Boost Your Security Analysis Freelancing

looking for an experienced and certified Ethical Hacker / Penetration Tester to perform a comprehensive security assessment of our IT infrastructure and email environment.

The primary objective is to identify security weaknesses, validate existing security controls, simulate real-world attack scenarios, and provide a practical remediation roadmap that strengthens our overall security posture.

This is not a one-time assessment. We are looking for a security expert who can partner with us through the complete lifecycle of Assessment → Remediation → Validation → Continuous Security Improvement, making this a long-term engagement.

Project Budget: Up to USD 20,000 based on experience, approach, and scope.

Scope of Work
1. Infrastructure Security Assessment

You will be responsible for performing comprehensive infrastructure security testing, including:

External and internal penetration testing
Assessment of servers, firewalls, VPNs, switches, routers, and network devices
Cloud infrastructure security review (Azure, AWS, OCI, or GCP)
Identification of vulnerabilities, misconfigurations, and security gaps
Authentication and authorization testing
Privilege escalation testing
Remote access security validation
Active Directory / Entra ID security review
2. Email Security Assessment

Review and assess enterprise email security, including:

Microsoft 365 / Exchange Online
Google Workspace
On-Premise Exchange (if applicable)

Assessment should include:

SPF validation
DKIM validation
DMARC review
Email spoofing assessment
Phishing resilience testing
Business Email Compromise (BEC) risk assessment
Email gateway configuration review
Anti-spam and anti-malware controls
MFA implementation review
Conditional Access policy assessment
3. Security Validation & Penetration Testing

Perform controlled and authorized security testing, including:

Vulnerability scanning
Infrastructure penetration testing
Public attack surface assessment
Exposed services identification
Web application testing (where applicable)
API security testing
SSL/TLS configuration review
Security headers validation
Password policy assessment
Identity and access management review
Expected Deliverables

The selected consultant will provide:

Executive Summary
Detailed Vulnerability Assessment Report
Risk Classification (Critical / High / Medium / Low)
Technical Findings with Evidence
Proof of Concept (where applicable)
Business Impact Analysis
Prioritized Remediation Roadmap
Best Practice Recommendations
Security Hardening Checklist
Final Validation Report after remediation
Knowledge Transfer / Walkthrough Session with our technical team
Required Skills
Minimum 5+ years of hands-on Ethical Hacking or Penetration Testing experience
Strong expertise in Infrastructure Security
Strong experience with Microsoft 365 / Email Security
Experience performing enterprise security assessments

Hands-on experience with:

Kali Linux
Burp Suite
Metasploit
Nessus
Nmap
OWASP Testing Methodology
Active Directory & Entra ID Security
VPN & Firewall Security
MFA & Identity Security
Cloud Security (Azure / AWS / OCI / GCP)

Ability to produce executive-level and technical security reports with actionable remediation recommendations is essential.

Preferred Certifications

Candidates holding one or more of the following certifications will be preferred:

CEH (Certified Ethical Hacker)
OSCP
GPEN
CISSP
CompTIA PenTest+
Security+
Technical Evaluation

To evaluate practical expertise, shortlisted candidates may be requested to participate in a live technical discussion or demonstration.

This may include:

Demonstrating a real-time infrastructure security assessment approach
Identifying email security vulnerabilities in a controlled environment
Explaining attack methodologies and remediation strategies
Reviewing sample penetration testing scenarios
Discussing previous enterprise engagements

This evaluation is intended to verify practical experience and technical depth.

Engagement Details
Project Type: Fixed Price with Long-Term Opportunity
Budget: Up to USD 20,000
Experience Level: Expert
Regular progress meetings and technical walkthroughs
Potential for ongoing security assessments and remediation projects
NDA and Confidentiality Agreement required before project commencement
Proposal Requirements

Please include the following in your proposal:

Brief introduction and relevant experience
Similar infrastructure and email security assessments completed
Security certifications
Sample or redacted assessment report (if available)
Testing methodology and tools you will use
Estimated project duration
Fixed project cost and milestones
Availability to start
Why you are the right fit for this engagement
Important Notes
This engagement is strictly for authorized and ethical security testing.
All assessments will be performed only against systems for which written authorization has been provided.
The successful consultant should be capable of identifying vulnerabilities, recommending practical remediations, assisting with implementation, and validating that remediation activities effectively strengthen the organization's security posture.

If you have a proven track record in enterprise infrastructure security, email security, penetration testing, and remediation, we would like to hear from you.

Blue Chip Fleet is a luxury/exotic vehicle services business. We are preparing to
launch a customer-facing mobile app (publicly, on the Apple App Store) backed by a
staff-facing CRM. We are seeking a focused, time-bounded security and code review
of the system before public release.

The app is already built and functioning; it is currently in internal TestFlight
testing. We are not asking for new feature development — this is a review and
hardening engagement.

