Boost Your Security Analysis Freelancing

I need someone to review my coded website and all of its functions. This requires both a QA check and a security assessment. The ideal candidate should ensure the website's functionality and security are up to standard.

• Describe your recent experience with similar projects
• Please list any certifications related to this project
• How do you create a dependency map for systems operating in multi-tier architecture?

Wanting someone who is familiar with Kali VM. Will have to find "flags " the show the flag, flag location and flag host. there are multiple flags and the task is not hard if you are familiar with Kali. There are a total of 15 flags from which half have been found already.

We are seeking an experienced ethical hacking team to conduct penetration testing on our web application. The ideal team will identify vulnerabilities and provide recommendations for improvement.

This is a long-term part-time project with monthly engagements. Payments will be made monthly based on agreed service packages and scopes.

We are only looking for teams based in Vietnam.

Looking for a website for my security camera business, focusing on local SEO and AI search capabilities. The site should be optimized for local search to attract local customers and include AI-driven recommendations. The ideal candidate will have experience in web development and security analysis.

• Describe your recent experience with similar projects
• Please list any certifications related to this project
• Describe common challenges of maintaining SLAs
• How do you create a dependency map for systems operating in multi-tier architecture?
• How do you operationalize your projects?

I want to work here, please allow me to start my career, I ask for your guidance and assistance, sir or madam.

Skills: Marketing, Freelance, Learning Management Solution (LMS) Consulting, Wireless Network Security Analysis

First line of review. Work a daily queue of customer telemetry. Classify process activity as allow, watch, or deny. Utilize skills in security analysis and network security to ensure effective threat detection and response.

We are seeking an experienced security professional to conduct a thorough review of our custom Chrome extension. The extension is designed to enhance user experience by providing additional features and functionality. The review should focus on identifying potential security vulnerabilities and providing recommendations for improvement. The ideal candidate will have a strong background in security analysis and web development.

DevSecOps Engineer — ASP.NET Static Security Analysis Pipeline (SonarQube + CI/CD)

OVERVIEW
We need an experienced Application Security / DevSecOps engineer to design and implement a fully automated static security code-review workflow for our ASP.NET Framework and ASP.NET Core repositories. The primary engine is SonarQube. The focus of this project is security rule engineering and pipeline automation — not general .NET development.

TOOL SCOPE
- Primary: SonarQube — required. Custom rule development using the SonarQube C# Plugin SDK / Roslyn analyzers.
- Complementary (optional): Semgrep, CodeQL, Snyk Code. Experience with Fortify or Checkmarx is a bonus.
- Supporting: OWASP Dependency-Check or Dependabot for SCA. GitLeaks / TruffleHog for secrets scanning.

VULNERABILITY CLASSES — CUSTOM RULES REQUIRED
SQL injection, XSS, CSRF, Auth/authz flaws, Hardcoded secrets, Sensitive data exposure, Unsafe deserialization, Weak cryptography, Insecure file uploads, Dependency misconfigurations, Razor (.cshtml) issues, ASP.NET-specific anti-patterns.

DELIVERABLES
1. End-to-end CI/CD integration (GitHub Actions, Azure DevOps, or Jenkins) — every commit and PR triggers a scan; high-severity findings fail the build.
2. Minimum 5 custom security rules (source-to-sink, taint-tracking) targeting the vulnerability classes listed above.
3. Quality gates, severity thresholds, and branch policies tuned to reduce false positives.
4. Baseline suppression strategy so existing findings don't flood day-one builds.
5. Acceptance demo: green build on clean branch → injected flaws cause build failure.
6. Documentation covering installation, rule authoring, upgrades, and day-to-day triage.
7. Knowledge transfer session with the development team.

WHAT TO INCLUDE IN YOUR PROPOSAL
- Your approach to custom rule authoring (which tools, what methodology)
- Examples of rules you have written — or willingness to demo against a sample codebase
- CI platform experience (GitHub Actions / Azure DevOps / Jenkins)
- How you handle false positive reduction and tuning
- Similar projects completed
- Estimated timeline to production-ready setup

SKILLS: SonarQube, ASP.NET / ASP.NET Core, C# / .NET, Roslyn analyzers, Semgrep, CI/CD, GitHub Actions, Azure DevOps, Jenkins, Application security, SAST, DevSecOps, Documentation

Skills: .NET, C# Programming, Azure, ASP.NET, Documentation, Jenkins, GitHub, CI/CD

We are a legitimate e-commerce business facing a critical infrastructure issue. Our completely clean domain (aiakvizicia.sk) is currently experiencing false-positive security flags, causing major European ISPs (like T-Mobile) to intercept and block our paid advertising traffic.

