Hi, I’m Martin — a Principal Penetration Tester with over 13 years of hands-on experience (since 2011). I’ve delivered high-impact security assessments for clients ranging from innovative startups to global enterprises across the UK, Europe, East Asia, and the Middle East.
My expertise spans the full spectrum of offensive security, including:
• Web Application Penetration Testing
• Mobile Application Penetration Testing
• API Penetration Testing (REST, SOAP, GraphQL)
• Thick Client & Desktop Application Testing
• External & Internal Infrastructure Penetration Testing
• Cloud Security Assessments (AWS, Azure, Office 365)
• Red Team Operations & Simulated Phishing
• Wireless Assessments, IoT Security, and Embedded Hardware
• Server & Workstation Build Reviews
• Mobile Device & MDM Testing
• Network Device Security Reviews
What sets me apart is my depth of experience combined with a relentless, methodical approach. As a Tigerscheme and CREST certified penetration tester, I stay at the forefront of evolving threats and techniques. I don’t just find vulnerabilities
I provide clear, actionable insights that help organisations meaningfully strengthen their security posture.
In addition to technical excellence, I’m a strong communicator who excels at translating complex findings into clear, business-relevant language. I work closely with clients to understand their unique risk landscape and deliver tailored testing programs that align with their objectives.
I run a professional, focused penetration testing company and take great pride in the quality of our deliverables. All engagements include comprehensive, high-standard reports (example reports available upon request). I am also a Cyber Essentials and Cyber Essentials Plus Assessor and work with a recognised certification body.
Top Rated on Upwork, I’m known for consistent quality, clear communication, and delivering real value. Whether you need infrastructure testing, web/mobile application assessments, API reviews, cloud configuration audits, or full Red Team exercises.
I’m here to help you identify and mitigate risks before attackers do.
Feel free to reach out, I would be happy to discuss how I can support your security needs.
Penetration Testing
Security Assessment & Testing
Ethical Hacking
Information Security
Vulnerability Assessment
Web App Penetration Testing
Cybersecurity Management
Security Infrastructure
Security Analysis
Web Application Security
Security Testing
Cloud Security
WordPress
Certified Information Systems Security Professional
Website Security
Saqlain N.
Hounslow, United Kingdom
$45/hr
4.6
51 jobs
🔐 Is your Azure or Microsoft 365 tenant secure or just configured?
Many businesses only discover Conditional Access gaps, over-permissive roles, exposed service principals, weak MFA settings, or misused managed identities after an incident. I help you find and fix those risks before they affect your business, users, or data.
I am a UK-educated Cloud Security Consultant specialising in Microsoft Azure, Entra ID, Microsoft 365 security, IAM, conditional access, RBAC, Microsoft Defender for Cloud, and cloud security hardening.
📌 My approach is attack-informed. I review your cloud environment the way an attacker would approach it, then turn those findings into clear, practical, prioritised remediation steps. You will not receive a generic checklist or raw tool output. You will receive security guidance your team can understand, implement, and maintain.
✅ What you will receive:
- Azure and Microsoft 365 security findings
- Risk-rated technical and business impact
- Prioritised remediation roadmap
- IAM, RBAC, Conditional Access, and identity security recommendations
- Cloud hardening guidance aligned with MCSB, CIS Benchmarks, and MITRE ATT&CK for Cloud
- Executive summary plus technical report for your team
☁️ Cloud security services:
- Azure Security Assessment and Hardening
- Microsoft 365 Tenant Security Review
- Entra ID / Azure AD Configuration Review
- Conditional Access Policy Audit and Design
- IAM, RBAC, Service Principal, and Managed Identity Review
- Microsoft Defender for Cloud Configuration Review
- Microsoft Sentinel Readiness Review
- Cloud Attack Path Analysis and Remediation
- Cloud Security Posture Review
- Zero Trust Guidance for Azure and Microsoft 365
- Cloud Incident Response Readiness Review
📜Certifications and background:
- Certified Azure Red Team Professional, Altered Security
- Certificate of Cloud Security Knowledge v5, Cloud Security Alliance
- Microsoft Certified: Azure Fundamentals
- Microsoft Azure Security Engineer
- Junior Penetration Tester eJPTv2, INE Security
- MSc Cyber Security and Digital Forensics, University of Westminster
🤝 Clients work with me because I combine cloud security knowledge with offensive security thinking. That means my recommendations are not just based on compliance requirements, but on the real paths attackers use to move through Azure and Microsoft 365 environments.