• Please list any certifications related to this project

I need someone to manage job applications online securely and host a laptop 24/7. The ideal candidate will ensure all applications are processed efficiently and securely, maintaining continuous availability. Experience in online application management and security is essential.

We are seeking a skilled specialist to manage our website's maintenance, security, and optimization. Responsibilities include ensuring site stability, enhancing performance, and implementing security measures. The ideal candidate will have experience with WordPress and a strong understanding of internet security. This is a long-term engagement, offering an opportunity to work on ongoing projects.

Looking for someone to help me do a full security and privacy review of my Instagram and Hotmail accounts.

I've noticed a login on Instagram that I don't recognize and want to make sure there is no unauthorized access. I'd like someone to review my security settings, remove any suspicious devices/sessions, set up proper protections, and make sure everything is locked down.

I'm also having trouble linking/verifying my phone number with my Hotmail account and would like help resolving that.

We are seeking a skilled freelancer to perform a technical audit and cleanup of two existing Webflow sites. The sites are for B2B SaaS and multifamily property tech. The ideal candidate will have experience in Webflow and technical audits, ensuring the sites are optimized for performance and security. Responsibilities include identifying and fixing issues, improving site speed, and ensuring best practices are followed.

We are looking for an experienced Ethical Hacker to perform authorized security assessments and identify vulnerabilities in our systems, networks, and web applications. The ideal candidate should have hands-on experience with penetration testing, vulnerability assessments, and security tools such as Nmap, Burp Suite, Metasploit, and Wireshark.

VAKE Consulting is seeking an experienced IT Security & Compliance Consultant to review and strengthen our existing information security framework.

We are a multinational SAP consulting company operating across Europe and the Middle East and increasingly receiving customer security and compliance requests from enterprise clients.

The consultant will review our existing documentation and security controls and provide recommendations for improvement.

Scope

* Review Microsoft 365 E5 security configuration
* Review HR Security Policy
* Review GDPR Technical & Organizational Measures (TOM)
* Review Risk Register & Risk Treatment Plan
* Review Incident Response procedures
* Review External Security Audit Summary
* Assess readiness for customer security reviews and supplier questionnaires
* Provide recommendations aligned with GDPR and ISO 27001 principles

Deliverables

* Written gap assessment
* Prioritized improvement recommendations
* Review meeting (60-90 minutes)
* Suggestions for future governance and compliance improvements

Desired Experience

* Microsoft 365 Security
* Microsoft Intune
* Microsoft Defender
* GDPR
* ISO 27001
* Risk Management
* Information Security Governance
* Supplier Security Assessments

A cyber intelligence platform designed to identify externally visible security risks across businesses. Through automated free scans, deep technical analysis is conducted to detect vulnerabilities and provide actionable insights. The platform aims to enhance security posture by uncovering potential threats and offering solutions to mitigate them.

• Describe a recent cyber security issue you personally remediated. What was the issue, how did you fix it, and what was the business outcome?
• A client receives a ThreatScout report showing: Missing SPF Missing DKIM No DMARC policy Walk us through exactly how you would remediate these findings.
• A scan identifies: Open RDP exposed to the internet Weak SSL/TLS configuration Missing security headers on the company website Which would you address first and why?
• What systems and technologies have you personally administered or secured? Please provide examples across: Microsoft 365 Azure AWS Google Workspace Firewalls DNS providers Web hosting platforms
• A small business owner receives a report with 20 findings and asks: "Can you fix this for me?" How would you approach the engagement from first meeting through to completion?

We are seeking an experienced VAPT expert to join our team on a long-term basis. The ideal candidate will have a strong background in vulnerability assessment and penetration testing, ensuring the security and integrity of our systems. Responsibilities include conducting regular security audits, identifying vulnerabilities, and implementing measures to prevent potential threats. The role requires ongoing support to maintain and enhance our security posture.

Looking for someone who has investigated and cleaned compromised PHP ecommerce/CMS systems before. Access will be provided through SSH and SFTP.

Responsibilities:
* Investigate suspicious behavior within a PHP-based ecommerce application
* Review application files, server configuration, scheduled tasks, and logs
* Identify malicious code, unauthorized modifications, or persistence mechanisms
* Remove malicious components and document findings
* Verify application functionality after remediation

To be considered, please answer:
1. Describe a malware cleanup or compromise investigation you completed on a PHP application.
2. What are the most common persistence mechanisms you encounter after an initial cleanup?
3. How do you distinguish between an application compromise and a server-level compromise?
4. Which Linux commands do you commonly use during incident investigation?
5. Are you comfortable working directly through SSH on a production server?

Please include your estimated turnaround time and fixed-price quote.

I am looking for an experienced website security professional to help protect my server that hosts 10 of my websites from ongoing malicious traffic and automated scans. (Some successful injections)

The ideal candidate will have a strong background in penetration testing and security analysis to identify vulnerabilities and implement effective solutions. Your expertise will be crucial in ensuring the security and integrity of our online platform.

