Hire the best Vulnerability Assessment Specialists in India
Check out Vulnerability Assessment Specialists in India with the skills you need for your next job.
- $22 hourlyI am a DevOps Engineer with 9 yr of experience, who is proficient in DevOps culture through CI/CD and configuration management tools like Jenkins, Artifactory, Github Enterprise, GitLab, GitLab CI , and SonarQube. AWS services like RDS, EC2, S3, Cloudfront, ECS, lambda, DynamoDB among many others. I also have experience in design and deployment of CI/CD pipelines, docker containers and Kubernetes clusters. Experience in various roles : - AWS Security Specialty and All Pro Certs - DevOps Architect - Managing Multi Region Enterprise AWS Operations - Automated Pipeline for Deployment using BitBucket, Ansible, Terraform, SumoLogic - IAM best practices using cloudformation and Terraform - Kubernetes ( EKS ) with Helm Recent Projects - - Maintenance of AWS Kubernetes clusters and application - Implementation of Cloudfront - Migrating IAM users to OKTA Federated AWS Access - Migrating existing Ansible setup to Terraform - Regular updates to pipeline for CI/CD implementation using Bitbucket - Implementation of CloudFront using Terraform Bitbucket - Golden AMI using packer builder and bitbucket pipeline DevOps tools Proficiencies: • Infrastructure Automation: Terraform, CloudFormation, Serverless Framework • CI/CD Implementation: Terraform Cloud, Jenkins, CodePipeline • Containerization & Orchestration: Docker, AWS ECR, AWS ECS • Monitoring & Logging: Cloudwatch • Scripting & Automation: Python, Bash Information Security Consultant with several years of experience in Information Security consulting, Enterprise Risk Assessments across industries such as Banking & Finance, BPO, Manufacturing, Telecom, and Information Technology. I have expertise in Network and application penetration testing, ISO 27001 and SOC 2 audits.Vulnerability AssessmentTerraformComplianceSecurity ManagementYAMLAWS ApplicationNetwork PlanningIT Compliance AuditAmazon EC2Information Security AuditNetwork Penetration TestingAWS Cloud9Network AdministrationSecurity AnalysisNetwork MonitoringCisco Certified Internetwork ExpertCloudLinux
- $30 hourlyServices Offering : Ethical Hacking, Vulnerability Assessment & Penetration Testing, DevSecOps, Web Application Security, API Security, Android & iOS Mobile application Security, Network Security, Desktop Application Security, Cloud Security Audits and Penetration Testing, Thick Client App Security, Secure Code Review, DevSecOps, Container Security, IoT/Hardware Security, Blockchain or Smart Contract Security Audit, Security Configuration Review - Firewall, Switches, Router, OS and Server, etc. I am a Certified Cyber Security Expert/Professional and Security Engineer. I have more than 3 years of corporate experience in vulnerability assessment & penetration testing of Web Application, API, Android & iOS Mobile application, Network, Desktop Application, Cloud Security Audits and Penetration Testing, Thick Client App Security, Secure Code Review, DevSecOps, Container Security, IoT/Hardware Security, Blockchain/Smart Contract Security Audit, Security Configuration Review - Firewall, Switches, Router, OS and Server, etc. Follow systematic approach and best industry methodology like OWASP Testing Guide v4(OTGv4) ; SANS top 25; NIST SP 800-115. I help to identify and mitigate the threats and vulnerabilities in systems and softwares with my skills I provide the following services: ✅ Penetration Testing Engagement ✅ This includes both thorough manual testing of all functionalities and automated testing for all websites, applications, servers or infrastructure included in the scope of work, using both professional enterprise grade software such as BurpSuite Professional and Nessus and also personal scripts and tools gathered over past engagements. This services extends as well to internal penetration tests and network infrastructure testing as well. ✅ Professional Report & Statistics ✅ Detailed report explaining step-by-step the exploitation and discovery method of each and every vulnerability discovered. Proof-of-Concept screen captures, full requests and responses, CVSS v3.0 standardised risk score, impact and ownership included. ✅ Remediation Advice & Guidance ✅ Remediation advice regarding all security issues discovered, how to fix them and warnings associated with the impact and risk of these vulnerabilities. ✅ Asset Discovery ✅ Through both active and passive methods, I can help you asses how big your digital footprint is on the internet and what is the attack platform visible from an outsider threat perspective. This includes subdomain enumeration and service/port discovery. ✅ Free Checkup ✅ Included in the price will be a checkup/retest of all aforementioned vulnerabilities present in the report in order to ensure that the implemented security controls and/or fixes are working as intended and that there is no other way to bypass them or exploit that vulnerability any longer. Technical Skills: - Vulnerability Assessment & Penetration Testing - Web Application VAPT - API VAPT - Android & iOS Mobile ApplicationVAPT - Network VAPT - AWS/ Azure/ GCP/ DigitalOcean Cloud Security Audit and Penetration Testing - Microsoft Office 365 Security Audit or Configuration Review - Thick Client or Desktop Application VAPT - Active