Optimize Network Security Projects on Upwork

Interim server control transfers from the temporary administrator to the owner, ensuring continuity while blocking unauthorized access. This involves managing shared credentials securely and maintaining server integrity. The ideal candidate will have experience in server management and security protocols to ensure a smooth transition. Root or break-glass credentials remain under owner custody. The interim administrator must use named, auditable access and must not request, store, rotate or disclose root credentials unless an emergency procedure is formally invoked and recorded.

I’m looking for a seasoned ethical hacker to take a deep dive into my production-level web applications and help me harden them against real-world threats. The goal is straightforward: expose anything that could be exploited and give me clear, actionable steps to strengthen security.

You’ll have full, authorized scope to simulate attacks just as a malicious actor would—SQL injection, cross-site scripting, authentication bypass, misconfigured cloud services, the works—while staying within the bounds of responsible disclosure. Modern tooling such as Burp Suite Pro, OWASP ZAP, Kali Linux and manual code-review techniques are welcome, provided every finding is thoroughly validated.

Deliverables:
• A comprehensive report that ranks each vulnerability by severity and business impact
• Concrete remediation recommendations for my dev team, tied directly to best-practice standards (OWASP Top 10, CWE, etc.)
• A re-test summary once fixes are applied, confirming that issues are fully resolved

Please outline your methodology, any relevant certifications (OSCP, CEH, etc.), and an estimated timeline so we can sync milestones and move quickly to a safer web stack.

Skills: Linux, Web Security, Computer Security, Internet Security, Penetration Testing, Cloud Security, Network Security, Risk Assessment

Information Security Consultant

Overview
We are a rapidly growing global AI, SAP, and IT consulting organization serving enterprise clients across multiple industries.
As we continue to scale, we are seeking an experienced Information Security Consultant / Virtual CISO to assess our current security posture, identify risks, and help establish practical, scalable security controls that protect our intellectual property, client data, cloud infrastructure, and delivery operations.
This is a strategic advisory engagement focused on security governance, risk reduction, and operational security best practices.
The ideal candidate will combine technical security expertise with practical business judgment and experience working with consulting, technology, SaaS, software development, or managed services organizations.

Engagement Type
• Part-Time Consultant
• Fractional Virtual CISO (vCISO)
• Remote
• Initial project engagement with potential ongoing advisory retainer

Objectives
The consultant will help strengthen our organization’s security posture across:
• Employee security controls
• Intellectual property protection
• Source code protection
• Data Loss Prevention (DLP)
• Cloud security
• Client data protection
• Security governance
• Backup and disaster recovery
• Incident response readiness
• Security awareness and compliance

Key Responsibilities
Security Assessment & Risk Review
• Perform a comprehensive security assessment.
• Identify security gaps, vulnerabilities, and operational risks.
• Develop a prioritized remediation roadmap.
• Assess current security maturity and governance practices.
Data Loss Prevention (DLP)
Review and recommend controls related to:
• Source code protection
• Unauthorized file transfers
• External storage devices
• Personal cloud storage usage
• Data exfiltration risks
• AI platform usage (ChatGPT, Copilot, Claude, Gemini, etc.)
• Customer data handling controls
• Email and document sharing practices
Source Code & Intellectual Property Protection
• Review GitHub/GitLab security controls.
• Assess repository permissions and access management.
• Recommend controls to prevent unauthorized downloads or code leakage.
• Review developer access governance.
• Establish secure development and code protection standards.
Cloud Security
Review security posture across:
• AWS
• Azure
• Google Cloud
• SaaS Platforms
Areas of focus:
• Identity and Access Management
• MFA enforcement
• Privileged Access Controls
• Security Monitoring
• Logging and Auditing
• Encryption Standards
• Backup Protection
• Security Configuration Management
Backup, Recovery & Business Continuity
Assess and recommend improvements for:
• Backup architecture
• Disaster recovery readiness
• Ransomware resilience
• Backup encryption
• Backup access controls
• Recovery testing procedures
• Recovery Point Objectives (RPO)
• Recovery Time Objectives (RTO)
Employee Security Controls
Review and recommend controls for:
• Onboarding and offboarding
• Device management
• Remote work security
• Access management
• Password policies
• Security awareness training
• Contractor and vendor access
Security Governance
Develop recommendations and frameworks for:
• Information Security Policy
• Data Protection Policy
• Access Control Policy
• Password Policy
• Remote Work Policy
• Incident Response Plan
• Vendor Security Policy
• Business Continuity Plan
• Acceptable Use Policy
• Secure Development Policy
• AI Usage Policy