❗ If you are worried about cloud misconfigurations, Microsoft 365 security gaps, weak identity controls, or unclear Azure risks, send me a message. I will review your situation confidentially and recommend the most practical next step to keep your business and data secure.
Penetration Testing
Ethical Hacking
Information Security
Network Penetration Testing
Vulnerability Assessment
Kali Linux
Digital Forensics
Investigative Reporting
Due Diligence
Microsoft Azure
Online Research
Cloud Security
Python
Fraud Mitigation
Red Team Assessment
Incident Response Plan
Information Security Threat Mitigation
Information Security Audit
Governance, Risk & Compliance Software
Rafay B.
London, United Kingdom
$100/hr
4.9
83 jobs
I am a globally acclaimed Cyber security consultant and Internet Security Specialist with a proven track record in security engineering and discovering Critical Zero Day Security Issues in a significant number of Web Applications, Products and Browsers which have helped protecting Privacy and Security of millions of users globally. My research on Cyber Security has been featured in BBC, Forbes, WSJ, Tech Crunch and many International media outlets. My mission is to fortify your digital defenses by harnessing the power of cutting-edge AI/ML technologies.
I currently hold the following educational degrees and certifications:
✅ Masters in Cyber-Security and Forensics
✅ Certified Information Systems Security Professional (CISSP)
✅ Certified Information Security Auditor (CISA)
✅ Offensive Security Certified Professional (OSCP)
✅ CREST Practitioner Security Analyst (CPSA)
✅ Offensive Security Web Expert (OSWE)
✅Offensive Security Wireless Professional (OSWP)
Security/Compliance Frameworks:
ISO 27001, SOC2, PCI-DSS, HIPAA, NY DFS 23/ NYCRR Part 500, NIST, CIS, GDPR, HIPAA, FedRAMP, NIST 800-53, NIST 800-171, NIS2, DORA
Services I Offer:
Penetration Testing
Vulnerability Assessment
PCI-DSS SAQ Filing + ASV
PCI compliance assessment
Cloud Security (AWS, Azure and GCP)
Red Teaming Assessment
Threat Modelling
Security Architecture Review
Web 3.0 Wallet Security
Smart Contract Audits
Cloudflare WAF Protection
DDOS Protection Expert
Bot Protection Expert
Penetration Testing
Firewall
Network Security
Web App Penetration Testing
Cybersecurity Management
NIST Cybersecurity Framework
Web Application Audit
Cloud Security
ISO 27001
GDPR Compliance Review
PCI DSS
NIST SP 800-53
SOC 2
WordPress Security
Website Security
Peter O.
Leigh, United Kingdom
$25/hr
5.0
5 jobs
Experienced and results-driven Penetration tester/Cybersecurity Engineer with over 8 years of industry expertise. Proficient in orchestrating and executing comprehensive solutions, specialising in web application, mobile application, and network penetration testing. OSCP certified (Offensive Security Certified Professional), demonstrating mastery in offensive security techniques and strategies to enhance your cybersecurity framework.