Directory Security - DevSecOps - Container Security - VoIP Penetration Testing/ Security Testing - IoT/Hardware Security Testing - Smart Contract Security Audit - Threat Modeling - Threat Intelligence - Open Source Intelligence - Security Configuration Review - Firewall, Switches, Router, Operating Systems and Servers Certification Achieved: - CREST Practitioner Security Analyst (CPSA) - CREST Registered Penetration Tester (CRT) - Offensive Security Certified Professional (OSCP) - (ISC)2 Certified in CyberSecurity - Information Security Certified Professional (ISCP) - Cyber Security Foundation Professional Certificate (CSFPC) - Certified AppSec Practitioner (CAP) Achievements : I got Appreciation Certificate from NCIIPC (Indian Government) for submitting few security issues. I attended private bugbounty programs organised by CCTNS (Crime and Criminal Tracking Network and Systems - Indian Government) and Bharti Airtel. I helped to secure some companies such as Dell, DigitalOcean, StatusPage, Caviar, Western Union, UnderArmour, Arlo Cash Rewards, Kenna Security, Pantheon, Mailgun, Seek, Skyscanner, Fitbit, Overstock and more.Vulnerability AssessmentCode ReviewISO 27001Ethical HackingNetwork Penetration TestingWebsite SecurityCloud SecurityWeb App Penetration TestingSecurity TestingInformation SecurityApplication SecuritySource Code ScanningSecurity Assessment & TestingPenetration TestingNetwork Security
- $35 hourly🔢 As a seasoned Penetration Tester, I have a proven track record of conducting and leading successful security audits, web application penetration tests, and red team engagements for a diverse range of clients. My experience ranges from working with multinational corporations with large-scale infrastructures to smaller companies seeking enhanced security measures for competitive advantage. As a security engineer, my day-to-day responsibilities revolve around leveraging my expertise in penetration testing, cyber security, and vulnerability assessment to identify and mitigate potential vulnerabilities. Through these experiences, I have comprehensively understood the prevailing technology stacks employed worldwide, allowing me to discern their security weaknesses with precision. 🚫No hacking service - I do not provide any hacking services, and I will not engage in any activities that involve gaining unauthorized access to any accounts, systems, or social media platforms. Requests for such services will be declined. Working with me, you will: ★ Customized approach: I understand that every client's needs are unique, and I tailor my approach to meet your specific requirements. This ensures that you get the most comprehensive and effective security testing possible. ★ Timely delivery: I understand that time is of the essence when it comes to security testing, and I always deliver my reports on time, without compromising on quality. ★ Complete manual testing for your application and immediate notification if any high-impact issues are found. ★ Unlimited retesting for the fixed issues and unlimited revisions ★ Able to find critical bug classes that are often missed by automated pentests. 🔢 My stats are: ✅ Top-rated in information security and IT compliance categories ✅ Saved tens of thousands of dollars for clients by identifying critical vulnerabilities ✅ Ranked in the Top 50 at multiple bug bounty programs ✅ Supporting all time zones ✅ Long-term engagements ✅ Professional certifications (OSCP, OSEP, OSWP) Sound like a fit? 🟢 Press '...' button and then ‘Send Message’ button in the top right-hand corner Penetration Testing and Vulnerability Assessment Tools: Manual Testing: Burpsuite Professional, Nuclei, Ffuf, Nmap, Postman (API testing), Metasploit Framework, SQLmap, OWASP ZAP Automated Testing: Acunetix, Nessus, Netsparker, etc. Penetration testing service: 1. Penetration Testing Engagement: thorough manual and automated testing of all functionalities, including internal penetration tests and network infrastructure testing. Professional enterprise-grade software is used, such as BurpSuite Professional, Acunetix, and Nessus. 2. Professional Report and Statistics: A detailed report explaining the exploitation and discovery method of each vulnerability discovered, including proof-of-concept screenshots, full requests and responses, CVSS v3.0 standardized risk score, and impact. 3. Remediation Advice and Guidance: Remediation advice was provided for all security issues discovered, including guidance on how to fix the issues and warnings associated with the impact and risk of these vulnerabilities. 4. Asset Discovery: Active and passive methods are used to assess the digital footprint on the internet, including subdomain enumeration and service/port discovery. 5. Free Retest: Retest all vulnerabilities present in the report included in the price to ensure implemented security controls and/or fixes are working as intended. 6. OSINT Reconnaissance: gathering all valuable data about the company available on the internet, including any breached email addresses and related passwords available in cleartext on the internet. 