Talent badge filter
Skills filter
Select talent location
Select talent time zones
$12/hr
100%
Job Success
$300+ earned
Start of list.
End of list.
I'm a cybersecurity specialist focused on offensive security — finding real vulnerabilities before attackers do.
My work covers the full attack lifecycle: recon, exploitation, reporting. I think like a threat actor and document like a consultant.
🔒 Core Services:
• Web Application Penetration Testing (OWASP Top 10 + beyond)
• API Security Testing — auth flaws, BOLA, injection, rate limiting
• Security Audit of Websites, Admin Panels, CMS platforms
• Vulnerability Assessment & Risk Evaluation
• Red Team Recon — subdomains, DNS, tech stack, exposed assets
• OSINT Investigations — digital footprint, identity verification, breach data, corporate intelligence
• Manual Testing: Burp Suite, Nmap, FFUF, Nikto
• Automated Scanning: OWASP ZAP, Nuclei, WPScan
📄 Deliverables:
Clean, structured PDF reports with PoC evidence, risk severity ratings, and actionable fix recommendations — written for both technical teams and decision-makers.
I approach every engagement with a red team mindset: not just ticking boxes, but finding what automated scanners miss.
Available for one-time assessments or ongoing security collaboration.
Let's find what others overlook.
$10/hr
69%
Job Success
$1K+ earned
Start of list.
End of list.
With over 7years of hands-on experience in digital forensic , automation, penetration testing, and vulnerability assessments, I have conducted numerous security audits for clients ranging from startups to large enterprises. My work helps organizations strengthen their security posture by identifying vulnerabilities and providing actionable remediation advice.
What I Offer:
✅ Comprehensive Penetration Testing
Tailored manual testing of websites, applications, servers, and network infrastructures. I use a combination of enterprise-grade tools (e.g., BurpSuite Pro, Nessus, Nikto) and custom scripts to ensure thorough coverage.
✅ Detailed Reports & Proof-of-Concepts
My reports provide step-by-step explanations of vulnerabilities, including screenshots, requests, and CVSS risk scores, so you can clearly understand the security risks and their impact on your business.
✅ Expert Remediation Guidance
I offer advice on how to fix discovered issues, helping you mitigate risks effectively while ensuring compliance with standards like PCI-DSS, GDPR, and HIPAA.
✅ Asset Discovery & OSINT Reconnaissance
I help map your digital footprint and identify exposed assets. This includes subdomain enumeration, service discovery, and collecting sensitive data from breached sources across the web.
✅ Free Retests
After remediation, I provide a complimentary retest to ensure vulnerabilities have been correctly resolved.
Certifications:
✅ CEH (Certified Ethical Hacker)
✅ OSCP (Offensive Security Certified Professional)
If you're looking for an experienced professional to safeguard your business, I'm here to help.
Osarodion E.
has worked
.
$125/hr
100%
Job Success
$40K+ earned
Available now
Offers consultations
Start of list.
End of list.
"Top Rated Plus" cybersecurity consultant and published author with 25+ years of experience specializing in penetration testing. Clients hire me when they need senior-level testing that includes clear scoping, reporting that drives remediation, and efficient execution.
I’ve led red team and penetration testing work for Fortune 100 enterprises, government agencies, and startups. My assessments are designed to simulate realistic attacker behavior, prioritize what matters most, and produce results that are easy for technical teams to reproduce and fix.