I have done as much as I can on my end myself.

We are seeking an experienced AI Security Specialist to perform a comprehensive security assessment and penetration test of our telehealth technology. The ideal candidate will have a strong background in AI security and healthcare technology, ensuring the protection of sensitive data and systems. Responsibilities include identifying vulnerabilities, conducting penetration tests, and providing actionable recommendations to enhance security measures.

• Have you previously performed penetration tests using Aikido Security?
• What experience do you have securing healthcare or HIPAA-regulated systems?
• Can you provide a sample pentest report (with sensitive information removed)?
• What tools do you use in addition to Aikido for security testing?
• How would you test APIs, authentication systems, and AI-powered applications for vulnerabilities?

We are seeking a professional to conduct a comprehensive digital security audit for our health clinic. The audit should cover our website, emails, and all digital tools we use to ensure we are secure and compliant with health regulations. The ideal candidate will have experience in security analysis and network security, and be able to provide recommendations for improvements.

We are a small medical practice in Bend, Oregon, using Microsoft 365 and Nextech EHR. We are applying for cyber insurance and need our M365 environment assessed to ensure compliance with security standards. The assessment should identify vulnerabilities and provide recommendations for improvement. This is a one-time project with a quick turnaround.

I am looking for an experienced White Hat Security Tester to perform an authorized security assessment of my public-facing web applications and identify vulnerabilities. The ideal candidate will have a strong background in penetration testing and security analysis, with the ability to provide detailed reports and recommendations for improvement.

Our website, Invitrx.com, has been compromised and we need assistance with authenticating our domain. We are looking for a freelancer with experience in security analysis and network security to help resolve this issue. The ideal candidate will have a strong understanding of web hosting and internet security to ensure our website is secure and functioning properly.

We are seeking a skilled geostrategic analyst to provide insights on the Balkans region. The role involves analyzing political, economic, and social trends to predict future developments. The ideal candidate will have a strong understanding of the region's dynamics and be able to provide actionable intelligence. Experience in data analysis and economics is essential.

We are looking for urgent support with a short, focused ICT security testing exercise for a Bulgarian fintech / crypto-asset services provider applying for authorisation under MiCA.

The company operates a limited principal dealer exchange model for stablecoin on/off-ramp activity. It does not provide custody, does not hold client crypto-assets or client funds on behalf of clients, and does not provide transfer services on behalf of clients. The assessment should therefore be proportionate and focused on the actual production risk surface.

We need a concise but regulator-ready report within 1–2 business days, covering the following:

Scope
--------
1. External vulnerability scan
- Public-facing web application / customer portal
- Public APIs, if applicable
- DNS, TLS, exposed services and basic perimeter checks
- Identification of critical, high, medium and low findings
2. Targeted web application / API security review
- Authentication and session handling
- Access control / authorization
- Input validation
- API security basics
- Rate limiting / abuse controls, where visible
- Order / transaction flow review at a high level, if access is available
3. Cloud and access-control configuration review
- AWS security baseline
- IAM users/roles and MFA
- Privileged access controls
- Logging and monitoring
- Backup / recovery configuration at high level
- Secrets handling at high level
- Any obvious public exposure risks
4. Crypto-operations security review, limited scope
- Fireblocks access / role configuration, if evidence is available
- Wallet operation approval controls
- Segregation of duties for wallet operations
- Logging / audit trail availability

Deliverables
---------------
We need:

1. A short signed ICT Security Testing Report suitable for submission to a financial regulator.
2. A findings table with:
- finding title;
- severity;
- affected system;
- description;
- risk;
- recommendation;
- current status.
3. A management summary confirming whether any Critical or High findings remain open.
4. A remediation tracker or action plan for any unresolved items.
5. Confirmation of testing dates, tester name/company, methodology used, and scope limitations.

The report does not need to be a full enterprise penetration test report. It should be a targeted, proportionate application/API, vulnerability scanning and cloud configuration review aligned with a small fintech’s MiCA/DORA authorisation evidence needs.

Timing
--------
We need the work started immediately and the first report / draft findings delivered within 48 hours.

Context for the report
--------------------------
The report should be written in a way that supports a MiCA application review. Please avoid overstating the business model or implying that the company provides custody, client-asset holding, payment services, or transfer services on behalf of clients.

Suggested wording:
-----------------------
The assessment was performed on a targeted and proportionate basis, taking into account the company’s limited exchange-only principal dealer model and the absence of custody, client-asset holding or transfer services on behalf of clients.

We are developing a new web application and are looking for an experienced security-focused developer to conduct a comprehensive security audit of our codebase and implement all necessary security improvements.

Part of this application has been developed with the assistance of AI tools. Before launch, we want an independent expert to thoroughly review the application, identify vulnerabilities, and make the required changes to ensure the platform follows security best practices and is production-ready.

We expect the selected developer to both identify security risks and actively remediate them within the codebase.