7. Briefing and debriefing: Calls or meetings are available to discuss the scope of work, the focus of the penetration testing engagement, including all subdomains, black-box or white-box engagement, account requirements, preferred hours for load testing, and any other guidance required. Calls or meetings are available after the penetration test is completed to discuss the results of the engagement, the main issues and concerns regarding the security of the company, and any further clarification regarding any vulnerability and the associated impact or risk. ✅ The deliverable will be a professional penetration testing and vulnerability assessment report, which includes: ► Executive Summary ► Assessment Methodology ► Types of Tests ► Risk Level Classifications ► Result Summary ► Table of Findings ► Detailed Findings Each finding listed within the report will contain a CVSS score, issue description, proof of concept, remediation, and reference sections. ► Retest for issues (The vulnerabilities will be retested after they're fixed; multiple retests can be done to ensure the issues are remediated.) My Expertise: ★ Web Application Security Testing ★ API security testing ★ Penetration Testing ★ Internal Active Directory and External Network Pentest ★ Vulnerability Assessment.Vulnerability AssessmentRisk AssessmentOWASPNetwork Penetration TestingBlack Box TestingWeb Application SecurityWebsite SecurityWeb App Penetration TestingApplication SecuritySystem SecuritySecurity TestingSecurity Assessment & TestingNetwork SecurityPenetration TestingInformation Security
- $15 hourlyWeb Penetration Testing(OWASP Top 10 methodology) | Network Penetration testing | OWASP API Security | Mobile Vulnerability Assessment(iOS and Android) | Source Code Reviews(.Net, Java, PHP) | Vulnerability Assessment and Penetration Testing | SIEM team (Cloud(AWS and Azure) Security, File Integrity Monitoring and Event Monitoring, Endpoint Security and Encryption, Data Loss Prevention, Network Access Control, Threat Monitoring (Email Traffic and Malware Analysis), Privileged Access and Identity Management) Have 7+ years of experience in both black box and white box testing penetration testing. Perform VAPT (Vulnerability Assessment and Penetration Testing) services for web applications, networks, mobile; source code reviews; malware analysis; server hardening; and security analysis etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4); SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats. Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also, perform source code reviews for many technologies like Java, NET, PHP etc. Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls: * Configuration and Deployment Management Testing * Identity Management Testing * Authentication Testing * Authorization Testing * Session Management Testing * Input Validation Testing * Testing for Error Handling * Testing for weak Cryptography * Business Logic Testing * Client Side Testing Tools that use for Automated Web Penetration Testing: Acunetix, Burp-Suite, Netsparker, Nexpose, Nikto, IBM AppScan, HP fortify, W3af etc. Network penetration testing: Provide both external and internal network Penetration Testing so that your Network Infrastructure is secured from the real world attacks. Do both manual and automated network penetration testing. Approach for Manual Network Penetration Testing: Manually check for IDS/IPS, Server, Networks switch, Network Router, VPN, Firewalls, Anti-virus, Password etc. Tools that use for automated network penetration testing: OpenVas, Wireshark, Nessus, Metasploit, Armitage, Scapy etc. Mobile Application Penetration Testing: Perform mobile applications application penetration testing with the latest OWASP methodology(MSTG). Performed both manual and automated penetration testing for vulnerabilities like Weak Server Side Controls, Insecure Data Storage, Insufficient Transport Layer Protection, Unintended Data Leakage, Poor Authorization and Authentication, Broken Cryptography, Client Side Injection, Security Decisions Via Untrusted Inputs, Improper Session Handling, Lack of Binary Protections. Tools: Burp-Suite, HP fortify, Dex2Jar, Apktool, framework-res.apk, iNalyzer. Source Code Reviews: Perform source code reviews for both front and back-end languages. Perform source code reviews standard methodology like OWASP top 10. Do manual and automated source code reviews for various web based security vulnerabilities like SQL injection, Cross site scripting (XSS), CSRF, RFI,LFI, Authentication bypass etc. Tools: CheckMarx, IBM Appscan source for analysis, Microfocus HP Fortify. Security Analysis and Server Hardening: Regularly check and maintain your systems, servers to ensure that they comply with the standards. Do hardening application checks the item automatically on a daily basis and monitors all critical networks and server components. We support various frameworks like CIS benchmarking for Desktops & Web Browsers, Mobile Devices, Network Devices, Servers – Operating Systems, Virtualization Platforms & Cloud etc. Social Engineering: Have experience in social engineering vectors: Vishing, Phishing, Smishing, Impersonation. Used the following social engineering cycle to conduct social engineering: Gather Information: Here Information gathered from company websites, social media and other publications. Plan Attack: Next step is outline how intends to execute the attack Acquire Tools: After planning, next include computer programs that an attacker will use when launching the attack. Attack: Exploit the weaknesses in the target system. Use acquired knowledge: Information gathered during the social engineering tactics is used in attacks such as password guessing. Tools: SET(Kali-Linux); GetGoPhishVulnerability AssessmentWeb TestingInformation Security AuditWeb Application SecurityWebsite SecurityNetwork Penetration TestingSoftware QASecurity AnalysisInternet SecurityInformation SecurityPenetration TestingNetwork Security
