Talent badge filter
Skills filter
$15/hr
$62 earned
Start of list.
End of list.
"⭐⭐⭐⭐⭐" - Microsoft (Upwork Enterprise Client) 𝗜𝘀 𝘆𝗼𝘂𝗿 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝘁𝗿𝘂𝗹𝘆 𝘀𝗲𝗰𝘂𝗿𝗲, 𝗼𝗿 𝗮𝗿𝗲 𝘆𝗼𝘂 𝗵𝗼𝗽𝗶𝗻𝗴 𝗵𝗮𝗰𝗸𝗲𝗿𝘀 𝘄𝗼𝗻'𝘁 𝗳𝗶𝗻𝗱 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂𝗿 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿𝘀 𝗺𝗶𝘀𝘀𝗲𝗱? Most businesses discover security vulnerabilities the hard way—after a breach, data leak, or compliance failure that costs them customers, reputation, and revenue. I help you avoid that nightmare by identifying and fixing security weaknesses before they become headlines. I'm an Application Security Engineer who has worked for 2 Fortune 500 Companies, with hands-on expertise in web, mobile, and thick-client application security. Armed with industry-recognised certifications including Burp Suite Certified Practitioner (BSCP), Certified Ethical Hacker (CEH), and Certified Penetration Testing Specialist, I don't just run automated scans—I think like an attacker to uncover the vulnerabilities that tools miss. 🎯 What Makes Me Different Client-Focused Security: I don't overwhelm you with jargon. You'll get clear explanations of what's broken, why it matters to your business, and exactly how to fix it. Beyond Checkbox Security: Automated scanners catch maybe 30% of real vulnerabilities. I perform deep manual testing that combines technical expertise with creative thinking to find logic flaws, business logic vulnerabilities, and complex attack chains. You're Not Left Hanging: Every engagement includes remediation guidance and a free retest to verify your fixes actually work—because closing a ticket isn't the same as closing a vulnerability. 🔒 Services I Provide: Penetration Testing & Security Assessments - Web application penetration testing (OWASP Top 10 and beyond) - Mobile application security testing (Android & iOS) - Thick client application assessment - API security testing - Both manual and automated testing methodologies Source Code Security Review - Static code analysis to identify security flaws at the source - Secure code review before deployment - Identification of insecure coding patterns and logic vulnerabilities Vulnerability Assessment & Management - Comprehensive vulnerability scanning and analysis - Risk prioritization based on real business impact - Actionable remediation roadmaps Security Audits & Compliance Support - Security posture assessments - Pre-compliance security reviews - Gap analysis and security hardening recommendations 📋 What You'll Receive: ✅ Professional Penetration Testing Report – Detailed findings with step-by-step exploitation methods, CVSS scores, business impact analysis, and proof-of-concept evidence ✅ Clear Remediation Guidance – Specific, actionable fix recommendations your developers can implement immediately (no vague advice like "improve security") ✅ Executive Summary – Non-technical overview for stakeholders showing what matters to the business, not just what's technically interesting ✅ Free Vulnerability Retest – I verify your fixes actually solved the problem and didn't introduce new issues ✅ Pre & Post Engagement Calls – We'll discuss scope, methodology, testing windows, and any concerns before starting. After testing, I'll walk you through findings and answer all questions 🛡️ My Approach: Before Testing: I work with you to understand your business context, critical assets, and main concerns. A banking app and a social media platform have different threat models—your security testing should reflect that. During Testing: I combine automated tools (Burp Suite Professional, industry-standard scanners) with manual testing techniques to find vulnerabilities that require human intuition and creativity. After Testing: You don't just get a report and a goodbye. I'm available to clarify findings, guide your remediation efforts, and retest to confirm everything is actually fixed. 💡 Common Problems I Solve: "We're launching soon and need to know if our application is secure" "We failed a compliance audit and need to identify and fix security gaps" "Our previous security test was full of false positives and didn't help us" "We need to prove to clients/investors that our product is secure" "Our application handles sensitive data and we can't afford a breach" "We've been hacked before and need to prevent it from happening again" 🎖️ Certifications: Burp Suite Certified Practitioner (BSCP) Certified Ethical Hacker (CEH) Certified Penetration Testing Specialist Your application's security shouldn't be a gamble. Let's work together to identify your vulnerabilities before someone with bad intentions does. Ready to secure your application? Send me a message with details about your project, and I'll provide a free consultation to discuss your security needs.