Deliverables
The consultant should be able to provide:
Phase 1 – Assessment
• Security Risk Assessment Report
• Security Gap Analysis
• Risk Register
• Top Security Risks Summary
• Prioritized Remediation Roadmap
Phase 2 – Security Framework
• Data Loss Prevention (DLP) Strategy
• Source Code Protection Framework
• Cloud Security Recommendations
• Backup & Recovery Review
• Security Policy Framework
• AI Usage & Data Protection Guidelines
Phase 3 – Governance
• Executive Security Dashboard
• Security Governance Model
• Security Metrics & Reporting Framework
• Ongoing Advisory Recommendations

Preferred Experience
We are seeking professionals with experience in one or more of the following:
• Virtual CISO Services
• Information Security Consulting
• Cybersecurity Governance
• Technology Risk Management
• Cloud Security
• Secure Software Development
• Data Protection & Privacy
• IT Security Audits
• Security Program Development
Experience with any of the following is highly desirable:
• ISO 27001
• SOC 2
• NIST Cybersecurity Framework
• CIS Controls
• OWASP
• Cloud Security Best Practices

Ideal Candidate
• Strong security architecture and governance background.
• Experience working with software, SaaS, consulting, or technology organizations.
• Practical and business-focused approach to security.
• Strong communication and stakeholder management skills.
• Ability to balance security requirements with operational realities.
• Experience building security programs from the ground up.
• Comfortable working directly with executive leadership.

Success Criteria
Within the initial engagement, the consultant should help us:
• Identify and prioritize key security risks.
• Establish practical security governance.
• Improve protection of source code and intellectual property.
• Strengthen cloud and infrastructure security.
• Develop DLP and insider-threat controls.
• Improve backup and recovery readiness.
• Create scalable security policies and standards.
• Prepare the organization for future enterprise customer security reviews and audits.

Proposal Requirements
Please include:
1. Relevant experience and certifications.
2. Examples of similar engagements.
3. Security frameworks and methodologies you have implemented.
4. Estimated availability (hours per month).
5. Approach for conducting the assessment and delivering recommendations.
6. Sample deliverables (redacted if necessary).
We are looking for a practical advisor who can help build a security-first culture while supporting the growth of a modern global technology consulting organization.

Seeking a paralegal to assist with child support modification paperwork in Utah. Responsibilities include filling out forms, ensuring accuracy, and providing legal guidance. Must be familiar with Utah legal procedures and have experience in family law. Attention to detail and ability to work independently are essential.

Company Overview:
We are a growing company seeking a reliable and experienced contractor to manage, configure, and optimize our Blue Iris video surveillance software system. This is a contract-based position ideal for someone with strong technical knowledge of CCTV systems, camera configuration, and remote monitoring tools.

Job Description:
The contractor will be responsible for maintaining and troubleshooting our Blue Iris security system. This includes configuring IP cameras, setting alerts and motion detection, optimizing system performance, implementing AI plugins, and ensuring secure remote access.

Responsibilities:

- Configure and optimize Blue Iris software for video surveillance
-Integrate IP cameras and configure recording profiles and triggers
-Set up alerts, notifications, and motion detection zones
-Troubleshoot video stream or connectivity issues
-Configure secure remote/mobile access to the system
-Implementing AI plugins
-Recommend hardware or system improvements as needed

Requirements:

-Proven experience working with Blue Iris software
-Strong understanding of IP camera systems and network configuration
-Familiarity with Windows-based environments
-Experience with port forwarding, VPNs, DDNS, and remote access setup
-Ability to diagnose and resolve software/hardware compatibility issues
-Strong communication skills and attention to detail
-Reliable and responsive to support requests

Preferred Qualifications:

-Familiarity with Blue Iris AI tools or 3rd party AI integrations

**Title:** Urgent WordPress Malware & Hosting Account Security Investigation (Dedicated Server)

**Project Overview**

I am looking for an experienced WordPress security specialist to investigate and fully remediate an active compromise affecting one of my WordPress websites hosted on a dedicated HostGator server with WHM/cPanel.

The website has been experiencing unauthorized spam blog posts. Despite changing passwords and restoring from backup, the spam content has reappeared, suggesting there may be an active backdoor, malicious code, compromised account, scheduled task, or server-level issue.