- $250 hourlyI am a SOC analyst and a security researcher with over 4 years of experience breaking and fixing multiple security and business logic issues in web and mobile applications. My expertise lies in Web Application Security, Mobile Application Security, Network Security, Cloud Architecture, Secure Code Review, Process Workflow Automation(using Python, Powershell, Batch, bash, etc), Dashboard creation, Excel Macro automation, VBA scripting, and more. I have experience with tools like BurpSuite, Acunetix, Nessus, SQLMap, Nmap, MobSF, ADB, and more. Recognized as a Security Researcher in Hall of Fames by: Google, Microsoft, Amazon Web Services, TechGig, Centrify, Bugcrowd, Trello, etc Some of the vulnerabilities I have Reported to organizations are Personal Identifiable Information leakage, Cross-Site Scripting, Host Header Injection, Cross-Site Request Forgery, Indirect Object Reference, Parameter Tampering, No Rate Limiting, Insecure File Upload, Payment Bypass, Broken Authentication, API Abuse issues, etc.Vulnerability AssessmentPenetration TestingInformation SecurityMicrosoft Windows PowerShellEthical HackingWebsite SecurityWeb TestingLinuxBashWeb App Penetration TestingSSLBetter Mobile Security BetterReverse Engineering
- $35 hourly**Rated among the '20 Most Reliable Cyber Security Providing Companies in India'** Highly qualified and well-trained and experienced Information Security professional with a double Masters degree level education as well as experience of working internationally in the UK and India, bringing a diverse range of skills and knowledge to the table. A Certified Ethical Hacker (CEH), Ramandeep has gained expertise in Malware Analysis, Ransomware Analysis, Information Security, Data Privacy, Application Security, Vulnerability Assessment and Penetration Testing, Network Security Assessment, Infrastructure Configuration Reviews, Source Code Reviews and Secure Coding Practices, ITGC review, IS Audit, ISO27001 assessment, PCI-DSS compliance assessment, GDPR compliance assessment which has been accumulated while working with various clients in the Banking, Financial Services and Insurance (BFSI) sector as well as the IT/ITES industry. SELECT KEY PROJECTS: -- Experience working with compliance for data protection regulations like EU-GDPR and the UK Data Protection Act, ensuring secure data handling practices throughout the organization. -- Performed Vulnerability Assessment and Penetration Testing of servers, network devices and web applications. -- Performed Web Application Vulnerability Assessment and Penetration testing which includes- Exploitation of multiple business critical applications developed in different frameworks. -- Performed Secure Code reviews for multiple applications coded in different languages. -- Performed External Vulnerability assessment & Penetration Testing for various Public & Private sectors. -- Has performed multiple engagements on Application Security Assessment and Vulnerability Assessment and Penetration Testing (VAPT) -- Experience in managing and driving IT Security activities & initiatives of a leading firm that primarily includes Vulnerability Management, publishing security advisories for new cyber threats and corresponding Indicator of Compromise (IoC), Vulnerability Management, maintaining compliance with firm’s global IT Standard, preparation of Risk & Security Manifesto. PUBLICATIONS: Co-author of ‘WannaCry Ransomware : Crowd Source Intelligence’ eBook published by Cyber Management Alliance, UK.Vulnerability AssessmentWeb Application SecurityInformation Security AuditSecurity AnalysisEthical HackingMobile App TestingWebsite SecurityCybersecurity ManagementDatabase SecurityInformation SecuritySecurity Assessment & TestingSecurity TestingNetwork SecurityPenetration TestingApplication SecuritySource Code Scanning
- $40 hourlyMustaque (CISSP) brings and assist clients in infrastructure Security, Cloud Security, Network Security, Cloud Migration, Threat Intelligence and integrating Information Security program for an organization. With over 15+ years of IT experience, I provide cost-effective solutions to Start-Ups, SMBs/SMEs, and Large Enterprises. I am passionate about helping people succeed in their core business while making an impact on securing their computing environment and making it difficult for outsiders to penetrate or get unauthorized access to the network. I have worked with organizations like IBM, Microland, Bank of America, and other Fortune 500 companies. My background covers the technology discipline (Security by design, Public Cloud Security, Public Cloud Migration, Network Security, threat intelligence, Vulnerability Assessment & Management, and Consulting). My Specialization is to build a solid platform using a security by design concept to stop inside and outside threats. Skill Set: IP Networking, Cisco, Juniper, Fortigate, F5 BigIP, OpenVPN, WAF , SIP, IPSec. SSL VPN Internet security, firewalls, IDS, IPS, Nessus, Qualys, Kali Linux, Meta-exploit, Honeypots. Here