Syed Zubair A.
$25/hr
96% Job Success
Available now
Start of list.
End of list.
Top Rated Plus QA Automation Engineer 100% Job Success, 12,000+ hours on Upwork. Trusted by PepsiCo, VistaJet, Bykea, CreditBook, and Bluefin across fintech, healthcare, and logistics. I build automation frameworks that catch critical defects before they reach production. On a recent project I reduced regression suite runtime by ~70%, so teams ship faster with fewer fire drills. 🎯 CORE SERVICES → QA Automation & Test Engineering - End-to-end automation for web, mobile, and API - Frameworks with Playwright, Selenium, Cypress, Appium - CI/CD integration with GitHub Actions, Jenkins, Azure DevOps → Performance & Load Testing - Load, stress, and synthetic monitoring with JMeter and BlazeMeter - Production API monitoring with token rotation and pipeline alerting → API Testing & Backend Validation - REST and GraphQL testing with Postman and REST Assured - Integration, contract, and authentication testing → Manual QA & Test Strategy - Test planning, strategy, and traceability matrices - Detailed test case design and defect reporting I also handle Security Testing & VAPT: OWASP Top 10 web and API assessments, penetration testing, risk-prioritized audit reports, and HIPAA, PCI-DSS, and GDPR compliance. Why clients keep rehiring me: ✅ 100% Job Success across 12,000+ logged hours ✅ Top Rated Plus top 3% of Upwork talent ✅ ISTQB Certified foundation in formal test design and process ✅ Enterprise-grade delivery for global fintech and healthcare teams ✅ Clear, proactive communication across US and EU time zones Tell me your stack and your biggest QA pain point, and I'll reply with a tailored testing approach and timeline.
Syed Zubair A. has worked .
Co-Ventech - Award Winning Software Company
Associated with
Co-Ventech - Award Winning Software Company
Bhashit P.
$25/hr
100% Job Success
$100K+ earned
Available now
Offers consultations
Start of list.
End of list.
TOP-Rated Plus Upwork Member. (Top 3%) We are a Cyber Security Consulting firm operated by former government and Fortune 500 hackers. Our team has been inside networks big and small, from electrical grids to water facilities. No network is too complex for us. We have expertise helping and securing SaaS organizations. Our Services: - Penetration Testing: - ISO27001 - SOC2 - GDPR - HIPAA - Phishing Engagements - External Assessments Why Choose Us? Unmatched Expertise: Our team comprises international banks, SaaS applications and Fortune 500 clients who bring unparalleled skills and insights to every project. With hands-on experience in securing some of the most complex networks in the world, we possess a deep understanding of the cyber threat landscape and the tactics used by attackers. Results-Focused: We are dedicated to delivering actionable results. Our assessments and tests are designed to provide you with clear, practical recommendations that can be implemented to enhance your security posture. Our focus is on ensuring that your network is not only secure but also resilient against evolving threats. Our Certifications: Our team holds industry-leading certifications that validate our expertise and commitment to excellence: CEH: Certified Ethical Hacking CRTO (Certified Red Team Operator): Demonstrates our proficiency in performing advanced red team operations to identify and exploit vulnerabilities. CRTL (Certified Red Team Leader): Reflects our ability to lead and manage complex red team engagements with custom and secure infrastructure. Not even EDR will inhibit our performance so that way we can provide even greater impact. OSCP (Offensive Security Certified Professional): Highlights our skill in conducting thorough penetration tests and developing creative solutions to security challenges. At Ownux Global, we cater to enterprise but also to the startups, web application developers, offering a professional yet relaxed approach to cyber security. Our mission is to safeguard your digital assets with the highest level of expertise and dedication, providing you with peace of mind in an increasingly digital world. Ready to secure your network? Let’s get started. Contact us today to discuss how we can help protect your business from cyber threats.
