Logic Vulnerability Assessment
✔️LLM/AI Application Security Assessment
✔️ Red Team & Adversary Simulation
✔️ Secure Configuration Reviews
🕵️♂️ Digital Forensics & Cybercrime Investigation
✔️ Cybercrime Investigations & Incident Response
✔️ Malware Analysis
✔️ Data Recovery (deleted/corrupted files)
✔️ Forensic Imaging & Analysis (.E01, .RAW, .IMG, .OVA, etc.)
✔️ Log Analysis & Timeline Reconstruction
✔️ Email Fraud, Phishing & Spoof Analysis
✔️ Corporate Cybersecurity Consultation
✔️ Professional Forensic Reporting for Legal Use
📄 Document Authenticity & Tampering Detection
Physical Documents:
✔️ Ink & Paper Analysis
✔️ Watermarks, Indentations, Aging Patterns
✔️ Detection of Erasures, Alterations & Page Substitution
Digital Documents:
✔️ Metadata Examination
✔️ File Signature Analysis
✔️ Detection of Hidden or Modified Content
Handwriting & Signature Verification:
✔️ Pattern & Stroke Analysis
✔️ Comparison with Known Samples
💬 Have Questions?
Feel free to message me — I reply quickly and provide free initial consultation.
Penetration Testing
Information Security
Network Security
Vulnerability Assessment
WordPress
Virus Removal
Web Application Security
Malware Removal
Digital Forensics
Kali Linux
System Security
Cybersecurity Tool
WordPress Malware Removal
Security Analysis
Metadata
NAHID M.
Nabinagar, Bangladesh
$15/hr
5.0
8 jobs
I have conducted and led hundreds of security audits, penetration tests and red team engagements for a variety of companies, ranging from multinational corporations with thousands of hosts in scope to startups or small clients that want to have an edge over their competition security-wise.
My day-to-day job is that of an ethical hacker, which has allowed me to amass great hands-on experience in the field of Penetration Testing, Cyber Security and Vulnerability Assessment, and to have a great understanding of the most widespread and modern technology stacks currently in use around the globe and their flaws from a security standpoint.
I am able to provide the following services:
✅ Penetration Testing Engagement ✅
This includes both thorough manual testing of all functionalities and automated testing for all websites, applications, servers or infrastructure included in the scope of work, using both professional enterprise grade software such as BurpSuite Professional and Nessus and also personal scripts and tools gathered over past engagements. This services extends as well to internal penetration tests and network infrastructure testing as well.
✅ Professional Report & Statistics ✅
Detailed report explaining step-by-step the exploitation and discovery method of each and every vulnerability discovered. Proof-of-Concept screen captures, full requests and responses, CVSS v3.0 standardised risk score, impact and ownership included.
✅ Remediation Advice & Guidance ✅
Remediation advice regarding all security issues discovered, how to fix them and warnings associated with the impact and risk of these vulnerabilities.
✅ Asset Discovery ✅
Through both active and passive methods, I can help you asses how big your digital footprint is on the internet and what is the attack platform visible from an outsider threat perspective. This includes subdomain enumeration and service/port discovery.
✅ Free Checkup ✅
Included in the price will be a checkup/retest of all aforementioned vulnerabilities present in the report in order to ensure that the implemented security controls and/or fixes are working as intended and that there is no other way to bypass them or exploit that vulnerability any longer.
✅ OSINT Reconnaissance ✅
Gathering of all valuable data pertaining to your company available on the internet. This includes any breached email addresses and related passwords available in cleartext on the internet, usually being traded on the dark web. Full access to over 4 billion records of personally curated lists of such information will help you to asses how vulnerable you are and what passwords need to be changed as soon as possible.
✅ Briefing ✅
I am available for calls/meetings discussing what the Scope of Work will be, where the focus of the penetration testing engagement will be, if all subdomains need to be included, if you want a black-box type of engagement or a white-box engagement, if accounts will be required, preferred hours for load testing and any other guidance your company would require if this is the first penetration test engagement that you are doing.
✅ Debriefing ✅
I am available for calls/meetings after the penetration test is completed in order to discuss with you the results of the engagement, what the main issues were and what my concerns regarding the security of your company are. This includes any further clarification regarding any vulnerability and the impact/risk associated with it.
Penetration Testing
Ethical Hacking
Network Penetration Testing
Application
Testing
Website
Software Testing
Cyber Threat Intelligence
Security Testing
Digital Forensics
Cybersecurity Management
Web Application Security
WordPress Security
QA Testing
QA Software & Testing Tools
Md Shohel R.
Khulna, Bangladesh
$80/hr
4.6
57 jobs
✅ Top Rated Plus Expert ✅ 8,300+ Hours ✅ Certified Professional Penetration Tester
Certifications :
🏅 OSCP (Offensive Security Certified Professional)
🏅 ISO 27001:2022 Lead Auditor
🏅 eCPPT (Certified Professional Penetration Tester)
🏅 eWPTX (Web Application Penetration Tester Extreme)
🏅 CEH (Certified Ethical Hacker)
To whom it may concern,
With over 6900+ hours of hands-on experience and more than 300+ successful Penetration Tests and Security Assessments, I bring a wealth of expertise to every project. My focus has been on Web, Network and Mobile (Android and iOS) applications, especially within the finance sector, using a variety of technologies and frameworks. My experience also extends to server security testing and hardening.
I take pride in delivering detailed, professional reports that meet and exceed compliance audit requirements. These reports outline every vulnerability discovered, along with practical, actionable solutions. Sample reports can be provided upon request.