are some of the area's Mustaque can help with: - Design and Implement virtual data center in Public Cloud (Azure, AWS). - Design and Implement Cloud Security components while designing a virtual data center. - Design and Implement SDWAN at the enterprise level. Add SDWAN security while designing it. - Help to perform Risk Assessment. - Implementing Security Solutions at multiple layers to provide adequate security. - Audit and assist in implementing Compliance per the standard. - Security Incident & Reporting. - Design, implement and monitor Threat Intelligence program. - Design, implement and test the Disaster Recovery Program. - Research on System logs to build a security data lake. Product Experience: I have worked in Multi-Vendor Environment. Enough exposure to Industry-leading solutions. Professional Certifications: CISSP - Certified Information Systems Security Professional ZTCA - Zero Trust Certified Architect CASA - Certified AlgoSec Security Administrator ECSA - EC-Council Certified Security Analyst CEH - Certified Ethical Hacker MCSA - Microsoft Certified Solutions AssociateVulnerability AssessmentSystem SecurityIT Compliance AuditNetwork EngineeringKali LinuxAT&T CybersecurityNetwork SecurityCloud SecurityCloud ArchitectureWeb Application FirewallInformation SecurityCloud MigrationCloud ImplementationNetwork AdministrationNetwork Design
- $70 hourly~Steering Blockchain concentric projects on the process and importance of Security Audits ~Researching use-cases and the process of Blockchain Implementation ~Building Connections to strengthen a more secure and safe community in the Blockchain space | DeFiVulnerability AssessmentSecurity EngineeringWeb Application SecurityFinancial AuditDAppsBlockchain DevelopmentBlockchain SecurityEthereumSmart ContractRustBlockchainBlockchain ArchitectureSolidityLayer 2 BlockchainBinance Coin
- $40 hourly✅ Upwork Top Rated Profile in top 10% ✅ 100% Job Success Score ✅ 5-star client feedback Experienced Cyber Security professional with a profound knowledge of Vulnerability Assessment, Penetration Testing, System Audit, Secure Configuration review, Firewall and Endpoint security using various tools and manual techniques. 8+ years of hands-on experience doing website/mobile security testing, IT infrastructure testing, Network security, source code review, etc.. 5+ years of experience doing compliance security audit such as ISO 27001, SOC2, PCI DSS, etc.. ----------------------------------------------------------------------------------------------------------- Why me? ----------------------------------------------------------------------------------------------------------- - Guaranteed project success - Very experienced in catering to small, medium, or big size of the enterprise - Access to a pool of expert vetted and certified professionals based on requirements - Responsive and communicative with regular updates - Highly qualified and experiencedVulnerability AssessmentISO 27001Certified Information Systems Security ProfessionalIT Compliance AuditInformation Security AuditKali LinuxMetasploitInformation Security ConsultationSecurity TestingApplication SecurityInformation SecurityPenetration TestingNessusCybersecurity ManagementWebsite SecurityMobile App TestingNetwork Security
- $40 hourlyProfessional Security Analyst with 6.5+ years of experience in cybersecurity filed in various tech-stack. I aim to use my skills, strength, and capabilities effectively to contribute maximum to the success. I have a more comprehensive experience with Elastisearch, Security Information and Event Management(SIEM), Threat Intelligence, and SOAR platforms. Azure Sentinel, Securonix Snypr, MicroFocus ArcSight and ELK are the SIEM platforms I have more worked on. Threat hunting and Malware analysis are my strong sides. Ready to work with these technologies. Technologies I Know, - SIEM - Threat Intel - ELK - SOAR - Malware Analysis - Threat Hunting - Operating System Internals - Grafana - IDS/IPS - MITRE ATT&CK - WazuhVulnerability AssessmentSystem SecurityAmazon Web ServicesMalwareKibanaELK StackInformation SecurityUnified Threat ManagementIncident Response PlanIncident ManagementHIPAACyber Threat IntelligenceElasticsearchCloud Security
- $45 hourlyHello, I am Vatsal Raichura. I have 4+ years of experience in the IT Industry as an Information and Network Security Specialist. I have worked with many top IT, Security, and Crypto Brands. I have expertise in Vulnerability Assessment and Penetration Testing (VAPT), Blockchain & Smart Contract Audits, Web and Application testing, Network and System testing, Blackbox testing, etc.Vulnerability AssessmentFuzzingSmart ContractBlockchainPenetration TestingInformation SecuritySolidityFinancial AuditSecurity TestingDAppsIT Compliance AuditWeb Application SecurityISO 27001Mobile App Testing
