Hire the Best Security Assertion Markup Language Specialists

More than 3,000 reviews on G2
Rating is 4.5 out of 5.
4.5/5
of Upwork by G2 peer reviewers
Youssef E.

Kenitra, Morocco

$25/hr
5.0
28 jobs

I find the vulnerabilities in your web apps, APIs, and networks before attackers do, then hand your team a clear, reproducible penetration testing report they can act on. GXPN and GCIH certified. Top Rated on Upwork with 100% Job Success across web application, API, and network security engagements. No scanner dump and no jargon wall. Every finding comes with a severity rating (CVSS), working proof of concept, and a concrete fix your developers can ship. What I test: - Web application penetration testing (OWASP Top 10, PTES, NIST) - API security testing (REST, GraphQL, auth/OAuth, IDOR, broken access control) - SaaS and multi-tenant assessments (Supabase / Firebase data-isolation testing) - Network and external perimeter penetration testing - Source code / secure code review How I work: authorized testing only, on systems you own or have permission to test. Everything is documented over Upwork so you get a written record of every finding, not a verbal hand-wave. I retest after you patch to confirm the holes are actually closed. Credentials: GXPN (GIAC Advanced Penetration Tester & Exploit Researcher), GCIH (GIAC Certified Incident Handler), SANS CTF winner, and an active national/international CTF competitor (web, reverse, crypto, forensics). I also handle WordPress malware removal and incident response. See my Project Catalog for a fixed-price option.

  • Penetration Testing
  • Web Application Security
  • WordPress
  • Malware Removal
  • Website Security
  • Vulnerability Assessment
  • Network Penetration Testing
  • OWASP
  • Information Security
  • API
Kunal N.

Pune, India

$20/hr
5.0
4 jobs

I help SaaS companies, and enterprises identify critical security vulnerabilities before they become costly breaches, compliance issues, or business disruptions. As an Application Security Consultant and Penetration Tester, I specialize in uncovering real-world security weaknesses across web applications, APIs, network infrastructure, cloud environments, and modern technology platforms. My goal is not only to identify vulnerabilities but also to help organizations understand their security risks, prioritize remediation efforts, and strengthen their overall security posture. I have worked on security assessments involving enterprise applications, banking platforms, healthcare systems, cloud infrastructures, and business-critical applications. My experience includes identifying authentication flaws, access control weaknesses, business logic vulnerabilities, network misconfigurations, cloud security gaps, API security issues, and attack paths that automated scanners frequently miss. Core Security Services • Web Application Penetration Testing (OWASP Top 10 & Business Logic Testing) • API Security Testing (REST & GraphQL) • Network & Infrastructure Security Testing • Cloud Security Assessments (AWS) • Red Team Operations & Adversary Simulation • AI / LLM Security Testing • Vulnerability Assessment & Risk Analysis • Security Architecture Review • Email Security Implementation (SPF, DKIM & DMARC) What You Can Expect • Comprehensive Manual Security Testing • Detailed Vulnerability Reports • Proof-of-Concept Validation • Risk-Based Prioritization • Clear Remediation Guidance • Remediation Validation & Retesting • Executive and Technical Reporting Tools & Technologies • Burp Suite Professional • Nmap • Metasploit Framework • Nessus • OWASP ZAP • Wireshark • SQLMap • AWS Security Tools • Kali Linux Long-Term Security Partnership Many organizations engage me beyond a single penetration test. I work with clients on recurring security assessments, monthly security reviews, remediation verification, secure development guidance, and continuous security improvement initiatives. Whether you need a one-time security assessment or a long-term security partner, I focus on delivering actionable security insights that help protect your applications, infrastructure, customers, and reputation. If you are looking for a security professional who can think like an attacker and provide practical, business-focused security recommendations, I would be happy to discuss your project.