While we are currently clean on 92 out of 93 vendors on VirusTotal (flagged primarily by Bfore.Ai PreCrime), our ultimate requirement is absolute perfection: we need our domain to be 100% clean across all global security vendors, blacklists, and ISP filters. We are looking for a cybersecurity professional to act on our behalf, dispute these classifications, and get our domain permanently whitelisted.

Your Goal:
Conduct a comprehensive reputation audit and ensure our domain (aiakvizicia.sk) achieves and maintains a completely clean, 0-flag status across all major threat intelligence platforms. This includes immediately resolving the current Bfore.Ai dispute and clearing any other hidden blocks.

Key Responsibilities:

Perform a deep-dive audit of our domain's reputation across all major security engines and blacklists.

Act as our technical representative to communicate directly with Threat Intelligence / SOC teams (starting immediately with Bfore.Ai) to dispute false flags.

Draft and submit professional, technically sound dispute requests to expedite the delisting processes.

Provide any necessary technical proof or context that our domain, funnels, and infrastructure are entirely benign (no malware, no phishing).

Follow up aggressively but professionally until the domain is fully cleared everywhere.

The Ideal Candidate:

Background in Threat Intelligence, Incident Response, or SOC Analysis.

Proven experience in Domain Reputation Management, Blacklist Removal, and Vendor Mitigation.

Familiarity with how predictive AI security systems and DNS-level ISP blocking work.

Excellent, native-level corporate English. You must know how to speak the "cybersecurity language" to vendor support teams to get past automated Tier 1 hurdles and reach actual analysts.

To Apply:
Please start your proposal with the word "CLEAN" so I know you read this. Briefly describe a similar situation where you successfully helped a client get their IP or Domain completely delisted and restored to a 100% clean status.

We are seeking an experienced freelancer to assist with setting up and customizing our Moodle Learning Management System. The ideal candidate will have a strong understanding of Moodle's features and be able to implement custom themes and plugins to enhance user experience. Additionally, the freelancer should be able to troubleshoot any technical issues that arise during the setup process. If you have a passion for e-learning and a knack for problem-solving, we would love to hear from you!

---------- Overview ----------
We need an experienced security professional to conduct a thorough audit of our web app and all customer-facing APIs. The goal is to identify, document, and rank every security risk so we have a clear, prioritised action plan to work from.

We're specifically looking for someone who leverages AI tooling to work efficiently. We want a comprehensive audit turned around within a few days, not weeks.


---------- What you'll do ----------
- Audit all public-facing web app surfaces, APIs, and endpoints
- Identify vulnerabilities across common threat categories
- Rank findings by severity (critical, high, medium, low)
- Provide actionable remediation steps for each finding
- Flag any quick wins we can address immediately


---------- Requirements ----------
- Proven experience in web app and API security auditing (penetration testing / VAPT)
- Actively uses AI tools to accelerate and deepen security analysis
- Familiar with industry-standard tools such as Burp Suite, OWASP ZAP, or similar DAST/SAST tooling
- Able to deliver a full report within 3 days of receiving access
- Strong written communication. The report needs to be readable by both technical and non-technical stakeholders
- Experience with testing web apps/SaaS products and REST/GraphQL APIs


---------- Deliverables ----------
- Full vulnerability assessment report with all findings documented
- Severity ranking for each issue (critical to low)
- Actionable remediation steps per finding

• What AI tools or AI-assisted testing suites do you currently use for vulnerability discovery?
• How long would it realistically take you to complete a full VAPT report for a mid-sized SaaS web app with multiple public APIs, and what access or information would you need from us to get started?
• Do you have a public profile, published writeups, CVEs, bug bounty submissions, or any other verifiable work we can review? Please share links.

website: https://cherchertrouver.immo

We are seeking a skilled freelancer to conduct a penetration test on our real estate website. The goal is to identify vulnerabilities and ensure the security of our platform. The ideal candidate will have experience in security analysis and internet security, with a focus on web development.

