I find the vulnerabilities in your web apps, APIs, and networks before attackers do, then hand your team a clear, reproducible penetration testing report they can act on.
GXPN and GCIH certified. Top Rated on Upwork with 100% Job Success across web application, API, and network security engagements.
No scanner dump and no jargon wall. Every finding comes with a severity rating (CVSS), working proof of concept, and a concrete fix your developers can ship.
What I test:
- Web application penetration testing (OWASP Top 10, PTES, NIST)
- API security testing (REST, GraphQL, auth/OAuth, IDOR, broken access control)
- SaaS and multi-tenant assessments (Supabase / Firebase data-isolation testing)
- Network and external perimeter penetration testing
- Source code / secure code review
How I work: authorized testing only, on systems you own or have permission to test. Everything is documented over Upwork so you get a written record of every finding, not a verbal hand-wave. I retest after you patch to confirm the holes are actually closed.
Credentials: GXPN (GIAC Advanced Penetration Tester & Exploit Researcher), GCIH (GIAC Certified Incident Handler), SANS CTF winner, and an active national/international CTF competitor (web, reverse, crypto, forensics).
I also handle WordPress malware removal and incident response. See my Project Catalog for a fixed-price option.
Penetration Testing
Web Application Security
WordPress
Malware Removal
Website Security
Vulnerability Assessment
Network Penetration Testing
OWASP
Information Security
API
Kunal N.
Pune, India
$20/hr
5.0
4 jobs
I help SaaS companies, and enterprises identify critical security vulnerabilities before they become costly breaches, compliance issues, or business disruptions.
As an Application Security Consultant and Penetration Tester, I specialize in uncovering real-world security weaknesses across web applications, APIs, network infrastructure, cloud environments, and modern technology platforms. My goal is not only to identify vulnerabilities but also to help organizations understand their security risks, prioritize remediation efforts, and strengthen their overall security posture.
I have worked on security assessments involving enterprise applications, banking platforms, healthcare systems, cloud infrastructures, and business-critical applications. My experience includes identifying authentication flaws, access control weaknesses, business logic vulnerabilities, network misconfigurations, cloud security gaps, API security issues, and attack paths that automated scanners frequently miss.
Core Security Services
• Web Application Penetration Testing (OWASP Top 10 & Business Logic Testing)
• API Security Testing (REST & GraphQL)
• Network & Infrastructure Security Testing
• Cloud Security Assessments (AWS)
• Red Team Operations & Adversary Simulation
• AI / LLM Security Testing
• Vulnerability Assessment & Risk Analysis
• Security Architecture Review
• Email Security Implementation (SPF, DKIM & DMARC)
What You Can Expect
• Comprehensive Manual Security Testing
• Detailed Vulnerability Reports
• Proof-of-Concept Validation
• Risk-Based Prioritization
• Clear Remediation Guidance
• Remediation Validation & Retesting
• Executive and Technical Reporting
Tools & Technologies
• Burp Suite Professional
• Nmap
• Metasploit Framework
• Nessus
• OWASP ZAP
• Wireshark
• SQLMap
• AWS Security Tools
• Kali Linux
Long-Term Security Partnership
Many organizations engage me beyond a single penetration test. I work with clients on recurring security assessments, monthly security reviews, remediation verification, secure development guidance, and continuous security improvement initiatives.
Whether you need a one-time security assessment or a long-term security partner, I focus on delivering actionable security insights that help protect your applications, infrastructure, customers, and reputation.
If you are looking for a security professional who can think like an attacker and provide practical, business-focused security recommendations, I would be happy to discuss your project.
Penetration Testing
Web Application Security
Vulnerability Assessment
Ethical Hacking
OWASP
API Testing
Network Penetration Testing
Metasploit
Cloud Security
Cybersecurity Tool
Security Testing
Network Security
Application Security
Red Team Assessment
Information Security
Himanshu P.