  • Penetration Testing
  • Web Application Security
  • Vulnerability Assessment
  • Ethical Hacking
  • OWASP
  • API Testing
  • Network Penetration Testing
  • Metasploit
  • Cloud Security
  • Cybersecurity Tool
  • Security Testing
  • Network Security
  • Application Security
  • Red Team Assessment
  • Information Security
Himanshu P.

Dehradun, India

$18/hr
4.8
49 jobs

I help businesses fix accessibility issues and achieve WCAG & ADA compliance without breaking design, speed, or user experience. I fix accessibility issues directly in your website’s code — fast, safe, and without breaking layouts or speed, ensuring real usability improvements. ✅ 50+ websites fully accessible & delivered successfully ✅ Free 1-page accessibility assessment — see results before you hire Results I’ve Delivered: • Improved accessibility scores from 40–60 → 90+ • Fixed 200+ WCAG issues across multiple websites • Helped clients pass ADA compliance audits successfully I improve accessibility across platforms like WordPress, Shopify, Webflow, Squarespace, and React — while maintaining performance, SEO best practices, and usability. What I Do Manual & automated accessibility audits (WCAG 2.2 AA/AAA, ADA, Section 508, EN 301 549) Accessibility remediation: full code fixes (HTML, CSS, ARIA, JavaScript, React, Vue, Svelte) Website compliance: WordPress, Shopify, Webflow, Wix, and custom platforms Mobile app accessibility: React Native, iOS, Android Accessibility testing: JAWS, NVDA, VoiceOver, TalkBack Why Clients Hire Me Avoid costly ADA & website accessibility lawsuits Real code-level fixes (not just reports or automated scans) Pass compliance audits with confidence Improve usability for all users on any device or platform Experience across multiple platforms and complex front-end systems Fast turnaround — from urgent 2-hour fixes to full compliance projects Clear, actionable reports with guaranteed improvements Ongoing support after project completion Free Accessibility Scan Send your site URL today for a free 1-page accessibility assessment and get a clear action plan for WCAG & ADA compliance.

  • W3C Markup Validation Service
  • Web Content Accessibility Guidelines
  • Web Accessibility
  • Website Audit
  • Accessibility Testing
  • Web Application Audit
  • Web Development
  • HTML
  • CSS
  • Shopify
  • WordPress
  • Squarespace
  • Webflow
  • Front-End Development
  • Ada
  • Quality Assurance
  • User Acceptance Testing
Abdallah H.

Suez, Egypt

$50/hr
5.0
7 jobs

𝙈𝙤𝙨𝙩 𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙛𝙧𝙚𝙚𝙡𝙖𝙣𝙘𝙚𝙧𝙨 𝙚𝙞𝙩𝙝𝙚𝙧 𝙗𝙧𝙚𝙖𝙠 𝙩𝙝𝙞𝙣𝙜𝙨 𝙤𝙧 𝙗𝙪𝙞𝙡𝙙 𝙩𝙝𝙞𝙣𝙜𝙨. 𝙄 𝙙𝙤 𝙗𝙤𝙩𝙝, 𝙬𝙝𝙞𝙘𝙝 𝙞𝙨 𝙬𝙝𝙮 𝙛𝙤𝙪𝙣𝙙𝙚𝙧𝙨 𝙗𝙧𝙞𝙣𝙜 𝙢𝙚 𝙞𝙣 𝙗𝙚𝙛𝙤𝙧𝙚 𝙖𝙣𝙙 𝙖𝙛𝙩𝙚𝙧 𝙡𝙖𝙪𝙣𝙘𝙝. You usually find me at one of these moments: an enterprise customer sent a security questionnaire you can't fully answer, investor due diligence flagged your security, a SOC 2 or HIPAA requirement is blocking a deal, or you shipped fast with AI tools and you're no longer sure what's exposed. If any of those is you, you're in the right place. 𝑾𝒉𝒂𝒕 𝑰 𝒅𝒐: ✅ Application & API penetration testing: web apps, APIs, auth/access control, OWASP Top 10, and the AI-generated-code failure patterns (hardcoded secrets, broken authz, injection) ✅ SaaS security & pre-launch hardening: find and fix what's exploitable before you scale, fundraise, or sign that enterprise customer ✅ Compliance & GRC: SOC 2 readiness, HIPAA/HITECH, security questionnaires, and controls mapped to frameworks like NIST and ISO 27001 so audits stop being a fire drill ✅ Fractional security ownership: threat modeling, API contracts, zero-trust architecture, penetration tests, logs analysis, and the security playbooks your team actually follows Across my engagements I've reduced measured security risk by ~80% on average, eliminated injection and access-control flaws, and secured 11+ startups with zero breaches since. Whether it's a regulator, an auditor, an investor, or an enterprise customer asking the hard questions, send me the scope and I'll tell you straight where you stand and what I'd fix first.