- $40 hourly✅ Top Rated Plus Expert ✅ 800+ Hours ✅ Professional Penetration Tester Senior Penetration Tester with more than 6+ years of rich industry experience in Web, Mobile, API, and Network Penetration Testing. I have successfully completed 300+ Web application Pentests, 100+ Mobile Application Penetration Tests, 200+ API Penetration Tests, 100+ External Network Penetration Tests and 30+ Internal Penetration Tests. I am also a Security researcher acknowledged by Yahoo (among other notable companies like SolarEdge, Imgur, Artsy, etc.) for disclosing a number of vulnerabilities via the HackerOne bug bounty platform. My core competency is Blackbox, Greybox Testing on Web, API, Mobile, and Network applications. I am familiar with all attacks and mitigations and am well-versed in OWASP, NIST, and PTES Frameworks. My Pentesting reports include clear documentation of the vulnerabilities found along with the remediations to make sure the client is 100% satisfied. I am also certified in AWS, and Azure and have a very keen knowledge of Cloud Security and cloud administration. ✅ I have conducted Penetration Tests, Vulnerability Assessments and delivered professional reports to companies around the world complying with the following: ►OWASP Web Security Top 10 Vulnerability ►OWASP API Security Top 10 Vulnerability ►OWASP Mobile Security Top 10 Vulnerability ►External Network Penetration Testing ►Internal Network Penetration Testing ►Payment Card Industry Data Security Standard (PCI DSS) ►System and Organization Controls 2 (SOC2) ►General Data Protection Regulation (GDPR) ►Common Vulnerability Scoring System (CVSS) ►Open Source Security Testing Methodology Manual (OSSTMM) My Certs include: ►CompTIA Pentest+ ►AWS Solutions Architect ►Azure Administrator Tools: Burp Suite, Nikto, Nmap, Zap, Metasploit, Nessus, W3af, Ffuf, Dirb, etc... I am available 24/7. If you are interested in cooperation, drop me a line :)Vulnerability AssessmentWeb Application SecurityNetwork Penetration TestingWeb App Penetration TestingCloud SecurityMobile App TestingInformation Security AuditInformation SecurityMetasploitNetwork SecurityPenetration Testing
- $67 hourlyCAREER OVERVIEW An experienced IT professional with around 13 years of experience in driving initiatives across various domains of Cyber Security. Worked extensively in Information Security Risk Management, Security Operation Center, Design and implementation of Managed Security Services, Information Security Policy & Governance, DR & Business Continuity planning. Active member of the Enterprise Cyber Security Committee to drive various Cyber Security initiatives Globally. SKILL HIGHLIGHTS ● Information Risk Management ● Information Security Policy Governance ● Audit & Regulatory Compliance ● Project Management ● Leadership/ Communication skills ● Risk & Impact Assessment ● IT Operations & Business Support ● Business Continuity / Disaster Recovery PlanningVulnerability AssessmentSecurity Operation CenterSecurity InfrastructureCertified Information Systems Security ProfessionalSecurity ManagementInformation Security AuditCybersecurity ManagementInformation Security ConsultationSecurity Policies & Procedures DocumentationInformation Security
- $35 hourlyI am a web developer with experience in software development, API development, distributed computing, distributed databases and on-premise application deployment.Vulnerability AssessmentElasticsearchDocker Swarm ModeUbuntuWeb ApplicationCeleryMongoDB Ops ManagerAgile Software DevelopmentSoftware Architecture & DesignDevOps EngineeringKubernetesDistributed DatabasePenetration TestingSecurity Operation CenterDistributed ComputingAPI DevelopmentWeb DevelopmentAPI
- $60 hourlyMay 2004 till date Have created an automated product to provide ISO 27001, SOC-2, GDPR, HIPAA, CCPA, PCI/DSS, NIST security policies and processes Senior Network Security, AWS Security, ISO 27001, SOC-2, NIST, OWASP, PCI/DSS, GDPR, HIPAA, CCPA, PDP, LTI Certification, Data Analytics, Java, NodeJs, ReactJs, MySQL, MongoDB, Amazon Aurora, MySQL, Performance and Scaling, Architecture, WAF, Security compliance and Network Management Consultant with proven experience working with Enterprise companies, MNCs and Government organisations for network security implementation, readiness, compliance and certification. Experience designing and implementing Data Lake architecture. Common Criteria (ISO 15408), ISO 27001, SOC-2, GDPR, HIPAA, CCPA, PDP, OWASP and PCI/DSS security policy, processes, security controls implementation, readiness, certification for a Healthcare company, Gaming company, Ed-tech company, Telecom Service Provider, Internet service provider, Bank, Insurance company etc. for its solution hosted on AWS, GCP, Microsoft Azure, Digital Ocean: a. Implemented all [30+] security processes and policies [viz. ISMS, BCP, DR, Data Privacy, Data Encryption etc.] b. Performed vulnerability assessment and penetration testing [VAPT] of its network, AWS architecture, Mobile Applications [viz. Android, iOS etc.], Web applications, Databases [viz. MySQL, Amazon Aurora, MongoDB, Postgres etc.] and products using Burpsuite, Kali Linux, Nmap, Metasploit, Nessus, Proprietary tools etc. c. Identified the security issues and gaps and worked on implementing solutions to fill the gaps d. SOC-2 and GDPR: Implemented the data access, DPIA, data encryption, data lake, data analytics and data setup policy e. Implemented the GDPR (DSAR) module, Data Lake, Data Science and Data Analytics architecture f. Identified and implemented the missing security features w.r.t GDPR, HIPAA, ISO 27001, ISO 15408 and SOC-2 g. Implemented security based SDLC process h. Provided the ISO 15408, ISO 27001, SOC-2, GDPR, OWASP, NIST, HIPAA and PCI/DSS certification reportsVulnerability AssessmentData PrivacyCompliance ConsultationSNMPGDPRSOC 3 ReportPCI DSSInformation SecurityInformation Security ConsultationProduct ManagementSecurity TestingSecurity FrameworkSOC 2ISO 27001Security Policies & Procedures DocumentationData SegmentationNetwork Security