Licenses & Certifications
CREST Registered Tester (CREST CRT): ☑
Offensive Security Certified Professional (OSCP): ☑
EC-Council Certified Security Analyst: Penetration Testing (ECSA): ☑
Cisco Certified Network Associate Routing and Switching (CCNA): ☑
Cisco Certified Network Associate Security (CCNA): ☑
CompTIA A+: ☑
CompTIA Network+: ☑
Microsoft Certified Technology Specialist (MCTS): ☑
Palo Alto Certified Network Security Engineer (PCNSE): ☑
Experience
Penetration Tester
Falanx Cyber, Reading, England (November 2021 - Present)
Performed manual penetration testing, both internally and externally
Delivered various security penetration testing assessments to a variety of clients in different industries
Performed formal and comprehensive application and infrastructure penetration testing assessments, following industry best practices
Performed vulnerability assessments and provided findings with remediation actions
Cyber Security Consultant
Tata Consultancy Services, London, England (September 2020 - November 2021)
Palo Alto Firewall Security projects
Palo Alto Cortex XDR host firewall management
Performed manual penetration testing, both internally and externally
Conducted log analysis
Delivered various security penetration testing assessments to a variety of clients in different industries
Performed formal and comprehensive application and infrastructure penetration testing assessments, following industry best practices
Performed vulnerability assessments and provided findings with remediation actions
Endpoint device security implementation
Responsible for creating network changes and liaising with the appropriate team for smooth delivery of the changes
Responsible for evaluating & troubleshooting the current Firewall rules on Palo Alto Firewalls as per Server Team requirement
Technical/Security Analyst
The Coop, Manchester, United Kingdom (October 2015 - September 2020)
Performed web application and network penetration tests
Analyzed security test results, concluded from results, and developed targeted testing as deemed necessary
Analysis of Wireshark output to identify suspicious traffics
Performed physical security reviews of networks, servers, and other network devices
Performed logical security control
Knowledge of cloud-based environments (Azure)
Performed penetration tests on computer systems, networks, and application
Created new testing methods to identify vulnerabilities
Responsible for day-to-day maintenance, Proactive and reactive support of Enterprise network
Responsible for evaluating & troubleshoot the current Firewall rules on Cisco ASA, Check Point & Palo Alto Firewalls as per Server Team requirement
Responsible for upgrading the networking and security device to the latest OS
Responsible for creating network changes and liaising with the appropriate team for smooth delivery of the changes
Responsible for day-to-day changes on the Cisco ASA, Check Point, and Palo Alto Firewalls in different Data Centers
Creating, Troubleshooting Security policy / NAT on the Cisco ASA, Check Point and Palo Alto, Security Devices
Provide aftercare for prepared/executed changes to get a desirable outcome
Assist in change execution in maintenance window using the service now Tools
Responsible for, installing, and supporting LANs, WANs, network segments, Internet, and intranet systems
Monitor networks via Solar winds to ensure security and availability to specific networks node
Determine network and system requirements
Maintain the integrity of the network, server deployment, and security
Ensure network connectivity throughout a company LAN/WAN infrastructure is on par with technical considerations
Key Skills
Penetration testing
Vulnerability management
Vulnerability assessment
Network testing
Active directory testing
OWASP Top 10
API security
Cloud security
Incident response
Risk assessment
Compliance
Security awareness training
Threat modeling
Security research
Ethical hacking
Penetration Testing
Network Penetration Testing
Vulnerability Assessment
Application Security
Source Code Scanning
Web API
Microsoft Active Directory
Web Application Security
Better Mobile Security Better
Security Management
Security Analysis
Secure SDLC
Brandyn M.
London, United Kingdom
$100/hr
5.0
3 jobs
I help founders and CTOs launch securely with confidence, guided by an industry-recognised expert in web, API & AI security.
CREST & OffSec certified Web App & API Penetration Tester. 10+ years experience, 200+ tests, 300+ responsible disclosures. I help founders understand what actually puts their product and users at risk, without drowning them in technical noise.
My approach goes far beyond a traditional penetration test - I give teams the clarity they need to deploy new applications, functionality and features to their customers without worrying about security.
🤝 Organizations I’ve helped secure:
𝐀𝐦𝐚𝐳𝐨𝐧
𝐀𝐖𝐒
𝐍𝐯𝐢𝐝𝐢𝐚
𝐓𝐢𝐝𝐞
𝐘𝐢𝐞𝐥𝐝𝐬𝐭𝐫𝐞𝐞𝐭
𝐒𝐭𝐫𝐢𝐩𝐞
𝐕𝐢𝐫𝐠𝐢𝐧 𝐌𝐞𝐝𝐢𝐚 𝐎𝟐
𝐃𝐫𝐨𝐩𝐳𝐨𝐧𝐞 𝐀𝐈
Services
🛡️ Web Application Penetration Testing
Manual, attacker-mindset testing to uncover real-world vulnerabilities and logic flaws, including VAPT testing.
