I help SaaS companies, and enterprises identify critical security vulnerabilities before they become costly breaches, compliance issues, or business disruptions.
As an Application Security Consultant and Penetration Tester, I specialize in uncovering real-world security weaknesses across web applications, APIs, network infrastructure, cloud environments, and modern technology platforms. My goal is not only to identify vulnerabilities but also to help organizations understand their security risks, prioritize remediation efforts, and strengthen their overall security posture.
I have worked on security assessments involving enterprise applications, banking platforms, healthcare systems, cloud infrastructures, and business-critical applications. My experience includes identifying authentication flaws, access control weaknesses, business logic vulnerabilities, network misconfigurations, cloud security gaps, API security issues, and attack paths that automated scanners frequently miss.
Core Security Services
• Web Application Penetration Testing (OWASP Top 10 & Business Logic Testing)
• API Security Testing (REST & GraphQL)
• Network & Infrastructure Security Testing
• Cloud Security Assessments (AWS)
• Red Team Operations & Adversary Simulation
• AI / LLM Security Testing
• Vulnerability Assessment & Risk Analysis
• Security Architecture Review
• Email Security Implementation (SPF, DKIM & DMARC)
What You Can Expect
• Comprehensive Manual Security Testing
• Detailed Vulnerability Reports
• Proof-of-Concept Validation
• Risk-Based Prioritization
• Clear Remediation Guidance
• Remediation Validation & Retesting
• Executive and Technical Reporting
Tools & Technologies
• Burp Suite Professional
• Nmap
• Metasploit Framework
• Nessus
• OWASP ZAP
• Wireshark
• SQLMap
• AWS Security Tools
• Kali Linux
Long-Term Security Partnership
Many organizations engage me beyond a single penetration test. I work with clients on recurring security assessments, monthly security reviews, remediation verification, secure development guidance, and continuous security improvement initiatives.
Whether you need a one-time security assessment or a long-term security partner, I focus on delivering actionable security insights that help protect your applications, infrastructure, customers, and reputation.
If you are looking for a security professional who can think like an attacker and provide practical, business-focused security recommendations, I would be happy to discuss your project.
Penetration Testing
Ethical Hacking
Information Security
Network Penetration Testing
Network Security
Vulnerability Assessment
Web Application Security
OWASP
API Testing
Metasploit
Cloud Security
Cybersecurity Tool
Security Testing
Application Security
Red Team Assessment
Sachin G.
Agra, India
$12/hr
5.0
5 jobs
I am a professional Penetration Tester with 3+ years of hands-on experience in securing Web Applications, Mobile Applications, and APIs. I specialize in identifying critical security vulnerabilities and helping businesses prevent real-world cyber attacks by following OWASP Top 10 and advanced testing methodologies.
I have actively worked with startups and real-world applications, performing in-depth Vulnerability Assessment and Penetration Testing (VAPT) using industry-standard tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, and manual testing techniques.
I am also an active Bug Bounty Hunter on HackerOne and Bugcrowd, where I have earned multiple bounties and received Hall of Fame recognitions. Additionally, I have been featured twice by NCIIPC as one of the “Top 15 Cybersecurity Researchers in India,” which reflects my practical expertise in finding high-impact vulnerabilities.
What you can expect from me:
✔ Complete VAPT based on OWASP methodology
✔ Detailed professional report with Proof of Concept (PoC)
✔ CVSS scoring and risk classification
✔ Step-by-step remediation guidance
✔ Free retesting support after fixes
My goal is not just to find vulnerabilities, but to help you fix them and strengthen your application's overall security.
Let’s work together to secure your application before attackers find the gaps.
Penetration Testing
Ethical Hacking
Information Security
Vulnerability Assessment
Web App Penetration Testing
OWASP
Bug Bounty
Cybersecurity Management
Mobile App Testing
API Testing
Metasploit
Security Testing
Web Application Security
Steffin S.
Kozhikode, India
$30/hr
4.8
205 jobs
OSCP & CREST-certified Penetration Tester helping SaaS companies, startups, e-commerce platforms, and enterprise teams find real, exploitable security weaknesses before attackers do.
