Information Security Projects on Upwork

Information Security Consultant

Overview
We are a rapidly growing global AI, SAP, and IT consulting organization serving enterprise clients across multiple industries.
As we continue to scale, we are seeking an experienced Information Security Consultant / Virtual CISO to assess our current security posture, identify risks, and help establish practical, scalable security controls that protect our intellectual property, client data, cloud infrastructure, and delivery operations.
This is a strategic advisory engagement focused on security governance, risk reduction, and operational security best practices.
The ideal candidate will combine technical security expertise with practical business judgment and experience working with consulting, technology, SaaS, software development, or managed services organizations.

Engagement Type
• Part-Time Consultant
• Fractional Virtual CISO (vCISO)
• Remote
• Initial project engagement with potential ongoing advisory retainer

Objectives
The consultant will help strengthen our organization’s security posture across:
• Employee security controls
• Intellectual property protection
• Source code protection
• Data Loss Prevention (DLP)
• Cloud security
• Client data protection
• Security governance
• Backup and disaster recovery
• Incident response readiness
• Security awareness and compliance

Key Responsibilities
Security Assessment & Risk Review
• Perform a comprehensive security assessment.
• Identify security gaps, vulnerabilities, and operational risks.
• Develop a prioritized remediation roadmap.
• Assess current security maturity and governance practices.
Data Loss Prevention (DLP)
Review and recommend controls related to:
• Source code protection
• Unauthorized file transfers
• External storage devices
• Personal cloud storage usage
• Data exfiltration risks
• AI platform usage (ChatGPT, Copilot, Claude, Gemini, etc.)
• Customer data handling controls
• Email and document sharing practices
Source Code & Intellectual Property Protection
• Review GitHub/GitLab security controls.
• Assess repository permissions and access management.
• Recommend controls to prevent unauthorized downloads or code leakage.
• Review developer access governance.
• Establish secure development and code protection standards.
Cloud Security
Review security posture across:
• AWS
• Azure
• Google Cloud
• SaaS Platforms
Areas of focus:
• Identity and Access Management
• MFA enforcement
• Privileged Access Controls
• Security Monitoring
• Logging and Auditing
• Encryption Standards
• Backup Protection
• Security Configuration Management
Backup, Recovery & Business Continuity
Assess and recommend improvements for:
• Backup architecture
• Disaster recovery readiness
• Ransomware resilience
• Backup encryption
• Backup access controls
• Recovery testing procedures
• Recovery Point Objectives (RPO)
• Recovery Time Objectives (RTO)
Employee Security Controls
Review and recommend controls for:
• Onboarding and offboarding
• Device management
• Remote work security
• Access management
• Password policies
• Security awareness training
• Contractor and vendor access
Security Governance
Develop recommendations and frameworks for:
• Information Security Policy
• Data Protection Policy
• Access Control Policy
• Password Policy
• Remote Work Policy
• Incident Response Plan
• Vendor Security Policy
• Business Continuity Plan
• Acceptable Use Policy
• Secure Development Policy
• AI Usage Policy

Deliverables
The consultant should be able to provide:
Phase 1 – Assessment
• Security Risk Assessment Report
• Security Gap Analysis
• Risk Register
• Top Security Risks Summary
• Prioritized Remediation Roadmap
Phase 2 – Security Framework
• Data Loss Prevention (DLP) Strategy
• Source Code Protection Framework
• Cloud Security Recommendations
• Backup & Recovery Review
• Security Policy Framework
• AI Usage & Data Protection Guidelines
Phase 3 – Governance
• Executive Security Dashboard
• Security Governance Model
• Security Metrics & Reporting Framework
• Ongoing Advisory Recommendations

Preferred Experience
We are seeking professionals with experience in one or more of the following:
• Virtual CISO Services
• Information Security Consulting
• Cybersecurity Governance
• Technology Risk Management
• Cloud Security
• Secure Software Development
• Data Protection & Privacy
• IT Security Audits
• Security Program Development
Experience with any of the following is highly desirable:
• ISO 27001
• SOC 2
• NIST Cybersecurity Framework
• CIS Controls
• OWASP
• Cloud Security Best Practices

Ideal Candidate
• Strong security architecture and governance background.
• Experience working with software, SaaS, consulting, or technology organizations.
• Practical and business-focused approach to security.
• Strong communication and stakeholder management skills.
• Ability to balance security requirements with operational realities.
• Experience building security programs from the ground up.
• Comfortable working directly with executive leadership.

Success Criteria
Within the initial engagement, the consultant should help us:
• Identify and prioritize key security risks.
• Establish practical security governance.
• Improve protection of source code and intellectual property.
• Strengthen cloud and infrastructure security.
• Develop DLP and insider-threat controls.
• Improve backup and recovery readiness.
• Create scalable security policies and standards.
• Prepare the organization for future enterprise customer security reviews and audits.

Proposal Requirements
Please include:
1. Relevant experience and certifications.
2. Examples of similar engagements.
3. Security frameworks and methodologies you have implemented.
4. Estimated availability (hours per month).
5. Approach for conducting the assessment and delivering recommendations.
6. Sample deliverables (redacted if necessary).
We are looking for a practical advisor who can help build a security-first culture while supporting the growth of a modern global technology consulting organization.