Objectives

Our goal is to ensure that:

- Sensitive information cannot be leaked
- User data is properly protected
- Authentication and authorization are secure
- The application follows modern security standards
- The platform is resilient against common and advanced attack vectors
- AI-generated code does not introduce hidden vulnerabilities
- The application is ready for production deployment

Scope of Work

The selected developer will:

- Security Assessment
- Review the complete codebase and application architecture
Identify security vulnerabilities and weak points
- Analyze AI-generated portions of the codebase
- Review API security
- Review authentication and authorization systems
- Evaluate database security
- Review third-party packages and dependencies
- Review cloud infrastructure and deployment configuration (if applicable)
- Vulnerability Remediation
- Fix identified vulnerabilities
- Refactor insecure code where necessary
- Implement security best practices
- Harden authentication and authorization mechanisms
- Improve secret management and environment variable handling
- Secure API endpoints
- Implement additional safeguards where needed
- Update vulnerable dependencies
- Improve rate limiting, validation, and input sanitization
- Apply security hardening recommendations directly to the codebase
- Security Testing

The application should be reviewed against risks including:

- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Authentication bypass
- Privilege escalation
- Session hijacking
- Server-Side Request Forgery (SSRF)
- Remote Code Execution (RCE)
- Insecure Direct Object References (IDOR)
- API abuse
- Sensitive data exposure
- Dependency vulnerabilities
- OWASP Top 10 security risks

Deliverables

We expect:

- A prioritized list of vulnerabilities discovered.
- All approved security fixes implemented in the codebase.
- Documentation explaining changes made.
- A final security assessment.
- Recommendations for future security maintenance and monitoring.
- Confirmation that all identified critical and high-severity issues have been addressed.

Important

This project requires both security expertise and hands-on development skills. We are looking for someone who can independently identify vulnerabilities, explain the risks, and implement the necessary fixes to bring the application to a production-ready security standard.

Summary
This is a client-facing role. As the SOC Engineer lead, you must be able to speak and write in fluent English. You will be responsible for the comprehensive management of cybersecurity services across all customer accounts. Including the following:

Security Assessments & Compliance:
• Full lifecycle management of penetration testing, including coordination, execution (using (link removed)/ automated tools), and remediation of findings.
• Performing risk assessments for both existing and new customer environments:
o Microsoft 365, Azure, Google Workspace, Meraki Firewalls and Sentinel One.
• Providing expert recommendations aligned with NIST frameworks and Zero Trust principles.
Policy & Compliance:
• Drafting, updating and providing guidance to customers on critical IT policies based on their enviorement, such as Information Security Programs (ISP), Business Continuity Plans (BCP), and Incident Response Policies following NIST and Zero Trust pricipals.
• Our clients are financial institutions so you must also learn and understand (SEC) Security Exchange Commission IT and Cybersecurity Guidelines
Security Operations & Incident Response:
• Serving as the initial point of contact and escalation for all cybersecurity incidents, both internal to OOT and for our customers.
• Leading Security Operations Center activities, including the routine analysis of vulnerability data from Wazuh across the customer base.
• Collaborating with infrastructure and helpdesk teams to ensure the timely patching, fixing, and mitigation of identified vulnerabilities.
• Managing and taking full responsibility for the SOC helpdesk queue to address phishing emails, and cybersecurity tickets that come in from clients.
Security Awareness & Training:
• Planning and executing quarterly customer-wide phishing simulation campaigns utilizing the KnowBe4 platform.
• Identifying flagged users from phishing campaigns and coordinating training for end-users.
• Conducting live video cybersecurity awareness training sessions for customer users on an annual or bi-annual basis.
Security Technology Management:
• Implementing and managing a range of cybersecurity solutions for our customers.
• Platforms include (but are not limited to): Microsoft 365/Azure/Sharepoint (security configurations, conditional access policies, etc..), Mimecast, Cisco Umbrella, Proofpoint, CrowdStrike (potential move to SentinelOne), KnowBe4, and Duo Security.
• Full lifecycle, rollout and implementation of our cybersecurity stack for clients which include: Duo Security, Mimecast, Proofpoint, Knowbe4, Cisco Umbrella, and others.
Cloud & SaaS Security Management:
• Managing and configuring security settings and policies within Microsoft 365 and Entra ID (formerly Azure Active Directory), specifically including the administration of Conditional Access Policies.
• Overseeing and enhancing the security posture of customer environments within Google Workspace.