I provide manual-first penetration testing for Web Applications, APIs, Mobile Apps, Networks, Active Directory environments, Infrastructure, and Thick Client/Desktop Applications. My focus is not just finding vulnerabilities, but validating real-world exploitability, explaining business impact, and giving your developers clear remediation guidance they can actually apply.
🔎 Core services I provide:
• Web Application Penetration Testing
• API Security Testing
• Mobile Application Penetration Testing for Android and iOS
• External Network Penetration Testing
• Internal Network & Active Directory Security Assessment
• Thick Client / Windows Desktop Application Testing
• OWASP Top 10 & OWASP WSTG-Based Security Testing
• Vulnerability Assessment & Manual Validation
• OSINT & External Attack Surface Assessment
• Security Retesting & Remediation Validation
• SOC 2, ISO 27001, PCI DSS, Amazon SP-API, and compliance-oriented pentest reports
📄 What you receive:
• A professional penetration testing report
• Clear proof-of-concept evidence and screenshots
• Technical explanation of each vulnerability
• Business impact written in simple, practical language
• Severity rating and CVSS scoring where applicable
• Step-by-step remediation guidance for developers
• Retest results after your team applies fixes
• Executive summary suitable for management, compliance, vendor review, and internal audit
⚡ My testing approach:
I perform Black Box and Grey Box penetration testing depending on your project requirements. I use a manual-first methodology supported by professional tools such as Burp Suite Pro, but I do not rely only on automated scanners. The goal is to identify security issues that matter in real attack scenarios, including authentication flaws, authorization bypasses, SQL Injection, IDOR, access control issues, business logic vulnerabilities, API security weaknesses, injection flaws, misconfigurations, and sensitive data exposure.
🎯 Best fit if you need:
• A security test before launching a product or major feature
• A web application, API, mobile app, network, or infrastructure assessment
• A compliance-ready report for SOC 2, ISO 27001, PCI DSS, vendor review, or investor due diligence
• Manual security testing focused on real exploitability
• Clear communication with practical remediation advice
• Reliable retesting after fixes are completed
🏆 Certifications and experience:
• OSCP
• OSEP
• OSWP
• CREST CPSA
• Top Rated in Information Security / IT Compliance
• Ranked in the Top 50 in multiple bug bounty programs
• Completed 500+ penetration tests and security assessments
• Available across different time zones
• Open to one-time assessments and long-term security engagements
✅ Need a professional penetration test or vulnerability assessment for your web application, API, mobile app, network, or infrastructure?
📩 Send me a message, and I will help you define the right scope, testing approach, timeline, and deliverables for your security goals.
Penetration Testing
Security Assessment & Testing
Information Security
Network Penetration Testing
Network Security
Vulnerability Assessment
Web App Penetration Testing
Security Testing
System Security
Application Security
Website Security
Web Application Security
Black Box Testing
OWASP
Risk Assessment
John M.
Bengaluru, India
$34/hr
5.0
48 jobs
🔢 As an Upwork Top 1% Expert Vetted 👑 OSCP, Certified Ethical Hacker and an Experienced Penetration Tester with 10+ years of experience Penetration Testing Web SaaS and Mobile based applications and networks, every flaw tells a story; I write the ending and specialize in helping my clients strengthen their cybersecurity defenses.
An average Cybersecurity Incident in your business can you cost you anywhere between $120,000+ to $1.24+ million and even a 10%+ reduction in risk can save your business nearly $124,000+ and hiring a full time in-house team can cost you $100,000+ per employee per year. That is why you need an expert like me to protect your business and reduce your business risk.
What makes me stand out from other freelancers is the fact that I am also a Cybersecurity Architect, capable of architecting solutions to enhance the security of your organisation and preserving the security and integrity of your data.
I have always been passionate about solving technical problems for my clients through Pen Testing and I don't rest till I get to the root of the problem and solve it.
What I can offer?
I can help you secure your business by providing the following services:
✅ Web Application Penetration Testing,
✅ Secure Source Code Analysis,
✅ Mobile Application Penetration Testing,
✅ Network Penetration Testing,
✅ Secure Architecture Review,
✅ API Security Testing,
✅ Secure Configuration Review,
✅ Secure Code Review,
✅ CASA Assessment,
✅ Red Team Assessment,
✅ Threat Modelling,
✅ Phishing Simulations & Assessment.
Why Choose Me?