Hi I’m given a task to pentest on a local company. I did find the Sql injection bug which I’ll share but I can’t take it to further steps. I need someone help on this

We are preparing our SaaS platform for ISO/IEC 27001:2022 certification and need an experienced consultant to help us assess readiness, define scope, identify gaps, and create an implementation roadmap.

Must have:
- ISO/IEC 27001:2022 implementation experience
- SaaS/cloud/security experience
- Experience with risk registers, Statement of Applicability, policies, internal audit prep
- Familiarity with Vanta, Drata, or Secureframe preferred
- References from companies that successfully achieved certification

Initial deliverable:
- Scope recommendation
- Gap assessment
- Prioritized remediation plan
- Estimated timeline and budget to reach certification readiness

Cyber Threat Intelligence & OSINT Analyst

Position Overview

We are seeking a highly motivated Cyber Threat Intelligence & OSINT Analyst to conduct cybersecurity research, threat intelligence gathering, dark web monitoring, and investigative analysis.

This role is ideal for someone who enjoys digging deep into information, connecting dots, validating claims, researching cyber threats, and producing actionable intelligence reports. The position focuses heavily on research, analysis, and investigation rather than traditional helpdesk or IT support functions.

The ideal candidate will have experience with cyber threat intelligence, open-source intelligence (OSINT), dark web investigations, ransomware tracking, breach research, and security risk analysis.

Key Responsibilities

Cyber Threat Intelligence

* Research emerging cybersecurity threats and trends
* Monitor ransomware groups and threat actor activity
* Track cyber incidents affecting businesses and organizations
* Analyze publicly reported breaches and cybersecurity events
* Monitor threat intelligence sources for relevant developments
* Produce intelligence reports and risk assessments

Dark Web Monitoring & Investigation

* Conduct dark web monitoring and intelligence gathering
* Research potential data exposure incidents
* Investigate leaked credentials and compromised information
* Validate claims made by threat actors
* Identify indicators of compromise and potential security risks
* Monitor forums, marketplaces, and other intelligence sources

OSINT & Research

* Perform advanced open-source intelligence investigations
* Analyze domains, IP addresses, email addresses, and online infrastructure
* Research individuals, organizations, and digital footprints
* Correlate information from multiple sources to identify patterns and risks
* Verify the accuracy and legitimacy of publicly available information

Security Auditing & Analysis

* Conduct security posture reviews
* Assist with vulnerability research and risk identification
* Evaluate cybersecurity controls and best practices
* Identify potential security gaps and exposure points
* Develop recommendations based on findings

Reporting & Documentation

* Create detailed investigative reports
* Prepare executive summaries
* Document research findings and evidence
* Present intelligence in a clear and actionable format
* Maintain organized records of investigations and findings

Required Skills

* Strong research and analytical abilities
* Excellent written communication skills
* Ability to think critically and independently
* Strong attention to detail
* Experience identifying patterns and connecting information from multiple sources
* Ability to work with sensitive information discreetly and professionally

Preferred Experience

Experience in one or more of the following areas:

* Cyber Threat Intelligence
* Open Source Intelligence (OSINT)
* Dark Web Monitoring
* Digital Investigations
* Incident Response
* Ransomware Analysis
* Digital Forensics
* Cybersecurity Research
* Risk Analysis
* Vulnerability Research

Preferred Certifications (Not Required)

* Security+
* CySA+
* CISSP
* CEH
* GCTI
* GCFA
* GSEC
* OSINT-related certifications

Compensation

Compensation is based on experience, qualifications, and demonstrated expertise.

Employment Type

* Full-Time
* Part-Time
* Contract
* Remote

To Apply

Please provide:

* Resume
* Relevant certifications (if applicable)
* Examples of research, intelligence reports, investigations, or analytical work
* Brief summary of your experience in cybersecurity, OSINT, threat intelligence, or investigative research
* Desired compensation range

We are looking for someone who is naturally curious, highly analytical, and enjoys uncovering information that others overlook.

my university student portal was hacked and i have been logged out of the system, are you able to help retrieve my account

Bakery Growth & Operations Specialist
New recipe's
New product development
Costing Templates & SOPs
Software update with recipes and ingredients

We are seeking an experienced developer to create a mobile app for managing security guards. The app should allow guards to check in and out of locations, log incidents, and communicate with the management team. It must be user-friendly and efficient, ensuring seamless operations. The ideal candidate will have experience in developing similar applications and a strong understanding of security protocols.

• Have you previously developed a security guard management, workforce management, or field service application? If yes please share references.
• How many years of mobile app development experience do you have?
• Have you implemented the following features? * GPS Tracking * Guard Check-in / Check-out * Incident Reporting * Attendance Management * Shift Scheduling * Emergency SOS Button * Offline Mode * Digital Signatures * Document Upload

It is a mixed position to help us understand the risks, assess privacy and vulnerability of digital and cyber access.
For the most, in the world of AI we are trying to protect the data, access and understand if we need more layers of protection overall.
Ideal candidate is present in Metro Manila and has good understanding of Cyber Security and building a strong methods to establish security and protect data leaks.

We are seeking an experienced VAPT expert to join our team on a long-term basis. The ideal candidate will have a strong background in vulnerability assessment and penetration testing, ensuring the security and integrity of our systems. Responsibilities include conducting regular security audits, identifying vulnerabilities, and implementing measures to prevent potential threats. The role requires ongoing support to maintain and enhance our security posture.