**Environment**

* Dedicated HostGator server
* WHM/cPanel
* WordPress website
* Wordfence Premium installed
* SSH access available

**What Has Already Been Done**

* WordPress passwords changed
* cPanel passwords changed
* Site restored from backup
* Wordfence Premium installed
* Spam posts continue to appear after restoration

**Scope of Work**

* Full malware investigation
* Identify how unauthorized posts are being created
* Scan WordPress core, plugins, themes, uploads, and database
* Identify and remove backdoors, web shells, malicious cron jobs, hidden admin access, or unauthorized API access
* Review server logs, cPanel logs, and WordPress logs
* Investigate whether the compromise is limited to WordPress or exists at the hosting account/server level
* Secure the website and prevent reinfection
* Verify all WordPress users, database users, FTP accounts, SSH access, API tokens, and scheduled tasks
* Provide a summary of findings and actions taken

**Required Experience**

* WordPress malware removal
* Wordfence
* WHM/cPanel administration
* Linux server security
* Malware forensics and incident response
* Dedicated server environments

**Deliverables**

1. Identify root cause of compromise.
2. Remove all malware and unauthorized access.
3. Secure the website and hosting account.
4. Verify site functionality after cleanup.
5. Provide a written report explaining what was found and how it was fixed.

**Important**
Please describe:

* Similar malware cleanup projects you have completed.
* Your approach to identifying persistent WordPress infections.
* Whether you have experience with WHM/cPanel and dedicated servers.

This project is urgent. I am looking for someone who can start immediately and complete the investigation as soon as possible.

Seeking an expert to review the security of my React Native app for iOS, ensure no bugs, and verify it can handle a large number of concurrent users. The ideal candidate will have experience in app security and performance optimization, ensuring the app is secure and functions smoothly under heavy loads.

• Describe your recent experience with similar projects
• Please list any certifications related to this project
• How do you operationalize your projects?

I need my Cisco C3900 brought up to the latest, stable IOS release and then tuned for quality of service. I have not yet downloaded the images, so the first step will be helping me identify the correct firmware bundle, securing it from Cisco, and staging it on my TFTP/SCP server. Once it is in place, you will carry out the upgrade, verify the ROM-mon version, and confirm the router comes back clean with all interfaces up.

After the operating system is current, I want three QoS elements in place: traffic shaping for key subnets, bandwidth management to keep non-critical traffic in check, and priority queuing for voice and video. The policies should be clearly commented in the running-config so I can maintain them myself later.

There are also a few Catalyst switches directly downstream. They only need basic QoS alignment—trust settings on uplink ports and any necessary queue-mapping—so that the policies on the C3900 are honoured end-to-end.

Deliverables
• Correct IOS image chosen, downloaded, and upgrade completed
• Post-upgrade health check (show version, show platform, show log) shared as proof
• Modular QoS configs applied and saved: class-maps, policy-maps, interface service-policies
• Switch port settings updated to trust DSCP/CoS and tested with a quick ping/iperf verification
• Brief hand-off document outlining commands used and rollback steps

I will provide remote console access and a maintenance window; you just need your usual toolkit (Cisco CLI, TFTP/SCP client, putty/secureCRT).

Skills: Linux, Cisco, VoIP, Network Administration, Network Security, Network Engineering, Network Monitoring

Necesito que me entreguen una cuenta de voz sobre IP totalmente operativa y 100 % verificada. Puede ser de Bandwidth, Telnyx o Flowroute; cualquiera de las tres me funciona mientras venga con todos los requisitos de verificación cubiertos.

Una vez creada, deben añadir la IP de mi trunk SIP a la red del proveedor y dejarla autorizada para originar tráfico (solo outbound). Además, requiero:

• Configuración avanzada de SIP (codecs, g711,g729).
• Integración directa con la infraestructura que ya manejo en mi plataforma PBX basada en Asterisk.

Entrego de mi lado las credenciales de IP publica de la PBX que debe quedar registrada. El resultado esperado es que pueda realizar llamadas de prueba sin bloqueos ni rechazos, con CLI correcto y audio bidireccional estable.

Skills: Linux, Asterisk PBX, Voice Talent, VoIP, Telecommunications Engineering, Telecom Sales, Audio Processing, Network Security, Audio Engineering, SIP

Busco apoyo de alguien que ya tenga contactos confiables en India u otros mercados reconocidos por su fortaleza en VOIP para aportar rutas estables, 100 % CLI y orientadas a la más alta calidad de llamada.

Mi necesidad inmediata es implementar nuevas rutas hacia Estados Unidos que, además de mantener estabilidad, permitan realizar spoofing con conocimiento avanzado y total dominio de las prácticas seguras que esto implica. El objetivo es maximizar la claridad de audio y reducir al mínimo las incidencias de pérdida de paquetes o latencia, por lo que valoro experiencia probada configurando, testeando y afinando rutas antes de ponerlas en producción.