🧑🏼💼 Client-Centric Approach: Your security is my top priority. I work closely with your team to understand your objectives and deliver tailored services that align with your business goals. Trust and transparency are the cornerstones of my practice, and I am committed to helping you navigate the complex landscape of cybersecurity with confidence and achieve compliance.
📐 Comprehensive Security Assessments: I conduct detailed SOC Type 2 / ISO compliant evaluations to identify vulnerabilities in your network, applications, and infrastructure.
✂️ Tailored Solutions: Every organization is unique. I customize my approach to meet your specific security needs and industry standards.
🎬 Actionable Recommendations: Post-assessment, I provide clear, concise, and practical remediation steps to address identified vulnerabilities.
🔁 Ongoing Support: Cybersecurity is an ongoing process. I offer continuous support and re-assessment to ensure your defenses remain robust against evolving threats
🌏 Holistic Approach: I don't just patch vulnerabilities; I architect comprehensive security solutions that align with business goals. My focus extends beyond the technical to encompass risk management and organizational resilience.
🗨️ Collaborative Communicator: I bridge the gap between technical jargon and business language, fostering understanding across teams. Effective communication is key to successful security implementation.
🏫 Continuous Learning: The threat landscape evolves, and so do I. Whether it's a new attack vector or an emerging technology, count me in. Learning is my superpower.
🙋♂️ Key Skills:
✔️ Penetration Testing & Vulnerability Assessment: I thrive on dissecting systems, identifying weaknesses, and recommending robust solutions. Armed with tools like Kali Linux, Metasploit, Nmap, and Wireshark, I delve into web applications, networks, and APIs. But here's the twist—I don't stop at discovery; I offer a free retest after remediation to ensure vulnerabilities stay sealed.
✔️ Network Security: I've designed and implemented secure network architectures, ensuring data confidentiality, integrity, and availability. Firewalls, intrusion detection systems, and VPNs—my toolkit covers it all.
✔️ Cloud Security: Proficient in securing cloud environments especially Amazon Web Services (AWS) & Oracle Cloud Infrastructure (OCI). I stress-test cloud deployments ensuring they withstand real-world attacks.
✔️ Secure Coding Practices: I advocate for secure coding principles using tools like SonarQube and collaborate with development teams to build resilient applications. Prevention beats cure, every time.
⛏️Tools I Use
☑️ Penetration Testing: Nmap, Metasploit, Burp Suite Professional, Wireshark, SQLmap, Kali Linux
☑️ Programming & Scripting Skills: Python, Bash, PowerShell, JavaScript, Java and C#
☑️ Security Frameworks & Standards: OWASP, NIST, CASA, CIA Triad, PCI-DSS
🫱🏽🫲🏽 Let's Connect: Ready to enhance your business/organization's security? Let's chat! Reach out to me here on Upwork, and let's build a safer digital future together.
🟢 Press '...' button and then ‘Send Message’ button in the top right-hand corner ✉️
🚫 No hacking service - I do not provide any hacking services, and I will not engage in any activities that involve gaining unauthorized access to any accounts, systems, or social media platforms. Requests for such services will be declined.
Penetration Testing
Security Assessment & Testing
Information Security
Network Penetration Testing
Network Security
Vulnerability Assessment
Web App Penetration Testing
Security Testing
Application Security
Web Application Security
System Security
Website Security
Black Box Testing
OWASP
Risk Assessment
Amit S.
Delhi, India
$12/hr
4.9
41 jobs
Hi, I am Amit Singh and having 10+ years of significant and well-diversified experience in Cybersecurity domains, including ⭐Web Application penetration testing (SaaS, Cloud etc.)⭐Network Penetration testing(Servers, Active Directory, IoT etc.)⭐Web API pen-testing ⭐Mobile penetration testing (android & iOS)⭐Web 3.0 DApps & Smart Contract pen-testing (Blockchain technology)⭐ Source Code Review etc.