Scope of Work – ISO 27001:2022 Implementation & Certification Support

We have all policy documents ready. This has to be reviewed and corrected as required. We need evidence documents for the ISO internal audit and then we will engage TUV for final ISO certifications.

We are seeking an experienced ISO 27001:2022 consultant to assist our organization in achieving ISO 27001 certification. The selected consultant will be responsible for the following:

Key Responsibilities
Perform a comprehensive ISO 27001:2022 Gap Analysis to assess current information security practices and identify areas requiring improvement.
Define the Information Security Management System (ISMS) scope and determine applicable Annex A controls.
Develop, review, and enhance ISMS documentation, including:
Information Security Policies
Procedures and Work Instructions
Templates and Forms
Statement of Applicability (SoA)
Risk Management Documentation
Other mandatory ISO 27001 documents and records
Conduct information security risk assessments and prepare a Risk Treatment Plan aligned with ISO 27001 requirements.
Provide practical guidance and recommendations for implementing selected security controls.
Support the organization throughout the certification process, including:
Stage 1 Audit Preparation and Support
Stage 2 Audit Preparation and Support
Responding to auditor questions and clarifying ISMS documentation
Conduct one complete Internal Audit prior to certification.
Facilitate a Management Review Meeting (MRM) and provide the required documentation and recommendations before the certification audit.
Deliverables
ISO 27001:2022 Gap Analysis Report
ISMS Scope Definition
Statement of Applicability (SoA)
Risk Assessment and Risk Treatment Plan
Complete ISMS Documentation Set
Internal Audit Report
Management Review Meeting Documentation
Audit Readiness Support for Stage 1 and Stage 2 Certification Audits
Preferred Qualifications
Proven experience implementing and certifying organizations against ISO 27001:2022
Experience conducting internal audits and risk assessments
Strong knowledge of Annex A controls and ISMS documentation requirements
Lead Implementer and/or Lead Auditor certification preferred

I'm looking to develop a security assessment and mitigation plan for the bugs and security threats already identified, or new, wrt, these sites.

We are seeking a skilled freelancer to conduct a security penetration test on our system. The ideal candidate will have experience in identifying vulnerabilities and providing actionable insights to enhance our security posture. The project involves testing our system's defenses against various types of attacks to ensure its integrity and security.

We are a fast-growing technology advisory firm that helps mid-sized companies evaluate and select the best IT vendors for projects like:

• Cloud infrastructure
• Backup & disaster recovery
• Cybersecurity
• Network / SD-WAN
• VoIP / UCaaS
• Data center / colocation

We do not deliver the services ourselves. We act as the client’s technical advisor and procurement concierge, helping them understand their requirements and selecting the best vendors.

We are looking for a Solutions Architect / Technical Consultant who can lead technical discovery with clients.

Your role will be to run requirements calls, diagnose technical needs, and translate those requirements into clear vendor specifications.

This is not a support role and not an MSP job. This is a pre-sales technical advisor role.


Responsibilities
• Run technical discovery calls with clients
• Identify infrastructure gaps and project needs
• Translate requirements into vendor specifications
• Recommend vendor categories and architectures
• Assist in vendor evaluation and technical comparisons
• Document findings and scope clearly

You may have worked as:
• Solutions Architect
• Senior Systems Engineer
• Pre-Sales Engineer
• Cloud Architect
• Network Architect
• Technical Consultant

Experience with several of the following is important:
• Cloud platforms (AWS / Azure)
• Networking / SD-WAN
• Cybersecurity tools
• Backup / disaster recovery
• VoIP / UCaaS
• Infrastructure architecture

You must be able to:
• Ask great technical questions
• Quickly understand complex environments
• Communicate clearly with non-technical executives
• Strong spoken English is required.
• You should be comfortable speaking with CIOs and IT Directors.

Engagement
• Part-time to start
• 5–10 hours per week
• Discovery calls scheduled in advance

This role will likely grow into a long-term partnership.

To apply
Please send a Loom video answering the following:
1. A short description of your technical background
2. Your experience in client-facing technical roles
3. A brief example of a technical discovery call you have led

We need a licensed CPA with AICPA membership to attest to our SOC 2 audit clients.

Our Auditors will complete the information security and compliance audit.
We are willing to pay between $800 and $1000 per attestation. Monthly volume is around 5-10 clients.

The budget will be for a discovery call.

Crestmont is a private investment firm focused on principal investing, special situations, and private market opportunities across healthcare, energy, technology, and real assets. We are a growing organization with multiple affiliated entities and investment vehicles, and a distributed team that utilizes modern cloud-based systems.

We are seeking a highly organized, responsive, and technically capable IT professional to serve as our outsourced IT administrator and technology coordinator.