A grandes rasgos, esto es lo que espero recibir:
• Rutas directas y estables con terminación USA, garantizando CLI 100 %.
• Pruebas de calidad (MOS, PDD, jitter) previas a la entrega definitiva.
• Conomiento avanzado en spoofing
• Que gestiones diferente rutas en caso de perdida

Si ya cuentas con proveedores sólidos, capacidad de configurar nuevas rutas y plena pericia en técnicas avanzadas de spoofing, me encantará revisar tu propuesta y acordar pruebas piloto de inmediato. Necesitamos 100 llamadas recurrentes y 8,000 llamadas disponibles al dia de 20:00 a 1:00:00 hora cada llamada con buena capacidad de respuesta

Skills: Voice Talent, Telecommunications Engineering, Telecom Sales, Telecom, Network Security, Network Engineering, Voice Assistance Devices, Voice Over, Audio Engineering, Voice Modulation and Audio Programming

my university student portal was hacked and i have been logged out of the system, are you able to help retrieve my account

A clients network had a ransomeware attack and this company runs 24 x 7 so we don't have the luxury of taking things offline and doing forensics to out the attach vector (we no weak network security was to blame and that will be corrected).

We want to create a master image (Windows, Office, Acrobat, a few other things) and deploy it quickly to all workstations. It would be nice if the machines could be auto added to the domain, etc.

I'm looking for the best / quickest / most reliable way to do this.

Please tell me how you would accomplish this task and let me know if you are available immediately or what hours your work.

We are looking for a professional individual who is able to set up a functional MailCow Server for email marketing / campaigning purpose. The server should be configured for only one domain.

This job has two main parts:

1. Analyse our previous MailCow setup extensively and deduce some issues associated with the setup at that time. These issues are (but are not limited to) mailbox deliverability, sending issues, bounce processing, header handling, etc.

2. Develop a new MailCow setup with all the problems fixed on a new separate VPS where login details will be provided. After the setup is complete and relevant testing proof and results are provided, the job is complete.

Depending on how good the job has been completed and some other skills we are looking for for different projects, we would consider hire for some of our other projects or even longer term for maintenance.

I have two separate industrial PCs, each running its own SCADA application. My goal is to take every screen or data point those SCADA packages generate and present it live on a wall-mounted TV that is already on the facility’s Wi-Fi network.

Because the machines sit in different parts of the plant, I do not want extra cabling; the entire link from each PC to the TV must stay wireless, reliable, and secure. If the simplest approach is to combine both feeds into a single dashboard before casting, that works for me—as long as the operators can still see every tag and alarm in real time.

Timing is critical; I need the solution working and tested ASAP.

Deliverables
• A working, Wi-Fi-based method for mirroring or streaming both SCADA displays to one TV
• Any lightweight software, scripts, or casting devices configured and handed over with licenses or credentials clearly documented
• Step-by-step setup notes so my maintenance team can re-deploy the same configuration on replacement hardware in the future

Acceptance criteria
The TV must show the live SCADA screens with no visible lag and should reconnect automatically after a power cycle of any device in the chain.

Skills: Data Processing, Cloud Computing, Software Development, Data Visualization, Technical Documentation, Network Security, Automation, API Integration

I need a seasoned security specialist to dive into our online card-and-board-game platform and expose any path an ordinary player might use to escalate privileges through the interface. That is the single most critical outcome of this engagement. While you work, I also want you to examine the WebSocket layer—specifically its data-encryption implementation—to be sure that every message travelling between client and server stays confidential and tamper-proof.

You’ll be looking at live traffic the same way a determined attacker would, so expect to spend time in Wireshark or a similar PCAP tool as you capture sessions, replay them, and probe for weaknesses. If deeper packet analysis or anomaly hunting becomes necessary, I’m open to extending the scope, but the first milestone is a clear answer on privilege escalation and encryption strength.

Deliverables
• A concise report that documents every privilege-escalation vector you discover, the exact request/response sequence that triggers it, and a practical remediation plan.
• Your assessment of our WebSocket encryption, including cipher details, key-exchange observations, and proof-of-concept captures.
• PCAP files and test scripts you used, clearly commented so my in-house team can reproduce the findings.

Acceptance criteria: the report must let a third-party engineer replicate each issue in a fresh environment within 15 minutes and verify that the proposed fix closes the gap.