Bhashit P. has worked .
Ownux Infosec Pvt. Ltd
Associated with
Ownux Infosec Pvt. Ltd
John M.
$33.5/hr
100% Job Success
$20K+ earned
Offers consultations
Start of list.
End of list.
🔢 As an Upwork Top 1% Expert Vetted 👑 Certified Ethical Hacker and an Experienced Penetration Tester with 10+ years of experience Penetration Testing Web SaaS and Mobile based applications and networks, every flaw tells a story; I write the ending and specialize in helping my clients strengthen their cybersecurity defenses. An average Cybersecurity Incident in your business can you cost you anywhere between $120,000+ to $1.24+ million and even a 10%+ reduction in risk can save your business nearly $124,000+ and hiring a full time in-house team can cost you $100,000+ per employee per year. That is why you need an expert like me to protect your business and reduce your business risk. What makes me stand out from other freelancers is the fact that I am also a Cybersecurity Architect, capable of architecting solutions to enhance the security of your organisation and preserving the security and integrity of your data. I have always been passionate about solving technical problems for my clients through Penetration Testing and I don't rest till I get to the root of the problem and solve it. What I can offer? I can help you secure your business by providing the following services: ✅ Web Application Penetration Testing, ✅ Secure Source Code Analysis, ✅ Mobile Application Penetration Testing, ✅ Network Penetration Testing, ✅ Secure Architecture Review, ✅ API Security Testing,    ✅ Secure Configuration Review, ✅ Secure Code Review, ✅ CASA Assessment, ✅ Red Team Assessment, ✅ Threat Modelling, ✅ Phishing Simulations & Assessment. Why Choose Me? 🧑🏼‍💼 Client-Centric Approach: Your security is my top priority. I work closely with your team to understand your objectives and deliver tailored services that align with your business goals. Trust and transparency are the cornerstones of my practice, and I am committed to helping you navigate the complex landscape of cybersecurity with confidence and achieve compliance. 📐 Comprehensive Security Assessments: I conduct detailed SOC Type 2 / ISO compliant evaluations to identify vulnerabilities in your network, applications, and infrastructure. ✂️ Tailored Solutions: Every organization is unique. I customize my approach to meet your specific security needs and industry standards. 🎬 Actionable Recommendations: Post-assessment, I provide clear, concise, and practical remediation steps to address identified vulnerabilities. 🔁 Ongoing Support: Cybersecurity is an ongoing process. I offer continuous support and re-assessment to ensure your defenses remain robust against evolving threats 🌏 Holistic Approach: I don't just patch vulnerabilities; I architect comprehensive security solutions that align with business goals. My focus extends beyond the technical to encompass risk management and organizational resilience. 🗨️ Collaborative Communicator: I bridge the gap between technical jargon and business language, fostering understanding across teams. Effective communication is key to successful security implementation. 🏫 Continuous Learning: The threat landscape evolves, and so do I. Whether it's a new attack vector or an emerging technology, count me in. Learning is my superpower. 🙋‍♂️ Key Skills: ✔️ Penetration Testing & Vulnerability Assessment: I thrive on dissecting systems, identifying weaknesses, and recommending robust solutions. Armed with tools like Kali Linux, Metasploit, Nmap, and Wireshark, I delve into web applications, networks, and APIs. But here's the twist—I don't stop at discovery; I offer a free retest after remediation to ensure vulnerabilities stay sealed. ✔️ Network Security: I've designed and implemented secure network architectures, ensuring data confidentiality, integrity, and availability. Firewalls, intrusion detection systems, and VPNs—my toolkit covers it all. ✔️ Cloud Security: Proficient in securing cloud environments especially Amazon Web Services (AWS) & Oracle Cloud Infrastructure (OCI). I stress-test cloud deployments ensuring they withstand real-world attacks. ✔️ Secure Coding Practices: I advocate for secure coding principles using tools like SonarQube and collaborate with development teams to build resilient applications. Prevention beats cure, every time. ⛏️Tools I Use ☑️ Penetration Testing: Nmap, Metasploit, Burp Suite Professional, Wireshark, SQLmap, Kali Linux ☑️ Programming & Scripting Skills: Python, Bash, PowerShell, JavaScript, Java and C# ☑️ Security Frameworks & Standards: OWASP, NIST, CASA, CIA Triad, PCI-DSS 🫱🏽‍🫲🏽 Let's Connect: Ready to enhance your business/organization's security? Let's chat! Reach out to me here on Upwork, and let's build a safer digital future together. 🟢 Press '...' button and then ‘Send Message’ button in the top right-hand corner ✉️ 🚫 No hacking service - I do not provide any hacking services, and I will not engage in any activities that involve gaining unauthorized access to any accounts, systems, or social media platforms. Requests for such services will be declined.