Areas of expertise:
* Web application testing (OWASP Top 10, authentication/session flaws, access control, input validation, SSRF, IDOR, RCE)
* API testing (token/session handling, authorization boundaries, input validation, business logic, fuzzing where appropriate)
* Internal and external network testing (Windows, Linux, hybrid) with segmentation and control validation
* Active Directory testing (enumeration, privilege escalation simulation, attack path validation)
* AWS and Azure security reviews (misconfigurations, IAM privilege analysis, exposure discovery, logging and monitoring validation)
* Compliance-aligned testing and guidance (PCI DSS, HIPAA, CIS, NIST and more)
What you can expect:
* Strong communication, documented scope, and no surprises
* Findings prioritized by real-world impact, not just scanner output
* Executive summary plus actionable remediation steps your team can use immediately
* Optional live debrief and remediation testing
Certifications: CISSP, CCSP, ISSMP, AWS Security Specialty, AWS Solutions Architect, CCNP Security, and more. Published author of multiple penetration testing books and a frequent security conference speaker.
Thomas W.
has worked
.
$15/hr
100%
Job Success
$10K+ earned
Available now
Offers consultations
Start of list.
End of list.
⭐️ Top Rated Upwork Freelancer | Worked with Fortune 500 Companies
✅ 13+ years of experience
✅ 100% Job Success on Upwork
✅ 100+ projects delivered
✅ Automated Testing of (SaaS, FinTech, EdTech, e-com, CRM) based Business models
✅ Experience in Web, Mobile, Rest Assured API Manual and Automated Testing
✅ Experience in CI/CD Pipelines
✅ Expert Web Scraper
As a Top Rated Full Stack SQA Engineer with over 13 years of experience, I've collaborated with Fortune 500 companies, specializing in Selenium, Cypress, Playwright, Rspec, Capybara, PhantomJs, Codeception, Cucumber, Jenkins, CircleCI, Continuous Integration, and Docker.
I have confidently written automation test cases in various languages, performed continuous integration, and deployed code on AWS. My expertise spans standalone and Rest Assured API Automated Testing. Whether it's cutting-edge technologies or tailored project needs, I have the skills and knowledge to deliver.
Additionally, as a Top Rated Web Scraping Expert, with over 11 years of web scraping experience using Scrapy, Selenium, and Beautiful Soup, I have successfully completed numerous projects that involve complex web crawling and data extraction. This expertise has allowed me to gather valuable insights and data for clients, enhancing their decision-making processes.
In the last decade, I have worked with many Fortune 500 companies and big brands such as Deutsche Bank, Bunge, Brookfield, Macy's, and Blender, as well as innovative startups like Stripe, SpaceX, Zameen, Bykea, i2C, Backcountry, and Science37. My work has consistently reduced the time and resources required for software development, with several projects, including those for Science37 and Burge Blender, doubling their revenue.
Whether you seek expertise in Manual SQA, developing an Automation framework, or advanced web scraping, I am a dedicated and skilled development partner ready to bring your project to life.
Let's connect to discuss how I can help you achieve your goals.
Ans J.
has worked
.
$15/hr
100%
Job Success
$50K+ earned
Offers consultations
Start of list.
End of list.
Hello! I'm a QA Engineer from Ukraine with 20 years of experience in IT and 10 years specifically in QA and QA Team Leadership. My primary focus is manual testing, and I bring deep technical insight, attention to detail, and clear communication to every project.
🔍 Core QA Skills:
Manual Testing of web, desktop, and mobile apps
UI/UX Testing & usability evaluation
API Testing using Postman
Cross-platform testing with real devices and BrowserStack
Game Testing for desktop & mobile (Windows, macOS, Android,iOS)
Basic Security Testing using Kali Linux, Arachni, OWASP ZAP, Nessus, and OSINT tools
Development of test plans, test cases, checklists and bug reports
💡 Tools & Technologies I work with:
QA Tools: TestRail, Testlink, Zeplin, Figma, Swagger
Dev Tools: HTML/CSS, ADB, Xcode, Android Studio, WordPress
Payment systems: Stripe, CurrencyCloud, Thredd
Bug Trackers: JIRA, Asana, Redmine, YouTrack, Trello, Pivotal Tracker, Basecamp, Airtable, Wrike, Linear
👥 Leadership & Mentorship:
As a QA Lead, I mentor junior QA engineers, manage test cycles, and control QA team processes to ensure efficient and scalable testing.