I am looking for an experienced WordPress security specialist to fully clean and secure my website.
Wordfence is already installed and has been used to scan the site. However, I need a manual cleanup to ensure all malware and backdoors are completely removed.
Identify and remove all malware (files and database)
Manually inspect wp-content, themes, plugins, and core files
Remove any hidden backdoors or malicious code
Clean and secure the database if needed
Check for and remove any unauthorized admin users
Fix vulnerabilities that allowed the infection
Perform full security hardening (wp-config, permissions, login protection, etc.)

• Describe your process for manually removing malware and backdoors from a WordPress site.
• How do you ensure the site will not get reinfected after cleanup?
• Have you worked with Wordfence before? What are its limitations?
• What files or areas do you check first when a WordPress site is infected

We are seeking a cyber security expert to protect influencer accounts and conduct safety tests and drills to prevent personal data breaches. The ideal candidate will have experience in security analysis and network security, ensuring the integrity of our systems and data. This role involves identifying vulnerabilities and implementing measures to safeguard against potential threats.

Conduct a security audit for a web app using Supabase and Lovable. Responsibilities include reviewing Row Level Security, testing data isolation between workspaces, and assessing frontend security. Ensure all security measures are in place to protect user data and prevent unauthorized access.

We are seeking an experienced licensed/certified penetration tester to conduct a second check penetration test on three web servers. The ideal candidate should have a strong understanding of security vulnerabilities and the ability to simulate real-world attack scenarios to identify potential weaknesses. Your insights will be crucial in helping us enhance the security of our infrastructure.

Objectives: The penetration test should assess the in-scope servers against the following:
• OWASP Top 10 web application vulnerability categories (injection, broken authentication,
misconfiguration, sensitive data exposure, access control weaknesses, etc.)
• SSL/TLS configuration: cipher suites, protocol versions, and certificate validity
• External network exposure: open ports, unnecessary services, and attack surface reduction
• SSH access controls and remote authentication configuration
• Any critical or immediately exploitable conditions identified during testing

testing must be done after 5pm MDT time and conclude before 6am MDT the next day. There are 3 days available for testing.

Deliverables:

A written findings report is due within ten (3) business days of the end of the testing window,
including:
• All identified vulnerabilities rated by severity (Critical / High / Medium / Low / Informational)
• Description, evidence, and remediation guidance for each finding
• Brief executive summary suitable for cyber insurance purposes

Please provide examples of your previous work in penetration testing and any relevant certifications.

We are seeking a freelancer to audit and optimize our Cloudflare WAF rules for Google Search Console. The ideal candidate will have experience in security analysis and internet security, ensuring our website's performance and security are not compromised. The task involves reviewing current WAF rules, identifying potential issues, and implementing improvements to enhance our site's visibility and security.

I need to have penetration testing performed for my application to asses security.

ABOUT US
CartoVista is a cloud-based SaaS platform for geospatial visualization and business intelligence. Our application allows organizations to transform complex spatial and tabular data into interactive web maps and dashboards. You can see the platform in action here: https://www.youtube.com/watch?v=hraGJZcNBVM and learn more at https://cartovista.com.

WHAT WE NEED
We are looking for an experienced penetration tester to perform a comprehensive security assessment of our web application and produce a formal written report.
Testing must be completed within the next few weeks.

SCOPE OF WORK
- Web application penetration testing, authentication, authorization, session management, input validation, business logic, and OWASP Top 10 vulnerabilities
- API security testing, REST API endpoints for authentication bypass, injection, improper authorization, and data exposure
- Infrastructure and cloud configuration review, our platform is hosted on AWS; review of exposed services, security group configurations, and publicly accessible endpoints
- Authentication and access control, role-based access, privilege escalation, and MFA bypass attempts

TECHNOLOGY STACK
- Hosting: Amazon Web Services (AWS, US-East), Virtual Private Cloud (VPC)
- Backend: .NET 8
- Frontend: JavaScript (React)
- Database: PostgreSQL / PostGIS (AWS Aurora)
- Identity & Access: AWS IAM

TESTING APPROACH
We are open to a grey-box methodology, we can provide application credentials, documentation, and architecture details to make testing more thorough and efficient.