John M. has worked .
$50/hr
96% Job Success
$30K+ earned
Start of list.
End of list.
● Performed Security Vulnerability Assessments of Web-Applications within the scope. ● Handled detailed write-ups for security vulnerabilities that exposed PII data. ● Performed ethical hacks to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications including Windows and Linux. ● Conducted complex analytical functions by performing security assessments and ethical hacks of high-risk sensitive applications that expose PII data, documented and reported security findings. ● Performed penetration tests against external networks, internal networks, web applications, mobile applications, social engineering, phishing, physical security, wireless networks to identify exploits and vulnerabilities. ● Had daily communication with team of cybersecurity activities with different projects. ● Creation of DevSecOps automation process. ● Cloud incident response and forensics methodology creation. ● Performed red team activities including social engineering and privilege escalation. ● Participated and managed which lead to successful passing certification ISO 27001, SOC2, GDPR. ● Conducted deep OSINT activities. ● Performed application penetration tests of client applications; performed reconnaissance, enumerated internet-facing client applications, identified vulnerabilities/misconfigurations, created reports based on findings, and delivered reports to clients. ● Performed social engineering tests; performed reconnaissance, designed campaign pretext, created phishing emails, created spoofed logon forms, created reports based on findings, and delivered reports to clients. ● Performed vulnerability assessments/remediation consulting; performed vulnerability scans, generated reports for scans, and advised on how to remediate vulnerability findings. ● Logged all activities into the incident management system. ● Ensured incidents were closed in a timely fashion with verification of customer satisfaction. ● Performed security evaluations, managed and regulated all user access to the company's network, and proactively participated in team meetings with IT managers. ● Conducted penetration tests of web, mobile, infrastructure. ● Understood common security standards and regulatory compliance requirements. ● Gave presentations for clients about the results of penetration tests. ● Executed test cases and verified bug fixes under minimum supervision. ● Experienced with analyzing the development of technical documentation, including test plans, executive briefs, and test reports. Responded immediately to security-related incidents and provided thorough remedial solutions and analysis.
Andrii B. has worked .
Lester O.
$120/hr
100% Job Success
$100K+ earned
Start of list.
End of list.
I am a Penetration Tester focusing on Cloud, Network, Web, and Mobile Apps. I have significant and well-diversified experience in multiple Cybersecurity domains, including: 1. Cloud Infrastructure: I help secure Cloud Infrastructure such as GCP AWS and Azure. 2.Penetration Testing and Vulnerability Assessment: I specialize in finding vulnerabilities in Web Applications, Mobile Applications, Networks, and Smart Contracts. 3. Bug Bounty Hunting: I find bugs for various companies on HackerOne - @l3s7r0z. I am constantly improving myself and getting better each day in the Cyber Security field. Lester Obbayi - @l3s7r0z
Lester O. has worked .
Hoang Nhan L.
$25/hr
100% Job Success
Available now
Start of list.
End of list.