Scope of Work

The selected contractor will act as our go-to resource for managing and maintaining our business technology infrastructure, including:

Domain & DNS Management
- Manage and maintain company domains
- Configure and update DNS records
- Coordinate domain registrations, renewals, and transfers
- Troubleshoot website, email, and DNS-related issues

Email Administration
- Administer Google Workspace
- Create, modify, and deactivate user accounts
- Manage aliases, forwarding rules, groups, and shared inboxes
- Implement email security best practices
- Assist with deliverability and email authentication (SPF, DKIM, DMARC)

Cloud & Collaboration Systems
- Support Google Drive and shared file permissions
- Maintain user access and security settings
- Assist with Slack administration
- Coordinate user onboarding and offboarding

Software & Vendor Management
- Maintain inventory of software subscriptions and licenses
- Coordinate with vendors and support teams

Manage user access across platforms such as:
- Google Workspace
- Slack
- Cloze CRM
- Constant Contact
- Juniper Square
- DocuSign
- Dropbox and/or Google Drive
- Other business applications as needed

Security & Compliance
- Implement and maintain MFA policies
- Conduct periodic access reviews
- Maintain password and access management procedures
- Assist with cybersecurity best practices and recommendations
- Address cybersecurity threats and concerns

Special Projects
- Configure integrations and automations (Zapier preferred)
- Assist with system migrations
- Support new technology implementations
- Recommend improvements to streamline operations and reduce costs

Ideal Candidate
- 5+ years administering Google Workspace and cloud-based business systems
- Strong DNS and domain management experience
- Familiarity with investment firms, professional services firms, family offices, or private equity environments preferred
- Experience with Zapier or workflow automation tools
- Strong communication skills
- Available during U.S. business hours for urgent issues
- Comfortable working independently and proactively

Engagement Structure
- Fractional / ongoing contractor relationship
- Estimated 5–15 hours per month initially, with additional project-based work
- Long-term relationship preferred
- Hourly or monthly retainer proposals welcome

To Apply

Please provide:

A brief summary of your relevant experience
Examples of similar organizations you have supported
Your hourly rate or preferred monthly retainer
Availability during U.S. Eastern Time business hours
Any certifications or specialized expertise
Experience with Google Workspace, DNS management, Zapier, and cybersecurity

We are seeking an expert to tighten our organization’s security posture, specifically around protecting a high volume of PII documents. The candidate must be a true Microsoft expert capable of leading our Google Workspace to Outlook migration and resolving post-migration issues from our RingCentral to Teams transition (specifically regarding voicemail notifications). Collaboration with our IT team is essential to assess vulnerabilities and develop a robust security framework.

Core Responsibilities:
Design and deploy robust security and compliance frameworks within M365 to protect PII.

Manage and optimize Microsoft Intune policies.

Lead the migration from Google Workspace to Outlook.

Troubleshoot and resolve Microsoft Teams notification and voicemail issues following our RingCentral migration.

Requirements:
Deep, expert-level technical knowledge of M365 security features and PII data protection.

Proven experience in complex cloud migrations (Google to Outlook) and Teams telephony troubleshooting.

Strong communication skills for team collaboration.

If you are passionate about organizational security, we would love to hear from you! To demonstrate your attention to detail, please include the word "Jollibee" at the very beginning of your application or cover letter.

looking for an experienced and certified Ethical Hacker / Penetration Tester to perform a comprehensive security assessment of our IT infrastructure and email environment.

The primary objective is to identify security weaknesses, validate existing security controls, simulate real-world attack scenarios, and provide a practical remediation roadmap that strengthens our overall security posture.

This is not a one-time assessment. We are looking for a security expert who can partner with us through the complete lifecycle of Assessment → Remediation → Validation → Continuous Security Improvement, making this a long-term engagement.

Project Budget: Up to USD 20,000 based on experience, approach, and scope.

Scope of Work
1. Infrastructure Security Assessment

You will be responsible for performing comprehensive infrastructure security testing, including:

External and internal penetration testing
Assessment of servers, firewalls, VPNs, switches, routers, and network devices
Cloud infrastructure security review (Azure, AWS, OCI, or GCP)
Identification of vulnerabilities, misconfigurations, and security gaps
Authentication and authorization testing
Privilege escalation testing
Remote access security validation
Active Directory / Entra ID security review
2. Email Security Assessment

Review and assess enterprise email security, including:

Microsoft 365 / Exchange Online
Google Workspace
On-Premise Exchange (if applicable)

Assessment should include:

SPF validation
DKIM validation
DMARC review
Email spoofing assessment
Phishing resilience testing
Business Email Compromise (BEC) risk assessment
Email gateway configuration review
Anti-spam and anti-malware controls
MFA implementation review
Conditional Access policy assessment
3. Security Validation & Penetration Testing

Perform controlled and authorized security testing, including:

Vulnerability scanning
Infrastructure penetration testing
Public attack surface assessment
Exposed services identification
Web application testing (where applicable)
API security testing
SSL/TLS configuration review
Security headers validation
Password policy assessment
Identity and access management review
Expected Deliverables

The selected consultant will provide:

Executive Summary
Detailed Vulnerability Assessment Report
Risk Classification (Critical / High / Medium / Low)
Technical Findings with Evidence
Proof of Concept (where applicable)
Business Impact Analysis
Prioritized Remediation Roadmap
Best Practice Recommendations
Security Hardening Checklist
Final Validation Report after remediation
Knowledge Transfer / Walkthrough Session with our technical team
Required Skills
Minimum 5+ years of hands-on Ethical Hacking or Penetration Testing experience
Strong expertise in Infrastructure Security
Strong experience with Microsoft 365 / Email Security
Experience performing enterprise security assessments

Hands-on experience with:

Kali Linux
Burp Suite
Metasploit
Nessus
Nmap
OWASP Testing Methodology
Active Directory & Entra ID Security
VPN & Firewall Security
MFA & Identity Security
Cloud Security (Azure / AWS / OCI / GCP)

Ability to produce executive-level and technical security reports with actionable remediation recommendations is essential.