DELIVERABLES
1. Executive summary - high-level findings for a non-technical audience
2. Technical findings report - each vulnerability documented with:
- Severity rating (Critical / High / Medium / Low / Informational)
- Description and proof of concept (screenshots, payloads, evidence)
- CVSS score where applicable
- Clear, actionable remediation recommendations
3. Remediation guidance - prioritized list of fixes
4. A re-test of remediated findings is required as part of this engagement

WHAT WE ARE LOOKING FOR
- Proven experience with web application and API penetration testing
- Familiarity with AWS cloud environments
- Adherence to a recognized methodology (OWASP WSTG, PTES, or equivalent)
- Security certifications are a strong plus (OSCP, GWAPT, CEH, BSCP, eWPT, or equivalent)
- Strong written English for the final report

HOW TO APPLY
Please include the following in your proposal:
- A sample penetration test report from a previous engagement (redacted is fine)
- A brief description of your proposed methodology and approach
- Your estimated timeline and availability
- Your relevant certifications, if any
- Your fixed-price quote

• Do you have experience working with web applications deployed on Windows Server ? In our case we are using Windows Server on AWS.
• Do you currently hold any security certifications ?

We are looking for a hands-on Cybersecurity SME to support client-facing projects.
** NOT pentesting Role **

Responsibilities
• Conduct security assessments for applications, APIs, cloud environments, and infrastructure
• Perform penetration testing, security analysis, and remediation planning
• Support cybersecurity governance and framework alignment
• Review and improve AWS/cloud security, monitoring, and access controls
• Strengthen vulnerability management, incident response, and security operations
• Support compliance efforts such as SOC 2 and NIST CSF

Requirements
• Strong hands-on experience in cybersecurity, application security, or cloud security
• Experience with penetration testing, threat modeling, and remediation
• Expertise in AWS security, IAM, logging, and monitoring
• Web application and API security
• SIEM, EDR/MDR, and vulnerability management
• CI/CD security scanning and incident response
• Experience with frameworks such as SOC 2, NIST, ISO 27001, or PCI DSS

We are seeking an experienced cloud/cyber security expert or agency to assess our tech solutions and provide detailed reports on potential vulnerabilities. The ideal candidate will have a strong background in security analysis and network security, with the ability to identify and mitigate risks effectively. Your expertise will help us enhance our security posture and ensure the integrity of our systems.

We are a growing cybersecurity-focused MSP (Managed Service Provider) looking for a senior-level cybersecurity engineer who can operate independently and take ownership of client environments.
This is not a junior support role.
We need someone who can step in, lead, and execute across multiple client environments with minimal hand-holding.
🎯 What You Will Be Responsible For:
Managing and responding to security incidents (MDR / EDR environments)
Managing and responding to alerts in EDR platforms such as Bitdefender GravityZone, SentinelOne, or similar
Performing remediation for malware, ransomware, and security incidents (containment, cleanup, recovery)
Performing vulnerability remediation (not just scanning, but fixing)
Leading patch management across endpoints and servers
Working with RMM tools such as NinjaOne for patching and endpoint management
Supporting Microsoft 365 and cloud security environments
Investigating alerts and taking decisive action
Maintaining security posture across multiple clients
Documenting actions and communicating clearly with leadership

🔧 Required Experience:
Strong experience with EDR/MDR tools (Bitdefender, SentinelOne, CrowdStrike, or similar)

Hands-on experience managing EDR alerts and performing remediation
Experience handling ransomware or malware incidents end-to-end
Hands-on vulnerability management (Rapid7, Nessus, etc.)
Familiarity with RMM tools such as NinjaOne or similar
Incident detection and response experience
Experience working in an MSP environment (preferred)

Strong understanding of Microsoft 365 security
Ability to work independently and make decisions

💡 What We Are Looking For:
Someone who does not wait to be told what to do
Someone who can take ownership of problems and resolve them
Strong communication and accountability
Calm under pressure during incidents

⏰ Availability:
Must be available during US daytime hours

Part-time to start, with potential for ongoing work
🤝 About Us:
We work closely with business leaders to reduce cyber risk and protect operations. Our focus is on practical, real-world security — not just tools, but outcomes.