🏆Top Rated Profile on Upwork
✅I have performed penetration tests & vulnerability assessments and delivered professional reports to companies all over the world in accordance with:
☑️ Offensive Security (OSCP) standards
☑️ OWASP Top 10 Vulnerability
☑️ OWASP API Security Top 10 Vulnerability
☑️ OWASP Mobile Security Top 10 Vulnerability
☑️ Application Security Verification Standard 4.0 (ASVS 4.0)
☑️ CWE Top 25 Most Dangerous Software Errors
☑️ ISO 27001 Penetration Testing
☑️ Payment Card Industry Data Security Standard (PCI DSS)
☑️ General Data Protection Regulation (GDPR)
☑️ Common Vulnerability Scoring System (CVSS)
☑️ Open Source Security Testing Methodology Manual (OSSTMM)
✅ Cybersecurity Certifications:-
☑️ Certified eLearnSecurity Web application penetration tester (eWPT)
☑️ Certified API Security Professional( CASP)
☑️Certified Ethical hacker(CEH)
✅ The deliverable will be a professional Penetration Testing/Vulnerability Assessment report which includes:
☑️ Executive Summary
☑️ Assessment Methodology
☑️ Type of Tests
☑️Risk Level Classifications
☑️ Result Summary
☑️ Table of Findings
☑️ Detailed Findings. Each finds listed within the report will contain a CVSS score, Issue Description, Proof of Concept, Remediation, and Reference sections.
✅ Tool List (Acunetix, Nessus, BurpSuite Professional, Nmap, Netsparker, Metasploit Framework, OpenVAS, Mimikatz, SQLmap, Nikto, checkmax and Zaproxy etc.
Note-For more info lets connect over the chat section. Thanks
Penetration Testing
Security Assessment & Testing
Ethical Hacking
Network Penetration Testing
Network Security
Vulnerability Assessment
Web App Penetration Testing
Security Testing
Web Application Security
Internet Security
Information Security Audit
Website Security
API Testing
OWASP
Code Review
Pankaj R.
Chandigarh, India
$20/hr
4.9
127 jobs
Is your digital infrastructure secure against today's sophisticated threats?
I specialize in identifying and mitigating security vulnerabilities before they can be exploited. With a focus on real-world penetration testing and comprehensive malware cleanup, I ensure your systems are robust and resilient.
🛠️ Services I Provide:
Web & API Penetration Testing: Combining manual and automated techniques to uncover vulnerabilities.
WordPress Security & Malware Removal: Protecting your site from threats and ensuring smooth operation.
Network & Server Vulnerability Scanning: Utilizing tools like OpenVAS and Wireshark for thorough assessments.
Compliance-Oriented Security Assessments: Ensuring adherence to standards such as PCI-DSS and ISO 27001.
Email Setup & Security Hardening: Securing communications with platforms like Gmail, Hostinger, and SendGrid.
📈 Highlights:
4+ Years Experience | CEH Certified
20+ Projects Delivered with 5-Star Ratings
Expertise in OWASP Top 10, CVSS, and MITRE ATT&CK
Post-audit Guidance and Remediation Support
100% Confidentiality | NDA-Friendly
I am committed to delivering high-quality security solutions tailored to your needs. Let's work together to fortify your digital presence.
Penetration Testing
Security Assessment & Testing
Ethical Hacking
Firewall
Information Security
Web App Penetration Testing
Malware Removal
Compliance
Cloud Security
WordPress Security
Cloudflare
DNS
Google Workspace
Technical Support
Linux System Administration
Windows Administration
Email Deliverability
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
“Upwork provides an umbrella-level of security. I can see a talent’s work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.”
KD
Kim Darling
Emerald Tiger
“Upwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.”
DM
David Merry
Kinetic Investments
“Our very specific requirements can be a challenge—With Upwork, we’re able to access a bigger community to ensure the success of our projects.”
KK
Katja Krohn
Summa Linguae
How do I hire a Penetration Tester in India on Upwork?
You can hire a Penetration Tester in India on Upwork in four simple steps:
Create a job post tailored to your Penetration Tester project scope. We'll walk you through the process step by step.
Browse top Penetration Tester talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Penetration Tester profiles and interview.
Hire the right Penetration Tester for your project from Upwork, the world's largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Penetration Tester?
Rates charged by Penetration Testers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Penetration Tester in India on Upwork?
As the world's work marketplace, we connect highly-skilled freelance Penetration Testers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Penetration Tester team you need to succeed.
Can I hire a Penetration Tester in India within 24 hours on Upwork?
Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Penetration Tester proposals within 24 hours of posting a job description.