If this sounds familiar territory to you and you’re comfortable alternating between Burp Suite, OWASP ZAP, Wireshark, and raw socket scripts, I’d like to start right away.

Skills: Web Security, Computer Security, Network Administration, Internet Security, Penetration Testing, Security, Network Security, Anomaly Detection

We require a practical penetration test of our web-based system, focused mainly on data access, permissions, and exposure risks.
The goal is to confirm whether the system properly protects data from both external unauthenticated users and internal logged-in users with limited access.
1. Testing Objectives
The tester should assess whether:
private data can be accessed without permission
files, reports, exports, or documents are exposed
users can access another user’s data
users can access records by changing IDs in URLs, forms, or API requests
lower-permission users can perform restricted actions
APIs or endpoints expose data incorrectly
role-based permissions and account separation are working correctly
2. Testing Perspectives
External Testing
External testing should be performed without logging in.
The tester should use their own standard methods to assess the public-facing system.
Please test for:
publicly exposed private pages
exposed files, documents, reports, exports, or attachments
login and password reset weaknesses
public API or endpoint exposure
restricted pages accessible without authentication
private data visible in page source, responses, scripts, or network requests
common access-control issues
basic injection or input-handling issues where relevant
The purpose of external testing is to confirm whether an unauthenticated outside user can access anything private or restricted.
Internal Testing
We will provide two test user accounts.
The tester should use these accounts to assess whether logged-in users can access data, pages, files, reports, or actions they should not have access to.
Please test for:
whether Account A can access Account B’s data
whether Account B can access Account A’s data
changing IDs in URLs to view or edit restricted records
modifying API requests to access other users’ records
direct access to restricted pages by URL
access to files, reports, exports, documents, or attachments belonging to another user
attempts to perform restricted actions from a lower-permission account
role/permission bypasses
tenant, client, account, or customer data leakage
hidden UI features or direct routes that expose restricted functionality
The purpose of internal testing is to confirm that each user can only access the data and actions they are authorised to access.
3. Key Areas To Review
Please include testing across the relevant areas of the system, including where applicable:
login
logout
password reset
dashboard
user profile/account pages
customer/client/tenant records
jobs/tasks/orders/bookings
reports
exports
uploaded files or attachments
admin or staff-only areas
API endpoints
direct URLs
browser network requests
page source or client-side data exposure
4. Rules of Engagement
Testing must be safe, controlled, and non-destructive.
The tester must not:
perform denial-of-service testing
perform load or stress testing
send spam
use social engineering or phishing
attack employees, customers, or third-party systems
delete, corrupt, overwrite, or intentionally damage data
attempt persistence, malware, backdoors, or destructive exploitation
access or extract large amounts of real data
If a serious issue is found, the tester should stop further exploitation of that issue and report it immediately with enough evidence to reproduce and fix it.
Testing should stay within the agreed system and accounts provided.
5. Access Provided
We will provide:
system URL
two internal test accounts
explanation of what each account should and should not be able to access
any known role or permission differences between the accounts
any test data required for safe testing
External testing should be performed without using the supplied accounts.
6. Expected Deliverables
Please provide a clear written report.
The report should include:
summary of testing performed
list of vulnerabilities found
severity rating for each issue: Critical, High, Medium, Low
affected area or URL
account used, if relevant
steps to reproduce
screenshots, request examples, or response examples where useful
plain-English explanation of the risk
recommended fix
notes on areas tested where no issue was found
7. Severity Guidance
Use practical severity ratings:
Critical
Unauthorised access to sensitive business/customer data, admin access, or major account separation failure.
High
Access to another user’s records, restricted files, reports, exports, or ability to perform high-impact actions without permission.
Medium
Limited data exposure, permission bypass with limited impact, or weakness that could support a larger issue.
Low
Minor information exposure, missing hardening, or low-impact security improvement.
8. Report Style
We do not need a long formal audit document.
We need a clear, practical report that a developer can act on quickly.
Please keep findings specific and include enough detail to reproduce and fix each issue.
9. Final Outcome Required
At the end of testing, we need a clear answer to:
whether unauthenticated external users can access private data or restricted areas
whether the two provided accounts are properly separated
whether users can access records by changing IDs, URLs, or API requests
whether files, reports, exports, or documents are protected
whether role and permission controls are working correctly

Skills: Web Security, Penetration Testing, Network Security, Risk Assessment, Data Protection, API Testing

I need an experienced network engineer to design, configure, and fully document a three-tiered home-office setup: one VLAN for everyday computer use (desktop PCs and laptops), another for 4-7 IP security cameras, and a separate, isolated segment for smart-home IoT devices.