⚠️ Important:
We are looking for someone who can step in and operate with confidence. If you are used to waiting for instructions, this role is not the right fit.
Please mention your hands-on experience with EDR tools and incident response in your application.

I am seeking an internship in Cyber Security and Ethical Hacking to apply my knowledge of networking, Kali Linux, and security. This role will involve hands-on learning and practical application of skills in a dynamic environment. The ideal candidate will be passionate about cyber security and eager to learn and contribute to real-world projects.

Gray-Box Web Application Security Audit

We are seeking a comprehensive gray-box penetration test for a production web application. Limited internal access, including valid user credentials and basic application architecture information, will be provided to simulate a realistic attacker perspective while enabling deeper security analysis.

The assessment should focus on:

* Authentication & Authorization testing (role escalation, privilege bypass, brute-force, MFA validation)
* Input Validation vulnerabilities (SQL Injection, XSS, command injection, insecure file upload, etc.)
* Session Management testing (session fixation, cookie security, token handling, logout functionality, idle timeout)

The testing methodology should follow OWASP Top 10 and industry-standard penetration testing practices. Automated tools may be used for discovery, but all findings must be manually verified to eliminate false positives.

Preferred tools and techniques:

* Burp Suite
* OWASP ZAP
* Nmap
* Nikto
* SQLmap
* Nuclei
* Manual testing and verification

Expected Deliverables:

1. Executive summary outlining overall security posture
2. Detailed technical report with:

* Vulnerability description
* CVSS severity rating
* Reproduction steps
* Screenshots/PoC
* Remediation recommendations
3. Severity-based vulnerability matrix
4. One retest after remediation with updated findings
5. Responsible handling and secure disposal of any sensitive data collected during testing

The final report should be delivered in both PDF and editable format within the agreed timeline.

Skills: Web Security, Penetration Testing

The goal is for someone to conduct a structured production readiness review of the current web app codebase, focusing on the highest-risk areas that could lead to instability or security issues.

I work for a ThinkTank at a research center. We're going to be doing some research as a 'controller' for EU citizen social media data, and we are going to be outlining our Legitimate Interests Assessment and Data Protection Impact Assessment for GDPR compliance. We'll first fill them out ourselves, following the templates provided by the Information Commissioner's Office. We'd like to hire an expert consultant to overview our plans and ensure compliance.


We are going to draft our compliance plans first (not yet done), but for fiscal reporting reasons we need to plan ahead on which consultant we will work with to review the plans after we finish drafting.

Start with a controlled pilot, not a full rollout.

Recommended approach:

Select 30–40 strategic international investors.
Classify them by sector, maturity, value, and relationship sensitivity.
Assign one Strategic Relationship Lead from His Excellency’s Office.
Assign one Operational Relationship Lead from the strongest existing relationship owner.
Build a simple dashboard.
Review progress weekly.
Escalate blockers quickly.
Include Miza and extra-care services as part of the investor experience.
Use the 90-day pilot to prove the model before scaling.
This gives the minister what he wants:
clear ownership, faster movement, stronger accountability, and a deal-closing culture.

Hackit Labs is looking for a freelance cybersecurity engineer to support technical security assessments for SMB and mid-market clients.

This role focuses on:

vulnerability assessments

infrastructure reviews

Microsoft 365 security reviews

security posture analysis

technical evidence gathering

The ideal candidate is practical, structured, and comfortable working remotely as part of a flexible consulting delivery model.

-Responsibilities:

Conduct vulnerability assessments

Review exposed services and configurations

Assist with cloud and M365 security reviews

Validate technical findings

Help collect technical evidence for compliance projects

Provide remediation recommendations

-Requirements:

Experience with vulnerability assessment tools

Familiarity with:

Nessus

OpenVAS

Defender

Microsoft 365 security

cloud security basics

Strong technical reporting skills

Good communication skills

Comfortable working under NDA

Spanish is a plus but not mandatory

-Nice to Have:

CIS benchmark experience

Azure security experience

Security hardening experience

Previous consulting background

Experience with SMB environments

-Project Type:

Long-term freelance collaboration.