Skills & Knowledge Required:
• Strong Communication Skills: Fluent in both written and spoken English, capable of interacting with clients and stakeholders/executives effectively.
• Cybersecurity Expertise: In-depth knowledge of penetration testing, risk assessments, vulnerability management, and compliance frameworks such as NIST and Zero Trust.
• Experience with Key Security Platforms:
o Microsoft 365, Azure, SharePoint, and Entra ID (Azure AD)
o Mimecast, Proofpoint, Cisco Umbrella, KnowBe4, Wazuh, CrowdStrike, and SentinelOne.
o Meraki Firewalls and other network security solutions.
• Incident Response: Experience leading security operations and managing incident response efforts.
• Phishing and Security Awareness: Proficiency in using KnowBe4 for phishing simulations and user training.
• Cloud Security Management: Experience with managing security settings in cloud environments, particularly Microsoft 365 and Google Workspace.
Preferred Certifications:
• CISSP, CISM, or other relevant cybersecurity certifications.
• Certifications in cloud security, such as Microsoft Certified: Azure Security Engineer Associate or Google Cloud Security Professional.

Available Working Schedules:
5pm to 12am EST
12am to 8am EST

• How many years of experience with Microsoft 365 & Azure environment?
• How many years of experience with Firewalls (Cisco Meraki, FortiGate, etc..?)
• What's your experience with security tools like Sentinel One, SIEMs, and XDR platforms?
• Describe your recent experience with similar projects
• Please list any certifications related to this project

Overview

We’re a B2B SaaS company preparing to pass an enterprise customer’s IT security review. We’ve built a set of enterprise security features (SSO/MFA, tenant isolation, audit logging, GDPR deletion, privileged-access controls, seat/billing enforcement) and backed them with an automated test suite (pgTAP, Vitest, Playwright).

Before we put our name on it, we need an independent senior engineer to adversarially validate that the work is actually correct — not just that tests pass, but that the security boundaries genuinely hold and that the test suite proves what it claims to. This is a focused, high-trust engagement under NDA.

What you’ll do

Independently verify each of our core security boundaries by trying to break them, then report what holds and what doesn’t:

Cross-tenant data isolation — confirm a user in Customer A can never read or write Customer B’s data: direct Postgres/PostgREST queries, IDOR against API routes and server actions, SECURITY DEFINER functions, storage object paths and signed URLs. Postgres Row-Level Security (RLS) is the entire tenant boundary, so this is the heart of the job.
Auth & session lifecycle — MFA/AAL enforcement, that deactivating a user kills access on the next request even with a still-valid token, and that nothing untrusted can elevate its own role/claims.
GDPR data deletion — that account deletion leaves zero residue (DB cascade including join-scoped tables, storage blobs, identity PII), that the proof-of-erasure record is honest, and that a partial failure is safe and retryable.
Privileged (super-admin) access — that every read/mutation of customer data is logged or denied, with no unlogged path, and that the CI guard enforcing this actually works.
Seat/billing entitlement — that paid capability requires payment and seat caps are enforced (scope confirmed at kickoff; some billing paths may be out of scope).
Cross-feature composition — emergent leaks that appear only when SSO × session × MFA × audit × deletion interact, which per-feature tests miss.
The distinctive part of this job: we also need you to audit the test suite itself — confirm the pgTAP/Vitest/Playwright tests are real (not “vacuous green” / passing for the wrong reason), that each test would actually fail if the control it guards were broken, and where coverage has gaps versus the documented threat model. We will give you our internal threat model as the coverage checklist; part of your value is finding the attacks it omits.

Required skills

Deep PostgreSQL / Supabase RLS expertise — you can read and reason about RLS policies, SECURITY DEFINER functions, and grants, and you know how multi-tenant isolation fails in practice.
Next.js (App Router) — server actions, route handlers, middleware, server/client boundary.
A genuine application security / penetration-testing background: IDOR, broken access control, authz testing, OWASP Top 10, multi-tenant SaaS threat models.
Comfortable running a local stack (Supabase + Next.js + a background-job runner) and reading TypeScript + SQL.
Experience writing clear, evidence-based security findings (severity, reproduction steps, remediation).
Nice to have

Prior work supporting SOC 2 / enterprise security questionnaires / vendor security reviews.
pgTAP, Vitest, and Playwright experience (you’ll be auditing suites written in all three).
Auth/SSO (SAML/OIDC, MFA/AAL) and Stripe billing security experience.
Deliverables

A written security assessment report: for each boundary above, pass/fail with evidence and reproduction steps.
A test-suite integrity verdict: which existing tests are sound, which are vacuous, and the coverage gaps versus the threat model.
Severity-ranked findings (Critical→Low) with concrete remediation guidance.
A re-test pass after we fix anything you flag.
How we’ll work

NDA required before any access (private repo, enterprise customer data — no customer or third-party names will be shared publicly).
We’ll provide repo access and a runnable environment (local stack and/or a staging instance) plus the threat model and the list of features in scope.
Async-friendly; a short kickoff call to align on scope and the crown-jewel priorities.

Job Description:

I’m looking for a talented motion designer or creative developer to create premium biotech-inspired animations that will be integrated into an existing website.

I do not need a full website design or website development. I only need high-quality motion graphics / animation assets that can be added to the website by my developer.