🔗 API Penetration Testing (REST & GraphQL)
Auth flows, rate-limit bypass, schema misuse, injection paths, privilege escalation, and more.
🧪 SaaS Penetration Testing
Testing focused on multi-tenant risks, permission abuse, data exposure, and tenant isolation issues.
📦 SaaS Product Security Assessment
Comprehensive reviews for teams preparing for launch, onboarding customers, or SOC2 readiness.
🔎 OWASP Top 10 & SOC2-Aligned Web Application Security Reviews
Industry-standard testing aligned with compliance and enterprise expectations.
🔍 Manual Vulnerability Discovery
Deep human-led testing for IDOR, SSRF, XSS, BOLA, deserialization, logic flaws, and chained vulnerabilities.
Deliverables
📝 Executive summary: High-level overview of findings, risk, and how to address them.
📄 Finding overview: Clear, reproducible details for developers (risk, impact, steps to reproduce).
🛠️ Remediation steps: Concrete, prioritized fixes your team can implement immediately.
If you're preparing to launch and want a definitive understanding of your real-world security risks, let's talk.
Penetration Testing
Information Security
Web App Penetration Testing
AI Security
AI Consulting
Generative AI Prompt Engineering
LLM Prompt Engineering
Michael-Calum G.
Kings Hill, United Kingdom
$65/hr
5.0
2 jobs
Automated tools are necessary, but they aren't sufficient. To truly secure your application, you need a human tester who understands business logic and complex exploit chains.
I am a certified offensive security specialist focusing on Web Application and API penetration testing. I provide the manual verification required for SOC2, ISO 27001, and HIPAA compliance, ensuring your team doesn't waste time chasing false positives.
Core Competencies:
Manual Exploitation: Identifying logic flaws, privilege escalation, and IDORs that scanners cannot find.
Detailed Remediation: I speak your developers' language. My reports include reproduction steps (PoC) and code-level mitigation advice.
Compliance: Structured testing methodologies aligned with industry standards.
Certifications:
OSCP (Offensive Security Certified Professional)
CREST Registered Penetration Tester
BSCP (Burp Suite Certified Practitioner)
If you need a clear, actionable security assessment without the jargon, let's connect.
Security Assessment & Testing
Ethical Hacking
Information Security
Network Security
Vulnerability Assessment
Web App Penetration Testing
Web Application Security
Metasploit
OWASP
Linux
Python
Technical Writing
API
Nessus
C++
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
“Upwork provides an umbrella-level of security. I can see a talent’s work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.”
KD
Kim Darling
Emerald Tiger
“Upwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.”
DM
David Merry
Kinetic Investments
“Our very specific requirements can be a challenge—With Upwork, we’re able to access a bigger community to ensure the success of our projects.”
KK
Katja Krohn
Summa Linguae
How do I hire a Penetration Tester in the United Kingdom on Upwork?
You can hire a Penetration Tester in the United Kingdom on Upwork in four simple steps:
Create a job post tailored to your Penetration Tester project scope. We'll walk you through the process step by step.
Browse top Penetration Tester talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Penetration Tester profiles and interview.
Hire the right Penetration Tester for your project from Upwork, the world's largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Penetration Tester?
Rates charged by Penetration Testers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Penetration Tester in the United Kingdom on Upwork?
As the world's work marketplace, we connect highly-skilled freelance Penetration Testers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Penetration Tester team you need to succeed.
Can I hire a Penetration Tester in the United Kingdom within 24 hours on Upwork?
Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Penetration Tester proposals within 24 hours of posting a job description.
Find more freelancers
Top cities for Penetration Testers in the United Kingdom