Dehradun, India
$18/hr
4.8
49 jobs
I help businesses fix accessibility issues and achieve WCAG & ADA compliance without breaking design, speed, or user experience.
I fix accessibility issues directly in your website’s code — fast, safe, and without breaking layouts or speed, ensuring real usability improvements.
✅ 50+ websites fully accessible & delivered successfully
✅ Free 1-page accessibility assessment — see results before you hire
Results I’ve Delivered:
• Improved accessibility scores from 40–60 → 90+
• Fixed 200+ WCAG issues across multiple websites
• Helped clients pass ADA compliance audits successfully
I improve accessibility across platforms like WordPress, Shopify, Webflow, Squarespace, and React — while maintaining performance, SEO best practices, and usability.
What I Do
Manual & automated accessibility audits (WCAG 2.2 AA/AAA, ADA, Section 508, EN 301 549)
Accessibility remediation: full code fixes (HTML, CSS, ARIA, JavaScript, React, Vue, Svelte)
Website compliance: WordPress, Shopify, Webflow, Wix, and custom platforms
Mobile app accessibility: React Native, iOS, Android
Accessibility testing: JAWS, NVDA, VoiceOver, TalkBack
Why Clients Hire Me
Avoid costly ADA & website accessibility lawsuits
Real code-level fixes (not just reports or automated scans)
Pass compliance audits with confidence
Improve usability for all users on any device or platform
Experience across multiple platforms and complex front-end systems
Fast turnaround — from urgent 2-hour fixes to full compliance projects
Clear, actionable reports with guaranteed improvements
Ongoing support after project completion
Free Accessibility Scan
Send your site URL today for a free 1-page accessibility assessment and get a clear action plan for WCAG & ADA compliance.
W3C Markup Validation Service
Web Content Accessibility Guidelines
Web Accessibility
Website Audit
Accessibility Testing
Web Application Audit
Web Development
HTML
CSS
Shopify
WordPress
Squarespace
Webflow
Front-End Development
Ada
Quality Assurance
User Acceptance Testing
Abdallah H.
Suez, Egypt
$50/hr
5.0
7 jobs
𝙈𝙤𝙨𝙩 𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙛𝙧𝙚𝙚𝙡𝙖𝙣𝙘𝙚𝙧𝙨 𝙚𝙞𝙩𝙝𝙚𝙧 𝙗𝙧𝙚𝙖𝙠 𝙩𝙝𝙞𝙣𝙜𝙨 𝙤𝙧 𝙗𝙪𝙞𝙡𝙙 𝙩𝙝𝙞𝙣𝙜𝙨. 𝙄 𝙙𝙤 𝙗𝙤𝙩𝙝, 𝙬𝙝𝙞𝙘𝙝 𝙞𝙨 𝙬𝙝𝙮 𝙛𝙤𝙪𝙣𝙙𝙚𝙧𝙨 𝙗𝙧𝙞𝙣𝙜 𝙢𝙚 𝙞𝙣 𝙗𝙚𝙛𝙤𝙧𝙚 𝙖𝙣𝙙 𝙖𝙛𝙩𝙚𝙧 𝙡𝙖𝙪𝙣𝙘𝙝.
You usually find me at one of these moments: an enterprise customer sent a security questionnaire you can't fully answer, investor due diligence flagged your security, a SOC 2 or HIPAA requirement is blocking a deal, or you shipped fast with AI tools and you're no longer sure what's exposed. If any of those is you, you're in the right place.
𝑾𝒉𝒂𝒕 𝑰 𝒅𝒐:
✅ Application & API penetration testing: web apps, APIs, auth/access control, OWASP Top 10, and the AI-generated-code failure patterns (hardcoded secrets, broken authz, injection)
✅ SaaS security & pre-launch hardening: find and fix what's exploitable before you scale, fundraise, or sign that enterprise customer
✅ Compliance & GRC: SOC 2 readiness, HIPAA/HITECH, security questionnaires, and controls mapped to frameworks like NIST and ISO 27001 so audits stop being a fire drill
✅ Fractional security ownership: threat modeling, API contracts, zero-trust architecture, penetration tests, logs analysis, and the security playbooks your team actually follows
Across my engagements I've reduced measured security risk by ~80% on average, eliminated injection and access-control flaws, and secured 11+ startups with zero breaches since.