  • Penetration Testing
  • Vulnerability Assessment
  • Network Security
  • Security Analysis
  • Information Security
  • Internet Security
  • Ethical Hacking
  • Web App Penetration Testing
  • Web Testing
  • Website Security
  • Security Testing
  • Web Application Security
  • OWASP
  • Cybersecurity Management
  • Information Security Audit
Dmytro K.

Kyiv, Ukraine

$50/hr
5.0
4 jobs

Virtual CISO (vCISO) and Information Security Consultation for startups, scale-ups, and enterprise teams operating in regulated environments. 10+ years across Information Security and Information & Communications Technology, with clients certified on the first attempt against ISO 27001, SOC 2, HIPAA, GDPR and ISO 9001. I turn security from a checkbox into a competitive advantage — practical Information Security programs that pass audits, win enterprise deals, and don't slow down delivery. Recent outcomes: - Yalantis (IT services) — ISO 27001 certified on the first attempt, 6 months, zero major non-conformities - Trader Evolution (fintech / trading platform) — ISO 27001 certified in 5 months - US EV charging network (automotive / IoT) — SOC 2 Type II passed end-to-end - EU healthtech product — ISO 27001 surveillance audit passed after major scope expansion (new PII categories, GDPR-aligned) Core Information Security Consultation services: - ISO 27001 implementation, readiness, certification, and surveillance audit support - SOC 2 Type I & SOC 2 Type II readiness, control framework design, and ongoing SOC 2 evidence collection - HIPAA compliance for healthcare and healthtech — HIPAA Privacy Rule, HIPAA Security Rule, BAAs, and PHI handling - ISO 9001 alignment — integrating ISO 9001 quality management with ISO 27001 into a unified ISMS, plus ISO 9001 internal audits and management reviews - GRC program design and execution — risk register, control library, control testing, GRC tooling (Vanta, Drata, OneTrust), and GRC operating model - Regulatory Compliance roadmaps for SaaS, fintech, healthtech, IoT, and Information & Communications Technology firms - ISMS development — Statement of Applicability, policies, procedures, and Information Security awareness training - Risk assessments, gap analysis, MITRE ATT&CK threat modeling, and remediation roadmaps Vendor risk and third-party Information Security reviews - SIEM, detection engineering, vulnerability management, and security operations What I deliver: - End-to-end Information Security strategy and execution — not just paperwork - Audit-ready environments across ISO 27001, SOC 2, HIPAA, and ISO 9001 - Practical Regulatory Compliance programs matched to your stage, stack, and risk profile - Clear, structured roadmaps with measurable milestones - Hands-on Information Security Consultation without the cost of a full-time CISO - Ongoing GRC and Regulatory Compliance operations — surveillance audits, recertification, scope changes Approach: I combine GRC best practices with hands-on delivery experience in Information & Communications Technology — every control is implemented, measurable, and auditable. I work the way auditors think, so when external assessors arrive your Information Security program already speaks their language. No off-the-shelf templates, no theatre — just practical Regulatory Compliance and Information Security Consultation that holds up under scrutiny. Industries I serve: - SaaS, fintech, and trading platforms — ISO 27001 + SOC 2 + Regulatory Compliance - Healthtech and healthcare — HIPAA + ISO 27001 + GDPR + HIPAA risk assessments and BAA reviews - Automotive, IoT, and connected products — SOC 2 + ISO 27001 + Regulatory Compliance for cross-border data flows - Information & Communications Technology services firms — ISO 27001 + ISO 9001 integration, GRC operating model build-out Best fit: - SaaS, fintech, healthtech, and Information & Communications Technology companies preparing for SOC 2, ISO 27001, HIPAA, or ISO 9001 - Growing teams needing structured Information Security Consultation, GRC leadership, and - Information Security program ownership - Organizations needing ongoing vCISO leadership and Regulatory Compliance support without a full-time hire - Companies integrating ISO 9001 + ISO 27001 into a unified management system - Product teams expanding scope (new features, new PII categories, new markets) needing Information Security Consultation, GRC re-scoping, and surveillance audit support - US and EU buyers needing HIPAA, SOC 2, and Information & Communications Technology sector expertise in one engagement If you're a SaaS, fintech, healthtech, or Information & Communications Technology firm needing Information Security Consultation, let's talk. Share your target audit date or compliance goal, and I'll outline a Regulatory Compliance and Information Security Consultation roadmap on our first call.