🎮 Specialization in Game Testing:
I have extensive experience testing games across platforms, ensuring not only functionality but smooth performance and player experience.
💼 Industries I've worked in:
Outsourcing
Game Development Studios
Fintech Startups
Event and Entertainment Platforms
✅ I combine technical depth, team leadership, and high responsibility. I am always focused on bug-free releases, efficient communication, and client satisfaction.
Let’s ensure your users experience a polished, reliable product — I’d be happy to help!
Volodymyr V.
has worked
.
$20/hr
100%
Job Success
$20K+ earned
Available now
Start of list.
End of list.
🏅TOP RATED🏅
🔰 Feedback from clients:
"I hired Abir for a 3rd time for further security issues. Abir is great to work with. Very knowledgeable with all security measures and fixes, quick to communicate, and always completes jobs successfully. I will continue to hire Abir for future security work."
"Abir is very knowledgeable in his work and is a great communicator. He assisted me on every step."
"Abir fulfilled all our needs in IT, we are going to hire him for the future, we recommend his professionalism, skills, and availability. We are very happy with his services. Thank you Abir for your help !"
"Abir is amazing! Our site was attacked by malware and we panicked but we soon published a job on Upwork and found Abir who offered to help us out. It was already past midnight his time but he spent almost 3 hours until everything was sorted out, and he was very professional and quick in his work. He also gave us advice on how to improve our website's security. Highly recommended!"
🔰 My services:
✅ Website/Web Application Penetration Testing
✅ WordPress Malware Removal
✅ WordPress Website Customizations (I can customize anything)
✅ WordPress Critical Error Fixations.
🔰 About me:
I help many small, medium, and large (organization) level Website/Web Applications to secure their system from hackers.
I love to support large organizational-level Web Applications to grow their business without any worries about being hacked. I provide a high-quality penetration testing service to prevent malicious parties from gaining unauthorized access.
I also provide WordPress malware removal services. I have 6 years of experience in WordPress malware removal
My past cyber security career focused on finding common and rare vulnerabilities in Websites/Web Applications. I've been awarded a cyber security expert certificate from the #1 hacker community of Bangladesh(Cyber71).
As a penetration tester and a freelancer, I've performed comprehensive security audits at a large organizational level Web Applications. And gained their trust for their private future projects.
Please contact me on the Upwork chatbox for future discussion. Always looking forward to new projects.
🔰 Why you should hire me?
✅ 24/7 Support
✅ Extremely Trusted
✅ Extremely Talented and experienced
✅ 100% Satisfaction
✅ 100% Genuine Quality Service.
Abir D.
has worked
.
United States
$40/hr
100%
Job Success
$5K+ earned
Offers consultations
Start of list.
End of list.
Hi I am Daniel Hayes a experienced penetration tester specializing in red teaming, with a strong focus on adversary emulation. I have been ethically hacking for over five years and working as a cybersecurity consultant for three. I have successfully breached multi-million and billion-dollar organizations worldwide. As a former penetration tester for one of the top seven professional services firms globally, I have extensive experience working with different organizations from various industries to ensure their cybersecurity needs are met.
Services I Perform (But not limited to)
- Web Application Penetration Testing (Black Box / White Box)
- External Penetration Testing (Black Box / White Box)
- Internal Penetration Testing (Black Box / White Box)
- Red Teaming / Adversary Simulation
- Compliance and Regularly Frameworks (NIST, SOC2, HIPAA, Etc)
I look forward to helping you keep your organization safe from any threat!
Daniel H.
has worked
.
Associated with
Null Signal
$900
earned
$65/hr
100%
Job Success
$5K+ earned
Offers consultations
Start of list.
End of list.
I'm a USA based consultant with 10+ years experience in penetration testing. I’ve led and executed over 500 assessments across diverse environments—web applications, internal/external networks, red/purple teams, cloud infrastructures, social engineering, mobile platforms, and even physical security.