Whether it's a regulator, an auditor, an investor, or an enterprise customer asking the hard questions, send me the scope and I'll tell you straight where you stand and what I'd fix first.
Penetration Testing
Vulnerability Assessment
Network Security
Security Analysis
Information Security
Internet Security
Ethical Hacking
Web App Penetration Testing
Web Testing
Website Security
Security Testing
Web Application Security
OWASP
Cybersecurity Management
Information Security Audit
Dmytro K.
Kyiv, Ukraine
$50/hr
5.0
4 jobs
Virtual CISO (vCISO) and Information Security Consultation for startups, scale-ups, and enterprise teams operating in regulated environments. 10+ years across Information Security and Information & Communications Technology, with clients certified on the first attempt against ISO 27001, SOC 2, HIPAA, GDPR and ISO 9001.
I turn security from a checkbox into a competitive advantage — practical Information Security programs that pass audits, win enterprise deals, and don't slow down delivery.
Recent outcomes:
- Yalantis (IT services) — ISO 27001 certified on the first attempt, 6 months, zero major non-conformities
- Trader Evolution (fintech / trading platform) — ISO 27001 certified in 5 months
- US EV charging network (automotive / IoT) — SOC 2 Type II passed end-to-end
- EU healthtech product — ISO 27001 surveillance audit passed after major scope expansion (new PII categories, GDPR-aligned)
Core Information Security Consultation services:
- ISO 27001 implementation, readiness, certification, and surveillance audit support
- SOC 2 Type I & SOC 2 Type II readiness, control framework design, and ongoing SOC 2 evidence collection
- HIPAA compliance for healthcare and healthtech — HIPAA Privacy Rule, HIPAA Security Rule, BAAs, and PHI handling
- ISO 9001 alignment — integrating ISO 9001 quality management with ISO 27001 into a unified ISMS, plus ISO 9001 internal audits and management reviews
- GRC program design and execution — risk register, control library, control testing, GRC tooling (Vanta, Drata, OneTrust), and GRC operating model
- Regulatory Compliance roadmaps for SaaS, fintech, healthtech, IoT, and Information & Communications Technology firms
- ISMS development — Statement of Applicability, policies, procedures, and Information Security awareness training
- Risk assessments, gap analysis, MITRE ATT&CK threat modeling, and remediation roadmaps
Vendor risk and third-party Information Security reviews
- SIEM, detection engineering, vulnerability management, and security operations
What I deliver:
- End-to-end Information Security strategy and execution — not just paperwork
- Audit-ready environments across ISO 27001, SOC 2, HIPAA, and ISO 9001
- Practical Regulatory Compliance programs matched to your stage, stack, and risk profile
- Clear, structured roadmaps with measurable milestones
- Hands-on Information Security Consultation without the cost of a full-time CISO
- Ongoing GRC and Regulatory Compliance operations — surveillance audits, recertification, scope changes
Approach:
I combine GRC best practices with hands-on delivery experience in Information & Communications Technology — every control is implemented, measurable, and auditable. I work the way auditors think, so when external assessors arrive your Information Security program already speaks their language. No off-the-shelf templates, no theatre — just practical Regulatory Compliance and Information Security Consultation that holds up under scrutiny.