Preferred Certifications

Candidates holding one or more of the following certifications will be preferred:

CEH (Certified Ethical Hacker)
OSCP
GPEN
CISSP
CompTIA PenTest+
Security+
Technical Evaluation

To evaluate practical expertise, shortlisted candidates may be requested to participate in a live technical discussion or demonstration.

This may include:

Demonstrating a real-time infrastructure security assessment approach
Identifying email security vulnerabilities in a controlled environment
Explaining attack methodologies and remediation strategies
Reviewing sample penetration testing scenarios
Discussing previous enterprise engagements

This evaluation is intended to verify practical experience and technical depth.

Engagement Details
Project Type: Fixed Price with Long-Term Opportunity
Budget: Up to USD 20,000
Experience Level: Expert
Regular progress meetings and technical walkthroughs
Potential for ongoing security assessments and remediation projects
NDA and Confidentiality Agreement required before project commencement
Proposal Requirements

Please include the following in your proposal:

Brief introduction and relevant experience
Similar infrastructure and email security assessments completed
Security certifications
Sample or redacted assessment report (if available)
Testing methodology and tools you will use
Estimated project duration
Fixed project cost and milestones
Availability to start
Why you are the right fit for this engagement
Important Notes
This engagement is strictly for authorized and ethical security testing.
All assessments will be performed only against systems for which written authorization has been provided.
The successful consultant should be capable of identifying vulnerabilities, recommending practical remediations, assisting with implementation, and validating that remediation activities effectively strengthen the organization's security posture.

If you have a proven track record in enterprise infrastructure security, email security, penetration testing, and remediation, we would like to hear from you.

Blue Chip Fleet is a luxury/exotic vehicle services business. We are preparing to
launch a customer-facing mobile app (publicly, on the Apple App Store) backed by a
staff-facing CRM. We are seeking a focused, time-bounded security and code review
of the system before public release.

The app is already built and functioning; it is currently in internal TestFlight
testing. We are not asking for new feature development — this is a review and
hardening engagement.

• Please list any certifications related to this project

We're a small Google Ads agency who had an employee's email maliciously accessed.

The attacker seems to have bypassed 2FA.

This is outside of my area of expertise but here's what I know:

The attacker started to create spam campaigns inside of our client's ad accounts using a single employee's email address.

This started around 1130am EST on June 11th and stopped around 540pm EST.

The employee uses a Mac laptop and iPhone for work (personal devices), their personal email is the recovery email and 2FA was enabled on both Google Ads and Google Workspace.

The breach was noticed the morning of June 12th, we then reset the employee’s password and set their Google Ads account to be unable to make further changes.

I’ve downloaded the following log files from Google Workspace but don’t know if there’s any value in these docs:
Device log events
User log events
Access eval logs
Gmail logs
0Auth logs

Outside of our organization, this past week I spoke to a different agency who had the exact same thing happen (Google Ads breached from employees account, 2FA bypassed). I’ve also seen a few threads on Reddit, posted in the last two weeks, related to compromised Google Ads accounts but nothing specific around the attack vector.

The employee confirms that no new downloads of plugins, extensions, software, or files outside of CSVs directly from Google Ads have occurred.

I’d like to understand, if possible, how this breach occurred and what additional security measures we can take to prevent it from happening again in the future.

About Us:
We are an accredited Certification Body (CB) conducting official, external third-party ISO/IEC 27001 certification audits.

⚠️ IMPORTANT: This role is strictly for external certification auditing. This is NOT an internal audit position, nor is it a consulting/implementation role.

We are looking to onboard an ISO 27001 Auditor-in-Training to join our professional audit team for upcoming certification audits.

What We Provide
We will pair you with a qualified ISMS Evaluator who will monitor and guide you through your required audit days (including Stage 1, Stage 2, and surveillance exposure). This hands-on experience is designed to help you fulfill your formal qualification requirements and eventually join as external lead auditor.

What You Must Bring (Non-Negotiable Prerequisites)
To comply with our Certification Body competency criteria, you must already possess the foundational education, technical knowledge, and theoretical audit training. We are screening exclusively for candidates who meet the following:

Education: University-level degree or equivalent professional higher education in a relevant field (e.g., Information Technology, Computer Science, Cyber Security).

Workplace Experience: Practical, hands-on workplace experience in Information Technology and Information Security sufficient to understand technical environments. (This could include internal audits, consulting and pen-testing)

Theoretical Training: Formal training in ISO/IEC 27001 auditing principles (e.g., successful completion of a 17024 accredited training such as IRCA/PECB/BSI Lead Auditor course). It is completely fine if you currently lack the practical logbook hours; we are providing the field experience.

Core Knowledge: A deep, fundamental understanding of management systems, ISO 19011 auditing principles, and ISMS monitoring, measurement, analysis, and evaluation.

Analytical Skill: The demonstrated ability to trace technical information security incidents or vulnerabilities back to specific systemic control failures within an ISMS framework.

• What is your university-level equivalent education, and how do you currently maintain your Continuous Professional Development (CPD) in InfoSec?
• Have you completed a formal ISO 27001 Lead Auditor or Internal Auditor course? Please state the training body (e.g., PECB, IRCA, BSI)?
• What language(s) do you fluently speak and write? Specifically, which languages are you comfortable enough in to conduct live, ISMS audit interviews?

I’m looking for an ISO 27001 Lead Auditor for Internal Audit to carry out a comprehensive documentation review for our Chandigarh-based Information Security Management System. The implementation is already in place; what I need now is an expert eye on every artefact so we can face the certification audit(Stage 2) with complete confidence.