✅ As a CREST/Offensive Security (OSCP) Certified Penetration Tester and Cyber Security Consultant, I have deep knowledge of Security Assessment Methodology to identify vulnerabilities in Network, API, Web, and Mobile Applications. ✅ I have conducted Penetration Test, Vulnerability Assessment and delivered professional reports to companies in the world complying with: ► CREST standards ► Offensive Security (OSCP) standards ► OWASP Top 10 Vulnerability ► OWASP API Security Top 10 Vulnerability ► OWASP Mobile Security Top 10 Vulnerability ► Application Security Verification Standard 4.0 (ASVS 4.0) ► CWE Top 25 Most Dangerous Software Errors ► ISO 27001 Penetration Testing ► Payment Card Industry Data Security Standard (PCI DSS) ► General Data Protection Regulation (GDPR) ► Common Vulnerability Scoring System (CVSS) ► Open Source Security Testing Methodology Manual (OSSTMM) ✅ I have some cybersecurity certifications including: ► CREST Registered Penetration Tester (CRT) ► CREST Practitioner Security Analyst (CPSA) ► Offensive Security Certified Professional (OSCP) ✅ The deliverable will be a professional Penetration Testing/Vulnerability Assessment report which includes: ► Executive Summary ► Assessment Methodology ► Type of Tests ► Risk Level Classifications ► Result Summary ► Table of Findings ► Detailed Findings. Each finding listed within the report will contain CVSS score, Issue Description, Proof of Concept, Remediation, and Reference sections. ► Tool List (Acunetix, Nessus, BurpSuite Professional, Nmap, Netsparker, Metasploit Framework, OpenVAS, Mimikatz, SQLmap, Nikto, Zaproxy, Gobuster, etc.) ✅ Please contact me if you have any question. ✅ Thank you and have a good day!
Hoang Nhan L. has worked .
Kunal N.
$20/hr
100% Job Success
$1K+ earned
Available now
Start of list.
End of list.
I help SaaS companies, and enterprises identify critical security vulnerabilities before they become costly breaches, compliance issues, or business disruptions. As an Application Security Consultant and Penetration Tester, I specialize in uncovering real-world security weaknesses across web applications, APIs, network infrastructure, cloud environments, and modern technology platforms. My goal is not only to identify vulnerabilities but also to help organizations understand their security risks, prioritize remediation efforts, and strengthen their overall security posture. I have worked on security assessments involving enterprise applications, banking platforms, healthcare systems, cloud infrastructures, and business-critical applications. My experience includes identifying authentication flaws, access control weaknesses, business logic vulnerabilities, network misconfigurations, cloud security gaps, API security issues, and attack paths that automated scanners frequently miss. Core Security Services • Web Application Penetration Testing (OWASP Top 10 & Business Logic Testing) • API Security Testing (REST & GraphQL) • Network & Infrastructure Security Testing • Cloud Security Assessments (AWS) • Red Team Operations & Adversary Simulation • AI / LLM Security Testing • Vulnerability Assessment & Risk Analysis • Security Architecture Review • Email Security Implementation (SPF, DKIM & DMARC) What You Can Expect • Comprehensive Manual Security Testing • Detailed Vulnerability Reports • Proof-of-Concept Validation • Risk-Based Prioritization • Clear Remediation Guidance • Remediation Validation & Retesting • Executive and Technical Reporting Tools & Technologies • Burp Suite Professional • Nmap • Metasploit Framework • Nessus • OWASP ZAP • Wireshark • SQLMap • AWS Security Tools • Kali Linux Long-Term Security Partnership Many organizations engage me beyond a single penetration test. I work with clients on recurring security assessments, monthly security reviews, remediation verification, secure development guidance, and continuous security improvement initiatives. Whether you need a one-time security assessment or a long-term security partner, I focus on delivering actionable security insights that help protect your applications, infrastructure, customers, and reputation. If you are looking for a security professional who can think like an attacker and provide practical, business-focused security recommendations, I would be happy to discuss your project.
Kunal N. has worked .
Mahesh K.
$22/hr
100% Job Success
$100K+ earned
Start of list.
End of list.