  • Information Security
  • ISO 27001
  • Information Security Consultation
  • ISO 9001
  • HIPAA
  • Regulatory Compliance
  • Information & Communications Technology
  • SOC 2
  • IT Compliance Audit
  • Compliance
  • Risk Assessment
  • Penetration Testing
  • Project Management
  • Technical Writing
  • Policy Writing
  • GDPR
  • NIST Cybersecurity Framework
  • OWASP
  • Vulnerability Assessment
  • Application Security
Ali Hamza B.

Istanbul, Turkey

$15/hr
5.0
7 jobs

Two skillsets, one freelancer. On the security side, I test web applications and servers for vulnerabilities. I identify weaknesses before attackers do, covering everything from injection flaws and authentication bypasses to misconfigurations and access control issues. After every engagement I deliver a detailed report with findings, severity levels, and remediation steps. I also handle WordPress malware removal, server hardening, and VPS setup, deployment, and troubleshooting. On the language side, I'm a native Turkish speaker with professional English fluency. I translate and localize websites, apps, and technical content with a focus on natural tone and cultural accuracy. What I bring to the table: Web application penetration testing and security auditing WordPress security, malware cleanup, and hardening Turkish to English translation and localization SaaS and fintech terminology expertise Developer background (Python, Flask, JavaScript) so I understand the code behind what I translate and test

  • Python
  • Website Translation
  • SQLite
  • Web App Penetration Testing
  • Document Translation
  • Translation & Localization Software
  • SQL Injection Mitigation
  • Server Administration
  • Translation
  • Web Application Security
  • Web Application
  • Localization
  • Turkish to English Translation
  • English to Turkish Translation
  • Audio Transcription
  • Video Transcription

How it works

Post a job for freePost a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Security Assertion Markup Language Specialist on Upwork?

You can hire a Security Assertion Markup Language Specialist on Upwork in four simple steps:

  • Create a job post tailored to your Security Assertion Markup Language Specialist project scope. We’ll walk you through the process step by step.
  • Browse top Security Assertion Markup Language Specialist talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Security Assertion Markup Language Specialist profiles and interview.
  • Hire the right Security Assertion Markup Language Specialist for your project from Upwork, the world’s largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Security Assertion Markup Language Specialist?

Rates charged by Security Assertion Markup Language Specialists on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Security Assertion Markup Language Specialist on Upwork?

As the world’s work marketplace, we connect highly-skilled freelance Security Assertion Markup Language Specialists and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Security Assertion Markup Language Specialist team you need to succeed.

Can I hire a Security Assertion Markup Language Specialist within 24 hours on Upwork?

Depending on availability and the quality of your job post, it’s entirely possible to sign up for Upwork and receive Security Assertion Markup Language Specialist proposals within 24 hours of posting a job description.