The animations should feel modern, scientific, premium, and credible. They should fit a biotech brand and communicate innovation, genomics, science, precision, and advanced technology.

What I need:

Standalone biotech website animations
Animated hero visual
DNA / genomics-inspired motion
Molecular or cellular animation concepts
Particle or data-flow effects
Smooth looping animations
Scroll or interaction-ready motion assets
Lightweight files suitable for website integration
Desktop and mobile-friendly animation formats

Possible animation ideas:

Abstract DNA strand animation
Molecular network animation
Cell or particle movement
Scientific data visualization motion
Genomics / bioinformatics-inspired visual
Lab-tech / precision medicine style animation
Subtle futuristic background motion
Animated transition elements for website sections

Important:

The final animations should be easy for a developer to integrate into an existing website.

Preferred formats could include:

Lottie JSON
Rive
SVG animation
MP4 / WebM
GIF only if optimized
CSS / JS animation
GSAP-ready assets
Three.js / WebGL component if needed

I’m open to the best technical approach, but the animation must be optimized for web performance and should not slow down the website.

Style direction:

The animations should feel:

Premium
Scientific
Clean
Modern
Trustworthy
Innovative
Futuristic but not too flashy
Suitable for a serious biotech company
Appropriate for investors, partners, researchers, and healthcare/science audiences

I do not want generic stock animations. I want custom or highly polished motion that feels designed specifically for a biotech brand.

Deliverables:

Final animation files ready for web integration
Source files
Recommended export formats
Short integration notes for my developer
Optimized versions for desktop and mobile if needed
Revisions based on feedback

Please apply with:

Examples of your best motion design work
Any biotech, healthcare, science, medtech, genomics, AI, or deep-tech animation examples

We are seeking a skilled professional to conduct a comprehensive security audit and enhance the security of our website. The ideal candidate will have experience in identifying vulnerabilities and implementing effective security measures to protect against potential threats. Responsibilities include performing security audits, identifying vulnerabilities, and implementing security enhancements.

Need to pentest a website made on reactjs. It's mysql, nosql immune

Description:

I’m building a geopolitical intelligence and scenario analysis platform that generates structured strategic reports on political risk, security threats, and corporate exposure. The tool will take a scenario prompt (for example, “Bolivia political instability” or “Iran escalation”) and produce comprehensive, source-backed analysis reports for corporate and institutional clients.

This is an MVP backend system. I will operate it initially, running analyses and delivering reports to clients. The goal is speed and rigor combined—analyst-quality output without the analyst’s cost or timeline.

Core Functionality:

Scenario Input: Accept a text prompt describing a geopolitical or security scenario.

Research Aggregation: Scrape and aggregate publicly available intelligence from vetted, reliable sources (news, policy documents, financial data, historical timelines). No language barriers on critical sources.

Framework-Based Analysis: Apply structured analytical frameworks to generate insights across multiple dimensions.

Structured Report Generation: Automatically produce a comprehensive report with all sections below.

Source Attribution: Every claim backed by cited, verifiable sources. No hallucinations or unsourced assertions.

Report Sections (Auto-Generated):

Executive Summary: High-level overview of the scenario, key risks, and implications.

Implementation Signal Stack: Documented signals and indicators that suggest the scenario is unfolding or likely to unfold. Historical parallels and pattern matching.

Security Analysis: Direct security implications for personnel, operations, and assets.

Institutional Friction Analysis: Political, bureaucratic, or institutional barriers that could accelerate or prevent the scenario.

US Realignment Analysis: How US foreign policy, alliances, or strategic interests factor into the scenario.

Corporate Exposure Heat Grid: Structured matrix showing exposure across categories: personnel safety (critical, high, elevated, moderate, low), supply chain blockades, asset seizure, nationalization, currency risk, contract framework risk, reputational risk.

Signal Tracker: Specific, moniterable signals that would indicate escalation. Real-time monitoring capability (alerts when key signals activate).

Regional Consequence Forecast: How neighboring countries and regional powers would respond. Support, opposition, neutrality, or enablement broken down by country.

Escalation Trigger Ladder: Sequential triggers that, if activated within defined timeframes, indicate the scenario is accelerating.

Decision Tree: Conditional decision framework for clients to use in response planning.

Recommended Actions: Specific mitigation, contingency, or response recommendations for the client.

Technical Requirements:

Web scraping and data aggregation from multiple sources simultaneously.

Natural language processing to extract and structure relevant information from diverse sources.

Integration with LLM or AI reasoning engine to synthesize information and apply analytical frameworks (must be reliable, not prone to hallucination).

Ability to cite and track sources for every analytical claim.

Real-time signal monitoring with alert capabilities.

PDF or document generation for client reports.

Backend API that accepts scenario prompts and returns structured JSON or report data.

User interface for me to input scenarios, review draft reports, and publish final reports.

Constraints:

All analysis must be grounded in verifiable sources. The tool should flag confidence levels and uncertainty.