Hello, I am a Web Security Specialist with strong hands-on experience in penetration testing, vulnerability management, and web infrastructure security, focused on real-world attack scenarios and measurable business impact. I have extensive experience conducting penetration tests across organizational assets, performing in-depth vulnerability analysis and security assessments, and delivering results with an attacker mindset combined with consultant-level reporting. My goal is not just to identify issues, but to help you secure your systems effectively and sustainably. I can perform comprehensive security audits, implement industry-standard security controls, configure file and folder permissions, harden server and application settings, and apply best-practice security rules (including web server and access controls) to significantly reduce your attack surface. In addition, I bring 10+ years of experience working with hosting environments, including hands-on work with Linux servers and web infrastructure, with a strong emphasis on web security, incident response, and post-breach analysis, including: Malware identification and complete website cleanup Mobile Application Penetration Testing Investigation of compromised websites to determine attack vectors Identification of security weaknesses in web applications and hosting configurations Hardening of servers, CMS platforms, and web applications Resolving complex issues in shared, VPS, and dedicated hosting environments Securing websites and servers against future attack attempts Cloud-hosted environment security reviews I have successfully removed malware and secured environments hosted on platforms such as OVH, Bluehost, Cloudways, GoDaddy, HostGator, SiteGround, Hostinger, Namecheap, and other major hosting providers. I can help detect and remove malware, rootkits, viruses, spyware, and trojans from your website or server, while also addressing the root cause to prevent reinfection. Technical Expertise Web Application Penetration Testing (OWASP Top 10, authentication flaws, file upload vulnerabilities, RCE, LFI/RFI, SQL injection, XSS) API Security Testing Internal Active Directory and External Network Penetration Testing Red Team operations and attack simulations Linux servers, hosting infrastructure, and web technology stacks Clear technical and executive-level reporting with actionable remediation steps Security Services Offered: Web Application Security Testing Full server malware removal Backdoor detection and removal Hosting suspension issue resolution Blacklist removal (Google, browsers, security vendors) API Security Testing Penetration Testing Internal Active Directory & External Network Pentesting Vulnerability Assessment Thick Client Penetration Testing (Windows desktop applications) Fix Google Ads disapproval due to malicious software Security plugin or module installation & configuration Plugin and module updates (safe, compatibility-checked) Website error diagnosis and fixes SSL certificate installation and configuration SQL Injection & XSS prevention Long-term protection against reinfect Malware identification and removal Website and application cleanup after compromise Rootkit, virus, spyware, and trojan detection Post-breach investigation and forensic analysis Attack vector identification and root-cause analysis What You Can Expect: A practical, real-world security approach Clear communication and full transparency Evidence-based findings (Proof of Concept where applicable) Actionable recommendations, not generic advice If you are looking for someone who understands how attackers think, how websites actually get compromised, and how to fix and prevent these issues effectively, I would be glad to discuss your project. Best regards,
Esteplogic IT Solutions Pvt Ltd
Associated with
Esteplogic IT Solutions Pvt Ltd
$400K+
earned
Derek J.
$80/hr
100% Job Success
$9K+ earned
Available now
Start of list.
End of list.
🔒 Cybersecurity | Penetration Testing | Server Hardening | System Administration | Secure Web Development I am the owner of LTH Cybersecurity, and I help businesses secure their infrastructure and eliminate vulnerabilities before attackers find them. As a Top Rated cybersecurity specialist with real-world experience in pentesting, system administration, and web application security, I combine deep technical expertise with a practical, business-first approach to protection. 🧰 My Core Skills Penetration Testing & Vulnerability Assessment: OWASP-aligned testing for web apps, APIs, WordPress, and cloud environments. Server Administration & Hardening: Linux/Windows configuration, firewall setup, SSH lockdowns, patch management, and intrusion monitoring. Secure Web Development: Hardened backend logic, input validation, and security-by-design principles for Python (Flask/Django) and PHP applications. Automation & Scripting (Python): Custom scanners, log parsers, alert systems, and API integrations for security monitoring or compliance. Incident Response & Forensics: Log analysis, compromise detection, and recovery planning. ⚙️ Why Clients Hire Me I’ve helped organizations across Canada and the US identify and remediate high-risk vulnerabilities before they were exploited. I don’t just run tools — I explain the findings in clear language, deliver actionable recommendations, and help teams implement fixes. Every engagement ends with a professional report, mitigation plan, and optional retest. 🚀 Let’s Secure Your Environment Whether you need a penetration test, server audit, or custom security automation, I can help you strengthen your defenses and meet compliance goals. Send me a message — I’ll review your setup and outline a security plan that fits your scope and budget.
Derek J. has worked .