Scope of work
• Review the observation points received during our ISO 27001 stage 1 audit
• Assess the corrective actions implemented by our team and validate whether the observations have been adequately addressed and closed.
• Conduct an Independent Internal audit review of our ISO 27001 documentation, including policies, procedures, records, risk assessment documents, statement of Applicability and other relevant ISMS documentation.
• After review, share us with the summary report highlighting the stage 1 observation closure status, documentation review finds, improvement opportunities, stage 2 audit readiness assessment.
• Provide recommendation and best practices suggestions for continual improvement of ISMS


Deliverables
1. Annotated copies of each document with in-line comments.
2. Consolidated gap-analysis report (Word or Excel) with assistance to prepare for Stage 2
3. Internal Review report with corrective action and closure status
3. A brief hand-over call to walk me through the findings.


Familiarity with ISO 27002, ISO 27005, and common risk-assessment tools (e.g., OCTAVE) will help, but demonstrable ISO 27001 LA certification is mandatory. Let me know your availability this week and estimated turnaround time.
Whatsapp : 82830 02426(only text)

Skills: Technical Writing, Research Writing, Records Management

I am looking for an experienced branding designer to develop the visual identity for my firm, proISMS, which specializes in Information Security consulting for the mid-market.

My goal is to create a "High-End Boutique" brand appearance that balances mathematical precision with elegant, flowing aesthetics. I have a clear vision for the logo and color palette already defined, and I am looking for a professional to translate these concepts into a refined, scalable, and high-impact design.

Key Requirements:
- Logo Design: Development of a sophisticated symbol based on an interlocking double-S (infinity loop/lemniscate concept), built on the principles of the Golden Ratio.
- Aesthetics: High-end, luxury look with a focus on geometric precision and fluid, organic linework.
- Color Concept: Implementation of a specific deep violet/copper-gold gradient and palette.
- Deliverables: Master logo (vector-based), font system (modern/geometric sans-serif), a basic style guide (colors, typography, usage), and high-resolution files.
- Professionalism: Proven experience in B2B or premium branding. High attention to detail regarding scalability (from website favicon to large-scale print/embossing).

What I am looking for:
I am not looking for a "quick fix" or stock logo. I need a designer who understands the gravity of the Information Security sector while maintaining the exclusivity of a boutique advisory firm. You must be able to deliver original work and provide a full transfer of copyright.

If you are interested, please submit your portfolio, highlighting projects with a clean, high-end, or minimalist aesthetic.
I have a detailed briefing document ready to share with qualified candidates.

Roles we're hiring for:

Solution Architect (microservices, API gateway, security architecture)
Senior Java / Spring Boot developers
PostgreSQL / data engineer (modelling, optimisation, migration)
Frontend developer (portal UI/UX)
Integration specialist (REST APIs, third-party system integration)
Information-security specialist
DevOps / cloud engineer and QA

We are a new logistics company building our website, and we are looking for a Website Security & Compliance Specialist to partner with our internal team. Our designer (Toni) is handling all layout, pages, and visual development — your role focuses strictly on the security, access control, and compliance‑sensitive portions of the site.

What we need:
We need someone who can review the site structure, secure employee‑only pages, configure protected document access, secure multiple reporting forms, and ensure the website meets the data‑protection expectations required for Amazon DSP compliance. You will collaborate with our designer as needed, but you will not be responsible for design or page creation.

Deliverables include:

Secure access controls for employee‑only pages

Protected employee handbook download

Anonymous reporting form security

Urgent reporting workflow security

Secure form configuration + email routing

Google Workspace integration

General website security hardening

Compliance review + risk assessment

Skills required:
Information Security, IT Compliance, Secure Form Configuration, Access Control, Authentication Systems, Google Workspace Integration, and Website Security Hardening.

How we work:
We communicate clearly, respond quickly, and keep responsibilities separated. Toni will lead the full website build, and you will focus on the backend security and compliance requirements. We value transparency, collaboration, and professionals who can explain what they need in order to complete their part of the project.

What we’re looking for:
Someone experienced, reliable, and comfortable partnering with another professional. This is a focused, security‑driven role — perfect for someone who specializes in compliance workflows and secure website infrastructure.

Wiz Cloud Security Engineer
Position Summary

The Wiz Cloud Security Engineer is responsible for leading the migration and operationalization of Wiz of gaintech enterprise Cloud-Native Application Protection Platform (CNAPP), replacing existing Prisma Cloud capabilities. This is a hands-on engineering role focused on cloud security posture management, policy-as-code, automation, platform integrations, and cloud risk reduction across Azure, GCP, and multi-cloud environments.

The role sits at the intersection of cloud security engineering, automation, infrastructure as code, and enterprise governance. The engineer will design, implement, tune, and maintain security controls within Wiz while developing scalable processes for identifying, prioritizing, and remediating cloud security risks.