The scope covers everything from planning the logical topology through hands-on configuration of the router/firewall, switch VLANs, Wi-Fi SSIDs, and PoE or NVR settings for the cameras. I want rock-solid security between segments, seamless roaming Wi-Fi for the computers, and simple management for future device additions.

Deliverables
• A clearly labelled network diagram (PDF or Visio)
• Step-by-step configuration files / screenshots for router, switch, and access points
• On-site or remote implementation support until all devices are online and inter-VLAN rules are confirmed
• Final test report showing successful isolation (ping tests, camera feed access, IoT containment)

Skills: System Admin, Computer Security, Troubleshooting, Cisco, Network Administration, Network Security, Network Engineering, Network Monitoring

Estoy reforzando la infraestructura de voz de mi empresa y requiero un proveedor mayorista de VoIP que pueda cursar mi tráfico saliente con 100 % de preservación de CLI, utilizando rutas directas vía Vitelity y, de ser necesario, otros carriers igualmente certificados. El servicio se empleará exclusivamente para llamadas empresariales outbound; no necesito recepción de llamadas ni funciones extra como grabación, multilínea o integración CRM.

La seguridad es prioritaria: espero soporte nativo para TLS/SRTP, autenticación por IP. También valoro la estabilidad de la ruta.

Entrego como referencia mi infraestructura actual basada en PBX-Asterisk y softphones SIP; la conexión deberá ser plug-and-play bajo estos entornos.

Entregables esperados:
• bloques IP autorizados con CLI 100% garantizado.
• Terminacion USA
• Estabilidad de la ruta
•

Si cumples con estos requisitos técnicos y de seguridad, podemos avanzar de inmediato y escalar volúmenes según resultados.

Skills: Linux, Asterisk PBX, Cisco, VoIP, Telecommunications Engineering, Network Security, SIP

We are seeking a skilled Network Security Specialist to enhance the security of our Uniquiti UDM Pro devices. Responsibilities include implementing firewall rules, conducting vulnerability scans, and applying patches. Additionally, the role involves setting up VLANs and configuring DMARC. The ideal candidate will have experience in network hardening and system administration, ensuring our network infrastructure is secure and efficient.

I need someone to provide IT support for storing a laptop securely and managing it remotely. The ideal candidate will have experience in network security and technical support. Responsibilities include ensuring the laptop is stored in a secure environment and managing remote access to ensure data safety. This is a part-time role intended to be a long-term ongoing engagement.

Linux Debian-12: Change MAC address in OS via rescue mode. A recent hardware/firmware change on my dedicated server requires that I update the MAC address. I have access via SSH and I have the new MAC address details.

Skills: System Admin, Linux, Cloud Computing, Ubuntu, Debian, Virtualization, Network Security, System Administration

We are building an enterprise mortgage LOS platform with strict architecture rules:
• LOS is canonical system of record
• No direct system bypass
• Full audit logging required
• MISMO bridge controlled integration

Required Skills:
• Linux server administration
• Windows Server (ACT CRM + enterprise apps)
• AWS (VPC, IAM, EC2, RDS, S3)
• Terraform (REQUIRED)
• Security + access control
________________________________________
Mandatory Rules:
• No root access required
• No domain ownership
• No unmanaged infrastructure
• Everything must be documented
• Everything must be reproducible
________________________________________
Deliverables:
• Full AWS infrastructure (Terraform)
• Linux + Windows environment setup
• Security hardening
• Backup + recovery system
• Full documentation

Task:
“Create Terraform for:
• VPC
• Linux app server
• Windows server
• Secure database”

• How would you design a system where even you (admin) cannot access SSNs?
• Explain how to prevent a sysadmin from locking out the owner?
• Do you have any experience in the Mortgage Industry, and If so explain in very detailed work/tasks, along with length of time, and also can it be verified work?
• How do you operationalize your projects?

We are seeking a skilled freelancer to conduct a security penetration test on our system. The ideal candidate will have experience in identifying vulnerabilities and providing actionable insights to enhance our security posture. The project involves testing our system's defenses against various types of attacks to ensure its integrity and security.

We are a fast-growing technology advisory firm that helps mid-sized companies evaluate and select the best IT vendors for projects like:

• Cloud infrastructure
• Backup & disaster recovery
• Cybersecurity
• Network / SD-WAN
• VoIP / UCaaS
• Data center / colocation

We do not deliver the services ourselves. We act as the client’s technical advisor and procurement concierge, helping them understand their requirements and selecting the best vendors.