No generic AI responses. Analysis must apply the frameworks above, not just summarize web search results.

Vetted source database: the tool should prioritize reliable, established sources and down-weight unreliable ones.

Historical pattern matching: the system should identify and reference historical parallels (for example, Maduro capture signals in Venezuela should inform Bolivia analysis).

Deliverables:

Fully functional backend system that generates structured reports.

Admin UI for scenario input and report review.

Client-ready report generation (PDF export).

Signal tracker and monitoring system with alert capability.

API documentation for future expansion.

Ideal Candidate:

Strong experience with NLP, web scraping, and data aggregation at scale.

Familiarity with LLM integration and prompt engineering to avoid hallucination.

Experience building intelligence or research platforms, or similar analytical tools.

Backend development expertise (Python, Node.js, or similar).

Understanding of geopolitical or security analysis frameworks is a plus.

Ability to work with structured, complex analytical outputs.

This is the MVP.

I am looking for an experienced cybersecurity expert to prepare a practical, original, and well researched cybersecurity reference document for an institution in the GCC region.

The document must be written by the expert personally. I do not want AI generated text, generic cybersecurity filler, or copied material. The work should reflect real cybersecurity expertise, current standards, GCC market awareness, and practical recommendations that can actually be implemented.

The goal of this project is to create a clear reference and advisory document that tells the institution what it should secure, what standards it should follow, what technologies and processes it should adopt, what employees should be trained on, what common attacks it should be prepared for, and how its security readiness should be assessed and tested.

The document should be divided into 4 main chapters.

Chapter 1: Technical and Technology Security

This chapter should cover the main technical security areas that an institution should review and improve, including authentication and identity management, network security, database security, endpoint and device security, email security, web application security, cloud security, access control, privileged access management, monitoring and logging, vulnerability management, patch management, backup and recovery, encryption, data protection, incident response, business continuity, third party security, asset inventory, and secure configuration baselines.

For each area, the expert should provide the current risks, the current standard or framework that should be followed, official links or reliable references, recommended controls, suitable technology stack or tools, and practical implementation steps.

The expected format should be specific and reference based. For example, a password policy recommendation should not only say “use strong passwords.” It should identify the relevant standard, such as NIST Special Publication 800 63B, explain that it provides digital identity and authentication lifecycle guidance, provide the official link, and translate the guidance into practical institutional steps such as password length requirements, MFA adoption, password manager support, compromised password screening, account recovery controls, and monitoring for credential theft.

The same approach should be used for every technical area. For example, network security may reference CIS Controls, NIST Cybersecurity Framework 2.0, ISO 27001 controls, Zero Trust guidance, secure configuration benchmarks, and GCC or regional examples where available.

The document should also recommend practical technology stacks where appropriate, such as identity providers, MFA, SSO, PAM, SIEM, EDR, vulnerability scanning, backup solutions, email security controls, DNS protection, DDoS protection, database auditing, and secure configuration tools. The recommendations should be realistic for an institutional environment, not vague or theoretical.

Chapter 2: Human Factors

This chapter should focus on people, behavior, training, and security awareness. It should cover phishing awareness, social engineering, password behavior, secure handling of sensitive data, reporting suspicious activity, insider risk, remote work behavior, management awareness, IT staff awareness, and general employee security behavior.

This chapter should explain what different groups of employees should know, how they should be trained, how often training should happen, what awareness materials should be used, what exams, certifications, or common assessments may be useful, and how improvement should be measured.

The recommendations should include useful links to reliable training resources, standards, awareness material, assessment methods, research papers, professional certifications, and public sector guidance where available. For example, the expert may reference ENISA awareness and cyber hygiene material, phishing guidance, NIST awareness and training guidance, SANS security awareness resources, CIS Controls awareness safeguards, or peer reviewed research on phishing training and security behavior.

This section should not simply say “train employees.” It should explain the actual training topics, target audiences, delivery methods, frequency, assessment methods, and measurable outcomes.

Chapter 3: Common Attacks

This chapter should identify the top 15 common and relevant cybersecurity attacks that a GCC institution should be prepared for. These may include phishing, credential theft, ransomware, business email compromise, DDoS, DNS attacks, SQL injection, web application attacks, exposed remote access, malware, insider misuse, cloud misconfiguration, privilege escalation, data leakage, and supply chain attacks.

For each attack, the document should explain how the attack works, why it matters, how it can be detected, how it can be defended against, what technologies or policies should be adopted, what training is needed if relevant, and what standards, research papers, or official references apply.

Chapter 4: Assessment and Testing

This chapter should explain how the institution can assess its current security posture and test whether its controls, processes, and training actually work.

The assessment part should include both technical assessment and human assessment. For the technical side, the expert should prepare practical assessment checkpoints for each major security area, such as authentication, network security, database security, endpoint security, email security, cloud security, logging, backups, access control, and incident response. These checkpoints should help the institution evaluate what it currently uses, what is missing, what is misconfigured, what needs improvement, and what standards each area should be compared against.