Key Responsibilities
Wiz Platform Engineering & Operationalization
Lead and support the migration of cloud security capabilities from Prisma Cloud to Wiz.
Configure, tune, and operationalize Wiz across enterprise cloud environments.
Develop and maintain Wiz security policies, alerting logic, compliance controls, and risk prioritization frameworks.
Reduce false positives and improve signal-to-noise ratios through policy tuning and optimization.
Manage Wiz CSPM, CWPP, CIEM, container security, attack path analysis, and cloud exposure management capabilities.
Policy Migration & Baseline as Code
Translate existing Prisma Cloud security policies into equivalent Wiz controls and security guardrails.
Design and implement security policies using Infrastructure as Code (IaC) principles.
Manage Wiz policies, cloud guardrails, and security baselines through Terraform rather than manual platform configuration.
Store policy definitions in source control repositories and deploy changes through CI/CD pipelines.
Maintain version control, peer review, auditability, and change management for all cloud security configurations.
Develop reusable Terraform modules for security policy deployment across cloud environments.
Cloud Security Engineering
Identify, investigate, and remediate cloud misconfigurations across Azure and GCP environments.
Evaluate and enforce security controls related to identity, networking, storage, encryption, logging, and access management.
Support cloud governance initiatives aligned with organizational security standards.
Implement preventative and detective cloud security controls.
Container & Kubernetes Security
Manage container security findings generated through Wiz.
Evaluate Kubernetes security posture across AKS, GKE, and containerized workloads.
Identify vulnerabilities, exposed secrets, privileged workloads, and runtime risks.
Collaborate with engineering teams to improve container security and remediation practices.
Security Automation & Integrations
Develop Python-based automation workflows to retrieve, enrich, transform, and route Wiz findings.
Build integrations between Wiz and enterprise platforms including Splunk and ServiceNow.
Automate ticket creation, enrichment workflows, remediation tracking, and security reporting processes.
Support continuous improvement of cloud security operations through automation and orchestration.
SIEM & Security Operations Integration
Integrate Wiz findings into Splunk for enterprise visibility and monitoring.
Develop and optimize SPL queries, dashboards, reports, and alerting workflows.
Normalize and enrich cloud security data for improved analysis and reporting.
Support operational teams with actionable cloud security intelligence.
Reporting & Analytics
Develop dashboards and executive reporting using Power BI, Tableau, or similar platforms.
Create cloud security posture metrics, trend analysis, remediation tracking, and risk reporting.
Measure program effectiveness through KPIs such as finding reduction, MTTR, exposure reduction, and compliance adherence.
Governance & Compliance
Align cloud security controls with industry standards including CIS, NIST, ISO 27001, and internal Wells Fargo security requirements.
Support audit requests, compliance reviews, and regulatory examinations.
Maintain documentation, policy traceability, and evidence required for governance and audit purposes.
Collaborate with security architects, cloud engineering teams, platform owners, and governance stakeholders.
Required Qualifications
5+ years of cloud security engineering experience.
The ideal candidate should have teaching sills to mentor Junior engineers.
Hands-on experience with Wiz, Prisma Cloud, or similar CNAPP platforms.
Strong experience with Azure and/or GCP cloud environments.
Experience managing CSPM, CWPP, CIEM, and cloud security posture initiatives.
Strong Python scripting and automation experience.
Experience with Infrastructure as Code (Terraform preferred).
Experience integrating security platforms with Splunk, ServiceNow, or similar enterprise tools.
Knowledge of Kubernetes and container security.
Strong understanding of cloud security frameworks including CIS, NIST, and ISO.
Preferred Qualifications
Experience leading Prisma-to-Wiz migrations.
Experience implementing Policy-as-Code and Baseline-as-Code programs.
Experience managing Terraform-based security policy deployments.
Experience building cloud security governance programs in regulated financial environments.
Experience with CI/CD pipelines and automated security control deployment.
Experience supporting audit, compliance, and regulatory requirements.
Core Technologies
Wiz
Prisma Cloud
Terraform
Python
Azure
GCP
Splunk
ServiceNow
Kubernetes
GitHub / GitLab
Power BI
Tableau
CI/CD Pipelines
CSPM
CWPP
CIEM
Cloud Governance & Compliance

Hello!

I have forgot my Snap Chat My Eyes Only password - would you be able to help with that? The problem is if you reset the password it deletes everything in the account. I have valuable and sensitive photos in there that I need to recover with a gentle touch as these photos truly are for "MEO".
This would be amazing you could help!

Thank you for your consideration!

We are looking for an experienced Ethical Hacker to perform authorized security assessments and identify vulnerabilities in our systems, networks, and web applications. The ideal candidate should have hands-on experience with penetration testing, vulnerability assessments, and security tools such as Nmap, Burp Suite, Metasploit, and Wireshark.

VAKE Consulting is seeking an experienced IT Security & Compliance Consultant to review and strengthen our existing information security framework.

We are a multinational SAP consulting company operating across Europe and the Middle East and increasingly receiving customer security and compliance requests from enterprise clients.

The consultant will review our existing documentation and security controls and provide recommendations for improvement.

Scope

* Review Microsoft 365 E5 security configuration
* Review HR Security Policy
* Review GDPR Technical & Organizational Measures (TOM)
* Review Risk Register & Risk Treatment Plan
* Review Incident Response procedures
* Review External Security Audit Summary
* Assess readiness for customer security reviews and supplier questionnaires
* Provide recommendations aligned with GDPR and ISO 27001 principles

Deliverables

* Written gap assessment
* Prioritized improvement recommendations
* Review meeting (60-90 minutes)
* Suggestions for future governance and compliance improvements

Desired Experience

* Microsoft 365 Security
* Microsoft Intune
* Microsoft Defender
* GDPR
* ISO 27001
* Risk Management
* Information Security Governance
* Supplier Security Assessments

I have a remote client that got hit by a ransomware attack. This client has different department that operate 24 x 7 so taking the network down for a day or 2 or 3 is not an option.