Industries I serve:
- SaaS, fintech, and trading platforms — ISO 27001 + SOC 2 + Regulatory Compliance
- Healthtech and healthcare — HIPAA + ISO 27001 + GDPR + HIPAA risk assessments and BAA reviews
- Automotive, IoT, and connected products — SOC 2 + ISO 27001 + Regulatory Compliance for cross-border data flows
- Information & Communications Technology services firms — ISO 27001 + ISO 9001 integration, GRC operating model build-out
Best fit:
- SaaS, fintech, healthtech, and Information & Communications Technology companies preparing for SOC 2, ISO 27001, HIPAA, or ISO 9001
- Growing teams needing structured Information Security Consultation, GRC leadership, and - Information Security program ownership
- Organizations needing ongoing vCISO leadership and Regulatory Compliance support without a full-time hire
- Companies integrating ISO 9001 + ISO 27001 into a unified management system
- Product teams expanding scope (new features, new PII categories, new markets) needing Information Security Consultation, GRC re-scoping, and surveillance audit support
- US and EU buyers needing HIPAA, SOC 2, and Information & Communications Technology sector expertise in one engagement
If you're a SaaS, fintech, healthtech, or Information & Communications Technology firm needing Information Security Consultation, let's talk. Share your target audit date or compliance goal, and I'll outline a Regulatory Compliance and Information Security Consultation roadmap on our first call.
Information Security
ISO 27001
Information Security Consultation
ISO 9001
HIPAA
Regulatory Compliance
Information & Communications Technology
SOC 2
IT Compliance Audit
Compliance
Risk Assessment
Penetration Testing
Project Management
Technical Writing
Policy Writing
GDPR
NIST Cybersecurity Framework
OWASP
Vulnerability Assessment
Application Security
Ali Hamza B.
Istanbul, Turkey
$15/hr
5.0
7 jobs
Two skillsets, one freelancer.
On the security side, I test web applications and servers for vulnerabilities. I identify weaknesses before attackers do, covering everything from injection flaws and authentication bypasses to misconfigurations and access control issues. After every engagement I deliver a detailed report with findings, severity levels, and remediation steps. I also handle WordPress malware removal, server hardening, and VPS setup, deployment, and troubleshooting.
On the language side, I'm a native Turkish speaker with professional English fluency. I translate and localize websites, apps, and technical content with a focus on natural tone and cultural accuracy.
What I bring to the table:
Web application penetration testing and security auditing
WordPress security, malware cleanup, and hardening
Turkish to English translation and localization
SaaS and fintech terminology expertise
Developer background (Python, Flask, JavaScript) so I understand the code behind what I translate and test
Python
Website Translation
SQLite
Web App Penetration Testing
Document Translation
Translation & Localization Software
SQL Injection Mitigation
Server Administration
Translation
Web Application Security
Web Application
Localization
Turkish to English Translation
English to Turkish Translation
Audio Transcription
Video Transcription
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
“Upwork provides an umbrella-level of security. I can see a talent’s work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.”
KD
Kim Darling
Emerald Tiger
“Upwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.”
DM
David Merry
Kinetic Investments
“Our very specific requirements can be a challenge—With Upwork, we’re able to access a bigger community to ensure the success of our projects.”
KK
Katja Krohn
Summa Linguae
How do I hire a Security Assertion Markup Language Specialist on Upwork?
You can hire a Security Assertion Markup Language Specialist on Upwork in four simple steps:
Create a job post tailored to your Security Assertion Markup Language Specialist project scope. We’ll walk you through the process step by step.
Browse top Security Assertion Markup Language Specialist talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Security Assertion Markup Language Specialist profiles and interview.
Hire the right Security Assertion Markup Language Specialist for your project from Upwork, the world’s largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Security Assertion Markup Language Specialist?
Rates charged by Security Assertion Markup Language Specialists on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Security Assertion Markup Language Specialist on Upwork?
As the world’s work marketplace, we connect highly-skilled freelance Security Assertion Markup Language Specialists and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Security Assertion Markup Language Specialist team you need to succeed.
Can I hire a Security Assertion Markup Language Specialist within 24 hours on Upwork?
Depending on availability and the quality of your job post, it’s entirely possible to sign up for Upwork and receive Security Assertion Markup Language Specialist proposals within 24 hours of posting a job description.
Find more freelancers
Similar Security Assertion Markup Language Specialist Skills