Consider me an extension of your internal team dedicated to ensuring the highest standards of security for your organization. I respond promptly to your needs and work tirelessly to safeguard your systems.
Core Services:
✓ Web Application Penetration Testing (OWASP TOP 10 based)
✓ Mobile (Android and iOS) Applications Penetration Testing
✓ Network Penetration Testing
✓ API Penetration Testing
✓ Cloud Security Assessment
✓ External Penetration Testing
✓ Internal Penetration Testing
✓ Security Hardening
✓ Phishing Simulations
✓ Security Risk Assessment
✓ Security Policy Assessment
✓ Security Training
Methodologies and Frameworks:
✓ OWASP TOP 10
✓ OSSTMM
✓ NIST
✓ PTES
✓ PCIDSS
✓ ISO 27001
✓ CIS
✓ MITRE ATT&CK®
Pentesting Tools: BurpSuite Professional, Nessus, Acunetix, Nmap, Metasploit, Mimikatz, MobSF, Sqlmap, John the Ripper, Kali Linux, Wireshark, Hashcat, Python Framework
I’m here to help your company achieve the best in security, ensuring your applications and networks are fortified against threats.
Penetration Testing
Firewall
Information Security
Network Penetration Testing
Network Security
Vulnerability Assessment
Page Speed Optimization
Linux System Administration
WordPress Malware Removal
Information Security Audit
Web Application Security
Web Application Firewall
Information Security Consultation
Cloud Security Framework
Mobile App Testing
GM Salman A M.
Satkhira, Bangladesh
$30/hr
5.0
56 jobs
🚨 If your application, SaaS platform, or cloud environment has never undergone a professional security assessment, you may have unknown vulnerabilities that attackers can exploit.
I’m a Certified Penetration Tester and Ethical Hacker providing Vulnerability Assessment and Penetration testing (VAPT) services for web applications, APIs, cloud infrastructure, mobile apps, SaaS platforms, and network environments. My goal is not just to find vulnerabilities — but to help you understand real security risks and fix them effectively.
I perform manual penetration testing supported by professional security tools to identify exploitable weaknesses such as authentication flaws, privilege escalation paths, injection vulnerabilities, and business logic issues.
You will receive a clear and actionable security report that helps developers resolve issues and allows management to understand the real business impact.
🎯 My Services
- Vulnerability Assessment & Penetration Testing (VAPT)
- Web Application Penetration Testing (OWASP Top 10)
- API Penetration Testing (REST, GraphQL, authentication flaws, IDOR, injection)
- Cloud Infrastructure Security (AWS, Azure — misconfigurations, IAM, exposed services)
- Network Penetration Testing (internal & external)
- Mobile Application Security (Android & iOS)
- SaaS Platform Security & Penetration Testing (multi-tenant logic, RBAC, privilege escalation)
- CMS Security (WordPress, Laravel, custom apps)
- Retesting after remediation
📋 What You Will Receive
A clear, structured security report designed for both technical teams and business stakeholders, including:
• Executive summary for management and decision-makers
• Detailed vulnerability findings with severity ratings
• CVSS scoring and risk prioritization
• Proof-of-concept evidence (screenshots, request/response captures)
• Business impact explanation for each issue
• Step-by-step remediation guidance for developers
• Retesting validation after fixes are applied
• Reporting that can support ISO 27001 and SOC 2 compliance preparation
🏆 Certifications
- Certified Ethical Hacker Practical — EC-Council
- eLearnSecurity Junior Penetration Tester (eJPT) — INE
- Certified API Penetration Tester — APISec University
- IBM Cybersecurity Analyst
- Cisco Verified Ethical Hacker
- ISO 27001:2022 Lead Auditor
🛠️ Tools I work with
Burp Suite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, MobSF, Wireshark, Postman, and custom Python/Bash scripts and so on.
Whether you're preparing for a security review, compliance audit, or investor due diligence, I can help you understand your attack surface and security risks.
📩 Send me your scope or asset list and I’ll help you determine the best testing approach.
Penetration Testing
Security Assessment & Testing
Ethical Hacking
Information Security
Network Penetration Testing
Vulnerability Assessment
Web App Penetration Testing
Malware Removal
Application Security
Cybersecurity Management
WordPress Malware Removal
Website Security
Web Application Security
System Administration
OWASP
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
“Upwork provides an umbrella-level of security. I can see a talent’s work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.”
KD
Kim Darling
Emerald Tiger
“Upwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.”
DM
David Merry
Kinetic Investments
“Our very specific requirements can be a challenge—With Upwork, we’re able to access a bigger community to ensure the success of our projects.”
KK
Katja Krohn
Summa Linguae
How do I hire a Penetration Tester in Bangladesh on Upwork?
You can hire a Penetration Tester in Bangladesh on Upwork in four simple steps:
Create a job post tailored to your Penetration Tester project scope. We'll walk you through the process step by step.
Browse top Penetration Tester talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Penetration Tester profiles and interview.
Hire the right Penetration Tester for your project from Upwork, the world's largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Penetration Tester?
Rates charged by Penetration Testers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Penetration Tester in Bangladesh on Upwork?
As the world's work marketplace, we connect highly-skilled freelance Penetration Testers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Penetration Tester team you need to succeed.
Can I hire a Penetration Tester in Bangladesh within 24 hours on Upwork?
Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Penetration Tester proposals within 24 hours of posting a job description.