I’ve had the privilege of consulting for some of the biggest Fortune 500 companies, including PayPal, Berkshire Hathaway, TikTok, Meta, Tesla, Saudi Aramco, and more, delivering actionable insights to strengthen their security postures.
Additionally, I spent over 9 months working alongside leading financial and social media companies, optimizing and expanding network infrastructures with 100,000+ devices, ensuring streamlined and secure operations at scale.
Whether you're a small business or an enterprise, I bring proven expertise to identify vulnerabilities, mitigate risks, and secure what matters most. Let’s build a stronger, more resilient security framework together!
🔢 My stats are:
✅ Saved tens of thousands of dollars for Forbes 500 clients by identifying critical vulnerabilities
✅ Professional certifications (OSCP, GCPN,Security+)
✅ Top 10 in HackTheBox Team Global Rank
✅ Won 2022 DEF CON 30 CTF Competition
✅ Supporting all time zones
✅ Long-term engagements
✅ USA based
✅ Active LLC
✅ Active Liability insurance
🔢Core Competencies:
1. Network Penetration Testing
2. Web Application Penetration Testing
3. Social Engineering (Phishing, Vishing)
4. Cloud (Azure/AWS ) Penetration Testing
5. Security Training
6. Defensive Solution Configurations/Reviews (Security Engineering)
7. Malware Analysis
8. Cyber Risk Analysis
9. API Penetration Testing
10. Mobile Penetration Testing
11. External Network Penetration Testing
12. Vulnerability Assessment Testing
✅I love finding vulnerabilities. Whether those vulnerabilities exist in your firewall configuration, your employee training, or under your security fence, I will identify, triage, and alert you of threats before an attacker turns them into the next front page news story.
🔢Working with me, you will:
✅ Customized approach: I understand that every client's needs are unique, and I tailor my approach to meet your specific requirements. This ensures that you get the most comprehensive and effective security testing possible.
✅ Timely delivery: I understand that time is of the essence when it comes to security testing, and I always deliver my reports on time, without compromising on quality.
✅ Complete manual testing for your application and immediate notification if any high-impact issues are found.
✅ Unlimited retesting for the fixed issues and unlimited revisions
✅ Able to find critical bug classes that are often missed by automated pentests.
🔢NOTE: If you want to see my past reports I have done with previous clients know that reports contains sensitive information, NDA is signed for most of them especially from Gov & Forbes 500 clients. Disclosing information like that is breach of client privacy. However, I can share sample report with sensitive information hidden.
Skills:
Penetration Testing: Extensive experience conducting penetration tests, red team exercises, and purple team engagements across various platforms, including but not limited to, web applications, APIs, wireless, physical, network infrastructure, cloud environments (AWS & Azure), and other devices.
Security Tools: Proficient in utilizing a wide range of security tools such as Burp Suite, Metasploit, C2 frameworks, Mythic, Sliver, bloodhound, etc. for penetration tests and red team operations.
Defensive and Monitoring Technologies: Familiarity with defensive and monitoring technologies, including Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Web Application Firewalls (WAF), and Security Information and Event Management (SIEM) solutions.
Programming and Scripting: Proficient in scripting languages such as Python and Bash. Skilled in modifying and executing exploits and proof-of-concepts (POCs) to evade defensive countermeasures and emulate threat actor tactics, techniques, and procedures (TTPs).
Cybersecurity Compliance: Familiar with security compliance requirements and industry standards, including MITRE ATT&CK, Cyber Kill Chain, HIPAA, NIST Cybersecurity Framework, and OWASP.
Communication and Collaboration: Excellent communication and reporting skills to effectively communicate technical issues to both technical and non-technical stakeholders. Proven ability to work independently and collaboratively in a team environment.
Ameen K.
has worked
.
$12/hr
100%
Job Success
Offers consultations
Start of list.