- $50 hourlyAn experienced infosec professional with expertise in vulnerability assessment and penetration testing across various domains, including supply chain management, banking, aviation, retail, and telecommunications. Some of my specialities are Web application penetration testing, API penetration testing, Infrastructure penetration testing, and Mobile application penetration testing. Additionally, I am an eWPTXv2, eCPPTv2, eMAPT, CREST CPSA, CAPen, CNPen, ISC2 CC, CAPv1, CAPv2, eJPT and CEHv10 certified professional.Vulnerability AssessmentInformation Security ConsultationEthical HackingWeb App Penetration TestingWeb Application SecurityApplication SecuritySecurity AnalysisWebsite SecuritySecurity Assessment & TestingSecurity TestingNetwork Penetration TestingNetwork SecurityPenetration TestingInformation SecuritySystem Security
- $50 hourlyI'm a Cyber Security Engineer with 4 years+ experience and have completed over 500 VAPT audit for various crtical sectors includng banks and corporate. • Full and detailed report with mitigation techniques. • Non- disclosure to any findings/data. • No down time. • Continuous conversation with client.Vulnerability AssessmentReport WritingMarketing AuditPython ScriptBash ProgrammingMicrosoft WindowsKali LinuxSecurity Operation CenterSecurity AnalysisPenetration TestingNetwork Penetration Testing
- $50 hourlyHi, I'm Parikshit Certification and Experience: Certified Ethical Hacker - Practical 2022 Certified in Comptia Security+ Certified Azure Fundamental certified Azure Security Compliance and Identity Fundamentals Certified. 8+ years of Experience in IT industry as Security Consultant. Technical skills: Web application penetration testing Network Penetration testing Vulnerability assessment Ethical Hacking DevSecOps (SAST & DAST) Linux Administration System Administration System and Network Security. Web application Security. technowebhack.com : Owning a website based on Ethical hacking, Linux, Networking, Computer tricks and tips. Let me know if I can be helpful 😊 At your ServiceVulnerability AssessmentSystem SecurityWindows 10 AdministrationEnd User Technical SupportWeb Application SecurityLinux System AdministrationDevOpsNetwork Penetration TestingWeb App Penetration TestingSystem AdministrationWindows Administration
- $40 hourlyI am an astute & result-oriented seasoned professional with more than ten years of rich & qualitative experience in managing and providing consultancy service in Microsoft exchange infrastructure and Office 365 Digital workplace service. Proficient in Planning & execution of strategy, Morale building, relationship management with internal & external customers. Good communication and presentation skills with demonstrated abilities in training and driving executives.Vulnerability AssessmentWindows AdministrationMicrosoft Exchange OnlineSystem ConfigurationOffice 365Microsoft ExcelMicrosoft OutlookMicrosoft AzureMicrosoft TeamsMicrosoft Outlook DevelopmentMicrosoft Word
- $40 hourlyI'm a Security Consultant with 10+ years of experience in Cyber Security Professional Services Expertise in Vulnerability & Risk Assessments, Web & Mobile Application Security, Network Security/Penetration Testing with Kali Linux/Metasploit, Network Architecture Review, Configuration Review, Application Source Code Review, Infrastructure Security Audit and API Security Testing, Securing websites - checking websites for vulnerabilities and closing security issues, Installing SSL certificates and configuring sites to serve on HTTPS. 1. I am well versed with secure SDLC and security standards like OWASP Top 10, SANS Top 25, CWE, NIST, OSSTMM testing methodologies. 2. I have hands on experience in reviewing code developed in JAVA, DotNet, GWT, PHP and worked with technologies like Unix / Linux. 3. Fully Capable of performing manual security testing and capable of writing test cases by understanding the application business logic. Also has experience with web application vulnerability scanning tools - CheckMarx, HCL AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Community/Pro and remove any false positives through manual verification. 4. Reviewing application code against the secure coding baselines like - OWASP Secure Coding practices, MITRE CWE and CERT Standards. 5. Scanning a network and identifying vulnerabilities and exploiting them using Python and Ruby scripts, shell access using command/code injection. 6. Cloud Penetration Testing on AWS/Azure, exploiting S3 buckets and Active Directory Services. Cloud configuration review etc. Tools Web Application: HP Web Inspect, CheckMarx for Code reviews, Microfocus Fortify - Code review, HCL Appscan, Acunetix, Net Sparker, Burp suite (pro&community), Fiddler, Owasp Zap proxy, Paros proxy, W3af, echo mirage, Snallygaster, PenCrawler, Hackbox, Galileo, InfectionMonkey. Web Services: WSSAT 2.0, Astra, Postman, SoapUI, API Fuzzer. Network Assessment: Nmap, Nessus, Wireshark, Kali Linux, Metasploit, Crunch, Cain, tcpdump etc. Mobile application: Frida, Drozer, MobSF, Jadx, Jd-GUI, Santoku, AndroidTamer, Adhrit, Reverse APK. Rp++, Objection, Needle Framework, iFunbox, RastiCrac, Otool, Class-dump. Client satisfaction and quality of work are my top priorities. I'm a problem solver and I'm glad to help you with any task you have on your website. Regards, Sandeep TVulnerability AssessmentSecurity TestingInformation SecurityPenetration TestingKali LinuxWiresharkWebsite SecurityCryptographyMobile App TestingWeb App Penetration TestingNetwork Penetration TestingCode ReviewNetwork SecurityEncryption