I understand finding the vector and determining the source is really important but we are in disaster recover mode and the most important thing is to get them online while at the same time making changes to the network to supress anything that might still be undetected.

I was able to restore the servers ( 6 of them) from veeam immutable backups offsite (understand that they could still have a dormant threat on them). We removed all pc's from the network and did scans with Sonicwall Capture Client and removed whatever was found on them.

We got them operating a little bit but understand that there is probably a problem still.

My thought is that we need to strengthen network security by doing many things and I'm looking for someone to quickly assist with the most importand changes first to prevent possible dormant threats from emerging, etc.

We are going to change all passwords for users accounts, services, etc right away.

This is a windows domain and all computers are domain joined.

We'd like to deploy windows defender enterprise or whatever can limit file execution so rogue executables can't run without permission.

We have a RDP Server (Not used much, just occasionally) that was configured / integrated with DUO (free version for less than 10 users) that does MFA when remoting into the network. We'd like to setup MFA for all network logins from local pc's, etc. , all logins.

We want to replace the Sonicwall capture client with the something better, Windows Defender for Business, SentinelOne Singularity Core, Huntress or something else but looking for a person with experience with many solutions and someone who can quickly deploy it.

We want the network locked down but usable and I know there are more changes to do but need to do the most important first and I'm thinking stopping rogue executables will prevent damage even if our network is still compromised.

Please Tell me what you think the right approach is to quickly protect this network. Let me know your availability and only respond if you have a lot of experience with this please ! We have flown a person onsite so there will be a local person onsite to help.

A cyber intelligence platform designed to identify externally visible security risks across businesses. Through automated free scans, deep technical analysis is conducted to detect vulnerabilities and provide actionable insights. The platform aims to enhance security posture by uncovering potential threats and offering solutions to mitigate them.

• Describe a recent cyber security issue you personally remediated. What was the issue, how did you fix it, and what was the business outcome?
• A client receives a ThreatScout report showing: Missing SPF Missing DKIM No DMARC policy Walk us through exactly how you would remediate these findings.
• A scan identifies: Open RDP exposed to the internet Weak SSL/TLS configuration Missing security headers on the company website Which would you address first and why?
• What systems and technologies have you personally administered or secured? Please provide examples across: Microsoft 365 Azure AWS Google Workspace Firewalls DNS providers Web hosting platforms
• A small business owner receives a report with 20 findings and asks: "Can you fix this for me?" How would you approach the engagement from first meeting through to completion?

Overview:
We are Fluxxcore, an enterprise AI compliance and data analytics ecosystem built for international FinTech, NeoBanks, and InsurTech companies. We solve critical infrastructure and regulatory pain points for corporate clients, including AI model failures (Schema Drift), hidden data vulnerabilities (Shadow Data), and global regulatory audits (EU AI Act, ISO 8000).

Our architecture is fully ready, and our operational cycle and enterprise sales pipeline are already set up and running. We are currently scaling our operations and building a core pool of high-caliber experts and data specialists to execute upcoming enterprise projects, run client audits, and participate in technical diagnostics.

Compensation & Partnership Model (CRITICAL):
This is a Commission-Only / Revenue-Share project. We do not offer fixed monthly salaries at this stage. Instead, we offer:

Primary: A high, guaranteed percentage/revenue share from each closed enterprise contract you participate in (our standard B2B enterprise sales cycle is 111+ days).

Secondary: Equity/Option pool allocations based on performance and long-term project commitment.

Please bid only if you fully understand and accept this partnership framework.

Roles & Fields of Expertise We Are Onboarding:

We are looking for various data and security professionals to join our expert network. You can fit one or more of the following tracks:

System / Business Analysts & Data Governance Experts:

Participate in diagnostic sessions with corporate clients (CTOs, CDOs).

Map client data infrastructure (As-Is / To-Be states), analyze gaps, and draft technical specifications.

Information Security Consultants (CISO/Infosec Experts):

Secure on-premise and private cloud architecture deployments.

Help navigate clients' internal InfoSec committees and communicate directly with corporate CISO teams.

Data Quality & Data Engineers / Database Administrators (DBA):

Implement data quality metrics, configure dbt/Great Expectations, and monitor schema drift.

Optimize database performance (SQL/NoSQL) and handle data pipeline integrations.

Data Analysts & BI Developers:

Deep-dive into client data streams to detect anomalies and "dirty data" sources.

Build advanced compliance analytics dashboards and reporting inside our Control Tower.

QA Engineers:

Test the stability, integrations, and performance of the analytics ecosystem before final client deployment.

Requirements:

Languages: Fluent English (professional/native) is mandatory for working with clients in the EU, LatAm, and Asia. Fluency in Russian is a major plus for inner-team communications, but not strictly required.

Proven background in FinTech, banking, Big 4, or IT consulting on international enterprise projects.

Entrepreneurial, consultative mindset: ability to build custom frameworks rather than just waiting for strict instructions.

How to Bid:
In your proposal, please specify:

Which track/role fits your expertise best.

A brief summary of your FinTech, banking, or data engineering experience.

Skills: MySQL, Database Administration, Database Programming, Database Development, Data Analytics, Data Governance, AI Consulting, AI Development