End of list.
✅Malware removal from ⦿ Wordpress ⦿ Shopify ⦿ PrestaShop ⦿ Wix ⦿ Magento ⦿ Squarespace ⦿ PHP
✅WordPress Design: ⦿ Wordpress Expert ⦿ Wordpress Designer ⦿ Wordpress Elementor Pro
⦿ Website Optimizaton ⦿ CMS ⦿ Shopify ⦿ Customer Wordpress Website ⦿ Ecommerce ⦿ Divi Theme ⦿ Premium Plugins
✅Fix Google Ads Disapproved for Malicious Software ✅Penetration testing and Vulnerability Assessment. ✅Cloudflare Setup and DDoS Security. ✅ Wordpress Migration
I'm a full-time freelancer as a Cyber Security Specialist, Malware Analyst, and Penetration Tester. I can remove malware, delete viruses, do penetration tests, do vulnerability assessments, and remove malicious (Plugins, Themes, and Software). remove the Google warning from your website.
I've 5 years of experience as a website security specialist in Ignite tech solutions. Also, I'm a freelancer on Fiverr and Upwork. I've got a level two badge on Fiverr.
✅Service I will provide:
0) Penetration testing and Vulnerability Assessment.
1) WordPress Malware Removal and Security.
2) Shopify Malware Removal and Security.
3) Cloudflare Setup and DDoS Security.
4) Website Backup and Migration from old host/server/domain to new host/server/domain.
5) Google Ads Disapproved for malicious software.
✅Wordpress service:
⦿Remove Malware.
⦿Penetration Testing / Vulnerability Testing
⦿Wordpress Malware removal.
⦿Website Security.
⦿Clean Server / Server Maintenence / cPanel / WHM Panel
⦿Delete Virus / Virus Removal
⦿Remove Google blacklist/ Red screen.
⦿Remove Japanese or Chinese search results.
⦿Security patch installation
⦿Remove malware
⦿Fix the hosting site suspended
⦿Delete junk or virus script
⦿Add SSL Certificate / Setup Cloudflare
⦿Database error / Remove malware from the database
⦿Fix emails problem / Emails not coming
⦿Spam emails coming / Unwanted emails coming
⦿Critical and Fatal Error
⦿Remove the PHP backdoor
⦿Blacklist Removal, McAfee blacklist
⦿WordPress version update
⦿Install Cloudflare SSL
⦿Fix Login Issue / Broken dashboard
⦿Remove website redirect URL / Fix redirecting issues
⦿Internal 404 or 505 Error
⦿Remove the PHP shell
⦿Unwanted / Bulk email coming
⦿White/Empty Screen
⦿Error Establishing Database Connection
⦿Theme/Plugin Broken
⦿Improve website security
⦿Corrupt .htaccess file
⦿Solve PHP memory limit
⦿Core files issues
⦿Upload size problem
⦿Forgot Username/password
✅Backup and Migration Service:
I will backup WordPress sites, duplicate, clone, copy, host migration, WordPress migration, Transfer, move websites, and domain migration any WordPress website for personal and business.
⦿Database Backup and Transfer
⦿Change primary addon domain/domain/subdomain
⦿Move WP from root domain/subdomain/addon domain to main
⦿Old host to another new host
⦿Clone and duplicate the WordPress website
⦿Update WordPress version/theme/plugin
✅Penetration Test and Vulnerability Service:
I will perform penetration and vulnerability tests with the VAPT report
⦿According to a security report, about 90% of websites are vulnerable to malicious attacks.
⦿A website is an essential part of your Business. The thing is how secure is your website?
⦿I will perform an advanced deep scan and penetration testing on your web application with a professional report which includes all vulnerabilities.