We are looking for a Solutions Architect / Technical Consultant who can lead technical discovery with clients.

Your role will be to run requirements calls, diagnose technical needs, and translate those requirements into clear vendor specifications.

This is not a support role and not an MSP job. This is a pre-sales technical advisor role.


Responsibilities
• Run technical discovery calls with clients
• Identify infrastructure gaps and project needs
• Translate requirements into vendor specifications
• Recommend vendor categories and architectures
• Assist in vendor evaluation and technical comparisons
• Document findings and scope clearly

You may have worked as:
• Solutions Architect
• Senior Systems Engineer
• Pre-Sales Engineer
• Cloud Architect
• Network Architect
• Technical Consultant

Experience with several of the following is important:
• Cloud platforms (AWS / Azure)
• Networking / SD-WAN
• Cybersecurity tools
• Backup / disaster recovery
• VoIP / UCaaS
• Infrastructure architecture

You must be able to:
• Ask great technical questions
• Quickly understand complex environments
• Communicate clearly with non-technical executives
• Strong spoken English is required.
• You should be comfortable speaking with CIOs and IT Directors.

Engagement
• Part-time to start
• 5–10 hours per week
• Discovery calls scheduled in advance

This role will likely grow into a long-term partnership.

To apply
Please send a Loom video answering the following:
1. A short description of your technical background
2. Your experience in client-facing technical roles
3. A brief example of a technical discovery call you have led

Crestmont is a private investment firm focused on principal investing, special situations, and private market opportunities across healthcare, energy, technology, and real assets. We are a growing organization with multiple affiliated entities and investment vehicles, and a distributed team that utilizes modern cloud-based systems.

We are seeking a highly organized, responsive, and technically capable IT professional to serve as our outsourced IT administrator and technology coordinator.

Scope of Work

The selected contractor will act as our go-to resource for managing and maintaining our business technology infrastructure, including:

Domain & DNS Management
- Manage and maintain company domains
- Configure and update DNS records
- Coordinate domain registrations, renewals, and transfers
- Troubleshoot website, email, and DNS-related issues

Email Administration
- Administer Google Workspace
- Create, modify, and deactivate user accounts
- Manage aliases, forwarding rules, groups, and shared inboxes
- Implement email security best practices
- Assist with deliverability and email authentication (SPF, DKIM, DMARC)

Cloud & Collaboration Systems
- Support Google Drive and shared file permissions
- Maintain user access and security settings
- Assist with Slack administration
- Coordinate user onboarding and offboarding

Software & Vendor Management
- Maintain inventory of software subscriptions and licenses
- Coordinate with vendors and support teams

Manage user access across platforms such as:
- Google Workspace
- Slack
- Cloze CRM
- Constant Contact
- Juniper Square
- DocuSign
- Dropbox and/or Google Drive
- Other business applications as needed

Security & Compliance
- Implement and maintain MFA policies
- Conduct periodic access reviews
- Maintain password and access management procedures
- Assist with cybersecurity best practices and recommendations
- Address cybersecurity threats and concerns

Special Projects
- Configure integrations and automations (Zapier preferred)
- Assist with system migrations
- Support new technology implementations
- Recommend improvements to streamline operations and reduce costs

Ideal Candidate
- 5+ years administering Google Workspace and cloud-based business systems
- Strong DNS and domain management experience
- Familiarity with investment firms, professional services firms, family offices, or private equity environments preferred
- Experience with Zapier or workflow automation tools
- Strong communication skills
- Available during U.S. business hours for urgent issues
- Comfortable working independently and proactively

Engagement Structure
- Fractional / ongoing contractor relationship
- Estimated 5–15 hours per month initially, with additional project-based work
- Long-term relationship preferred
- Hourly or monthly retainer proposals welcome

To Apply

Please provide:

A brief summary of your relevant experience
Examples of similar organizations you have supported
Your hourly rate or preferred monthly retainer
Availability during U.S. Eastern Time business hours
Any certifications or specialized expertise
Experience with Google Workspace, DNS management, Zapier, and cybersecurity

I need support planning and configuring a pair of Hirschmann EAGLE40 firewalls that will run in transport mode at the edge of our industrial backbone. The goal is to gain precise control over internal business traffic, with carefully structured firewall rules and tight network-access control that fit the topology of our production network.