For the human side, the expert should prepare assessment methods for employees, managers, IT staff, and leadership. This may include awareness quizzes, phishing simulation results, role based security knowledge checks, reporting behavior assessment, secure data handling assessment, password and MFA behavior assessment, and training completion evaluation.

The testing part should cover vulnerability assessments, penetration testing, phishing campaigns, tabletop incident response exercises, backup recovery testing, access review testing, security awareness testing, and red team exercises if applicable.

This chapter should explain how each assessment or test should be performed, how often it should happen, what evidence should be collected, how results should be documented, and how the institution should convert findings into an improvement plan.

The final deliverable should include a clear structure, practical recommendations, current standards, official or reliable links, GCC or regional examples where available, technology stack recommendations, assessment checkpoints, testing guidance, and implementable recommendations. Links may include official standards, government guidance, cybersecurity frameworks, vendor neutral best practices, research papers, training resources, and regional examples such as Dubai, UAE, Saudi Arabia, Qatar, Bahrain, Oman, or similar GCC references.

The ideal freelancer should have strong cybersecurity consulting experience, preferably with public sector, institutional, GCC, or Middle East environments.

In your proposal, please include your cybersecurity background, similar work you have completed, any GCC or public sector experience, and a short explanation of how you would structure and prepare the document. Please also confirm that the work will be written personally by you and will not be generated using AI.

WordPress Malware Removal & Site Isolation — Migrate 4 Sites Off Infected Shared Root (Bluehost)
I have 4 WordPress websites hosted on Bluehost, all currently sitting under a primary root directory that is infected with malware. The root is linked to an external malicious site and is re-infecting my other WordPress installs. I need an experienced WordPress security specialist to isolate each of my 4 sites, clean the infection, and ensure none of them are vulnerable to re-infection.

Scope of work

1
Audit & malware removal

Full scan of the root directory and all 4 WordPress installs. Identify and remove all malicious files, injected code, backdoors, and external connections. Check and clean the database for injections.

2
Site isolation

Move each of the 4 WordPress sites into their own isolated hosting environment (separate cPanel accounts or containers) so no shared root can re-infect them. Maintain all existing domains, DNS, and email.

3
Hardening & security setup

Harden each site post-migration: update WordPress core, themes, and plugins; set correct file permissions; disable XML-RPC if not needed; install a reputable security plugin (e.g. Wordfence or Sucuri); configure a WAF and enable activity logging.

4
Post-migration testing & handover

Confirm all 4 sites are fully functional after migration. Provide a written report detailing what was found, what was removed, and how each site is now isolated. Brief handover so I understand how to maintain security going forward.

Environment details

Host
Bluehost (shared)
CMS
WordPress × 4 sites
Issue
Malware in shared root directory
Access
cPanel + SFTP (can provide)
Urgency
High — active infection
What I'm looking for in a freelancer

Proven experience with WordPress malware removal and site migrations
Familiarity with Bluehost cPanel, account isolation, and SFTP
Experience with Wordfence, Sucuri, or similar security tools
Can start immediately — this is urgent
Clear communication and a written deliverable at the end

• Describe your recent experience with similar projects

Descrição da Vaga
Procuramos pessoas ambiciosas, comprometidas e com vontade genuína de construir algo grande. Mais do que experiência, valorizamos atitude, capacidade de aprendizagem e a vontade de fazer parte de um projeto com impacto.
Aqui, não procuramos alguém que apenas cumpra tarefas. Procuramos pessoas que gostem de desafios, que se sintam motivadas por resultados e que queiram crescer juntamente com a equipa.
Acreditamos que quem gera valor deve ser recompensado de forma proporcional. Por isso, não existe um teto real de remuneração. O teu crescimento financeiro estará diretamente ligado à tua capacidade de criar resultados, assumir responsabilidade e contribuir para o crescimento do projeto.
Se procuras um ambiente onde o mérito é reconhecido, onde tens autonomia para evoluir e onde podes construir uma carreira sem limitações artificiais, esta oportunidade pode ser para ti.
O que procuramos:
• Mentalidade de crescimento.
Forte ética de trabalho.
• Vontade de aprender e evoluir constantemente.
Espírito de equipa e sentido de missão.
• Orientação para resultados.

I am trying to move my directory from vitalitygrowthlabs.com to dialedin.health.

I started to rebuild the whole thing on DialedIn.health myself, but it's javascript and github, and evidently that doesn't rank well in semrush and ahrefs. So i need to use the structure of my old directory. The problem is, i have been updating some new pages on DialedIn.health so the old directory isn't completely up to date.

Can you help?
Melissa

Hello,
Me and my friend account got hacked and we were able to find the device, routed mobile and VPN used, but we are not able to do anything, we got clues, and people who are don this, they attacked us and unable to prove that, can you help us to solve our problem