⦿Let me help you in making your website secure against hackers:
⦿Vulnerability Checklist:
⦿ Web attack vulnerabilities.[Input Validation, Code Execution, Bypass Authentication, SQL Injection, CSRF, LFI, Cross-site Scripting, Uploader Issues, Remote Code Execution, Buffer Overflow, Session Hijacking]
⦿ Information Gathering [Server Info, Open Port]
⦿ Authorization Testing [HTTP Header]
⦿ Data Validation Testing [XSS]
⦿ Denial of Service Testing [DDos Test]
⦿ Security Testing
✅Cloudflare service:
⦿Fix A Record, CNAME Record
⦿Fix NS, MX record
⦿Cloudflare setup
⦿Email Routing
⦿Configure Emails
⦿Add SSL
⦿Cloudflare SSL
⦿Cloudflare error fix
⦿Free SSL
⦿DDOS protection from Hackers
⦿setup DNS
⦿Website Security
⦿Enable green padlock
⦿Improve Website speed
⦿Setup firewall
Errors I will fix:
Mail Delivery Issue
500 internal server error
502 bad gateway or error 504 gateway timeout
503 service is temporarily unavailable
520: web server returns an unknown error
521 web server is down
522: connection timed out
524: a timeout occurred
525: SSL handshake failed
526: invalid SSL certificate
Cloudflare Benefits:
⦿Minification
⦿HTTP/2 Protocol
⦿DNS Security
⦿Cloud WAF
⦿Image Optimization
⦿Browser Caching
⦿WebSockets
⦿Load Balancing
⦿Optimized Network Routing
✅I can work with any CMS like:
⦿Magento, OpenCart, Drupal, Joomla, Prestashop, WordPress, SHOPIFY, LARAVEL, SQUARESPACE, WIX, WOOCOMMERCE, BigCommerce, Blogger, Hubspot CMS, Typo3, Weebly, Webflow, CMS Hub.
✅Why Me:
⦿I will provide a Professional Report
⦿Give you technical support
⦿Quality Work
Md N.
has worked
.
$22/hr
Available now
Start of list.
End of list.
Most security reports end up in a drawer. Mine don't — because your developers can actually read them, understand what's broken, and fix it.
I'm a penetration tester and OSCP-certified ethical hacker. I've been hunting real vulnerabilities since 2018, first through bug bounty programs on HackerOne and Bugcrowd, and later testing web apps, APIs, mobile apps, and networks across the financial and healthcare sectors. What I care about is the same thing your future attacker cares about: the flaw a scanner skips right past.
That's the difference between what I do and an automated tool. Scanners are great at noise. I'm here for the findings that actually matter — the ones an attacker could chain together into a breach — and I show you exactly how, step by step.
Here's what working with me looks like:
🔍 Penetration Testing
Manual, hands-on testing of web apps, APIs, mobile apps, servers, and internal/external networks. I use Burp Suite Pro, Nessus, and custom scripts I've built over years of engagements — but the real work is manual exploitation, not clicking "scan."
📑 Reports You Can Act On
Every finding comes with clear reproduction steps, full request/response data, annotated proof-of-concept screenshots, CVSS ratings, and a plain-English explanation of what it means for your business. No 200-page scanner dumps.
🛠️ Remediation Guidance
Practical fixes explained so both your engineers and your decision-makers can follow them. You'll know what to fix, why, and in what order.
🔁 Free Retest
After you've patched, I re-test at no extra cost to confirm the fixes hold and no new paths opened up.
🌐 Asset Discovery & OSINT
I map your real attack surface — subdomains, exposed services, public-facing assets — and surface what attackers may already know about you, from leaked credentials to exposed data.
🤝 Straight-Talking Consulting
First time commissioning a pentest? I'll help you scope it properly, pick the right approach (black-box, grey-box, or white-box), and walk you through the whole process.
If you're protecting customer data, prepping for a compliance or vendor security review, or you just want to know where you actually stand before someone less friendly finds out — send me a message with a bit about your project. I'll tell you honestly whether and how I can help.
Hassan S.
has worked
.