- $60 hourly12 Years of experience in Wireless network, Network security, Information Security, Cyber Security, SOC. Implemented SOC solution using different vendor SIEM such as Sentinel, Fortisiem, logrythm. Document all activities during an incident and providing leadership with status updates during the life cycle of the incident. Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, SIEM, IPS, Data loss prevention etc.) to determine the correct remediation actions and escalation paths for each incident. Conducting security audits of the whole infrastructure and coordinating with different teams to fix the issues based on criticality. Creating playbooks, workbooks for the SOC environment and also help in creating MSB document for several security products. Expertise in wireless networks with different vendors such as Aruba, fortinet, sonicwall and worked on devices like Aruba Instant Access point, Aruba controller, fortiAP, Sonicpoint, Routing and switching, Wireless security. Administrating s veral firewall vendors such as ASA firewall, Dell SonicWALL UTM Appliance, Fortigate, Palo Alto and several other products such as FortiADC, FortiDDDOS, tipping point, trellix Fireye, arbor ddos, Akamai WAF, Zscaler Proxy, Symantec blue cost proxy, forcepoint DLP, Microsoft Azure, F5 FortiWeb, FortiAP, Penetration Testing and Vulnerability Assessment Techniques. • Experience in Vulnerability/Risk/Web Security assessment using Qualys Guard, Nessus.Vulnerability AssessmentFirewallNetwork AnalysisNetwork SecurityWeb Application FirewallCloud SecuritySecurity Information & Event ManagementSecurity AnalysisWireless CommunicationPalo Alto FirewallsFortinet TechnologiesSecurity Operation CenterAntivirus & Security SoftwareMalwarePenetration Testing
- $25 hourlyDo you suspect your system is hacked ? Do you think some malicious process is running on your host machine/computer? Do you think any schedule task is there which is leaking sensitive data from your system? Do you have doubts that your system is connected to C2C server where your system is acting as bot, which even degrades the performance of machine ? Do you see any random installation on startup or any process which was not executed by you ? Do you think any virus is there in your system, which is not getting detected by your antivirus from normal/deep scan ? If you answer is YES, for all the above questions, I CAN HELP YOU BRING BACK YOUR SYSTEM TO NORMAL STATE. I will acquire the image of your whole system, and will do deep Host analysis and memory analysis and find RCA(Root cause analysis), I will use OSINT, Human Intelligence, and Threat intelligence techniques which give more authenticity to work. If your system is infected, I suggest immediately contain your machine, So I can help you further eradicate the malware from your system, or if the execution is on the System level, than can suggest you for re-image of the machine based on analysis of the system. There can be many ways from which your system can be infected like: - Clicked on a Phishing Link. - Executed Malware unknowingly. - Clicked on a Spam/Marketing Link which redirected you to malicious link, and you are unaware of it. - Normal browsing activity, which redirected to malicious domain. There can be numerous ways, I can help you get rid of it and be your security consultant and train you, so can prevent you from clicking phishing/malware links. Below are my skills that can help you complete your project. 📌 Malware Analysis/Removal (Systems & websites and all types of CMS) 📌 Network Security/Wireless Security (testing, traffic analysis and monitoring) 📌 Ethical Hacking & Security Consulting 📌 Security Code Review, analysis and patching 📌 Vulnerability Assessment of Network Devices/Databases 📌 Red Team - Phishing Simulation. 📌 WordPress Security - Preventing your website from getting hacked. 📌 Recovery of Hacker Website 📌 Website/Mobile Penetration Testing. I can help you in auditing. 1 : Web application Security Audit 2 : Mobile application Security Audit 3 : API Endpoint Security Audit 4 : Database Security Audit 5 : Cloud Security Audit 6 : Infrastructure Security Audit 7 : Network Security Audit 8 : Thick Client 9 : Docker Penetrating If you have any query, please reach out to me so can discuss in detail. Thank YouVulnerability AssessmentPenetration TestingIncident ManagementPhishingCybersecurity ToolEmail SecuritySecurity AnalysisCyber Threat IntelligenceNetwork PlanningCybersecurity ManagementCybersecurity ManagementNetwork MonitoringAnalysisFirewallMalware
Want to browse more freelancers?Sign up
How hiring on Upwork works
1. Post a job (it’s free)
Tell us what you need. Provide as many details as possible, but don’t worry about getting it perfect.
2. Talent comes to you
Get qualified proposals within 24 hours, and meet the candidates you’re excited about. Hire as soon as you’re ready.
3. Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
4. Payment simplified
Receive invoices and make payments through Upwork. Only pay for work you authorize.