You will start by reviewing our existing Layer-3 design and proposing how the EAGLE40s should be positioned, including any VLAN or routing adjustments required for seamless transport-mode operation. From there, I expect a complete rule set that segments departments, limits east-west traffic, and blocks any unauthorized protocols while leaving room for future growth. Network Access Control must be enforced through the firewall’s native feature set, tying rules to MAC, IP or user groups where appropriate.

Deliverables I need from you:
• A brief design document outlining placement, interfaces and high-level traffic flow
• The full Hirschmann CLI/HIView configuration ready for import, with comments
• A step-by-step deployment guide I can follow on-site, including rollback steps
• A short validation checklist demonstrating that critical services remain reachable and unauthorized traffic is dropped

I will supply current diagrams, IP tables and maintenance windows once we start. No VPN or IPS features are in scope right now, but please keep the design flexible in case we add them later. Experience with Hirschmann Industrial HiVision or similar OT-focused tools is a plus.

Skills: System Admin, Computer Security, Troubleshooting, Technical Writing, Cisco, Network Administration, Documentation, Network Security

Security Architect Needed — Core Banking Solution Architecture (Temenos T24)

We are a newly established SAMA-licensed commercial bank in Saudi Arabia deploying Temenos T24 as our core banking system on a cloud infrastructure. We are looking for an experienced Security Architect to support us in designing and documenting a security architecture aligned to the SAMA Cybersecurity Framework (CSF), NCA ECC-2, and SDAIA/PDPL requirements.

---

Scope of Work

The engagement covers the following dimensions:

1. Application Security
- Security architecture for Temenos T24 web channel, API layer, and Open Banking integrations
- Application-level controls: IAM, MFA, PAM, TLS, PKI, and secrets management
- Secure SDLC recommendations and API security standards (FAPI/OAuth 2.0)

3. Technology Stack
- Security controls mapping across the full technology stack (Temenos T24, cloud infrastructure, HRMS, payment channels, SWIFT/FinNet)
- Tooling recommendations for SIEM, EDR, DLP, CSPM, WAF, and MSOC integration

4. Deployment Environment
- Cloud deployment model (KSA-based cloud provider)
- Security zone design: DMZ, perimeter, application, core banking, data, and cloud infrastructure layers
- Data residency and sovereignty controls aligned to PDPL Article 29

5. Integrations
- Secure integration patterns for third-party vendors.
- Third-party risk and shared responsibility considerations

6. Expected Deliverables
- High-Level Security Architecture diagram (end-to-end, with directional data flows)
- Security Controls Framework mapped to SAMA CSF, NCA ECC-2, and PDPL
- Security solution architecture narrative (suitable for SAMA regulatory.

We are seeking an experienced Subject Matter Expert (SME) to review certification-focused test bank questions for SecAI+ and Linux+ courses.

The SME will review assessment questions for technical accuracy, alignment with course objectives, certification relevance, answer key accuracy, and distractor quality. Candidates should hold current or recent SecurityX/CASP+, Linux+, or equivalent advanced cybersecurity and Linux certifications and have hands-on industry experience.

This is a short-term, remote contract engagement with work completed asynchronously. We are looking for someone who is available immediately and can begin reviewing materials within the next few days.

To Apply, Please Include:

Relevant certifications
Brief summary of your experience with SecurityX/CASP+ and/or Linux+
Availability over the next week
Hourly rate or project rate

I need someone to manage job applications online securely and host a laptop 24/7. The ideal candidate will ensure all applications are processed efficiently and securely, maintaining continuous availability. Experience in online application management and security is essential.

I'm seeking a digital forensic expert to investigate my and my wife’s Apple ID, iPhone, and iCloud activity. The goal is to identify associated devices, review account access and security changes, detect unauthorized activity, and provide an independent forensic report.

Key Tasks:
- Confirm Apple account takeover / hack
- Identify and list all linked devices
- Review and document any changes to settings, including proof of device login and location
- Detect and report on any unauthorized access

Ideal Skills and Experience:
- Expertise in digital forensics, particularly with Apple products
- Experience with Apple ID and iCloud security protocols
- Strong analytical skills to identify unauthorized access
- Ability to provide a comprehensive, independent forensic report

Please only bid if you have relevant experience and can ensure confidentiality.

Skills: Research, Computer Security, Technical Writing, Research Writing, Technical Support, Security, Data Analysis, Network Security, Digital Forensics, Risk Assessment

Configure a Meraki Firewall MX95 to use an Azure ExpressRoute for a remote virtual network, replacing the current IPsec VPN. Ensure seamless connectivity and security between the on-premises network and the Azure cloud environment. The ideal candidate will have experience with network security and cloud infrastructure.