Initial work will begin with small scoped projects and may evolve into recurring technical assessment engagements.

Summary

Penetration test of a web service covering:
Dashboard application (login, signup, password reset, etc.)
Associated APIs
JS SDK (optional, can be scoped separately)
The total surface area is relatively small. Estimated effort: 25-40 hours including reconnaissance and reporting.
This engagement must satisfy SOC2 Type 2 audit requirements for external penetration testing.
Prior experience delivering compliance-driven pentests is required.
This will be a black-box engagement against a live production environment.
Destructive testing is not permitted.

Requirements
OSCP, OSWA, OSWE, GPEN, LPT, CEPT, or equivalent high level technical hands-on credentials
PCI-DSS experience is a plus
NDA required
Retesting after remediation (1 round)

Target Framework:
OWASP WSTG

Deliverables:
Pentest reports (PDF) - full version and executive summary (2 separate files)
Detailed coverage report with findings mapped to OWASP WSTG, including CVSS scores and reproducible PoCs
Raw evidence, tool output, and collected data uploaded to a secure location
Executive summary and attestation letter

Communication
Critical or high-severity findings should be reported immediately during the engagement.

Timeline
All deliverables due by June 20, 2026.
If the engagement goes well, we quarterly engagements going forward are a possibility.

• Please confirm your availability to execute this project in December 2023.
• Describe your recent experience with similar projects
• Please list any certifications related to this project

Job Description

We are building an AI-powered security automation platform and are looking for frontend and backend developers to help implement core system features.

This is a development project focused on building a working platform, not just a concept or prototype.

Project Overview

The solution is a web-based platform that performs automated source-code security analysis, presents findings through a modern dashboard, and integrates AI-assisted vulnerability classification and scanning workflows.

Developers may work on the frontend, backend, or full-stack implementation depending on their experience.

Scope of Work

Backend:
-Build APIs for managing projects, scans, users, and results
-Integrate static analysis tools
-Implement AI/LLM-based semantic analysis for vulnerability classification
-Generate and validate security rules programmatically
-Handle scan orchestration, progress tracking, and result storage
-Support on-premises / air-gapped deployment requirements
-Follow secure API design and development practices

Frontend:
-Build a responsive web dashboard for security scan results
-Display real-time scan progress and vulnerability findings
-Implement dashboards, tables, charts, and vulnerability detail views
-Support English and Arabic UI, including RTL layout
-Integrate securely with backend APIs
-Ensure a clean and professional UX for enterprise security users


Expected Deliverables:
-Functional frontend UI, including dashboard, scan views, and results pages
-Backend services for scanning, AI analysis, and data management
-API documentation and setup instructions
-Clean, maintainable, and well-documented code
-Deployment guidance for local, on-premises, or enterprise environments


Required Skills:
Frontend:
-React, Vue, or similar modern frontend framework
-REST API integration
-Dashboard and data visualization experience
-Experience with RTL layouts is a plus

Backend:
-Node.js, Python, or similar backend technologies
-Experience with SAST tools
-AI/LLM integration experience
-Secure API design

Experience with scan/job orchestration is a plus

Nice to Have:

-Security engineering or penetration testing background
-Experience building DevSecOps or security tooling
-Experience with enterprise or on-premises deployments
-Experience with AI-assisted code analysis or vulnerability classification

Engagement Details:
-Open to frontend-only, backend-only, or full-stack developers
-Project-based engagement with milestone payments
-Long-term collaboration is possible


NDA required

Budget:

The estimated project budget is up to $25,000 USD.

Proposals must be within this budget. Offers above the budget will not be considered.

Proposals do not need to match the full budget. We are open to offers below this amount depending on the proposed scope, timeline, experience, and milestone structure. Developers are encouraged to provide a clear breakdown of pricing by deliverables or milestones.

We are seeking an experienced Server & Website Security Specialist to manage and secure a cPanel server hosting approximately 100 websites. The role involves ensuring the security and integrity of our server environment, performing regular security audits, and implementing best practices to prevent potential threats. The ideal candidate will have a strong background in server and website security, with experience in managing large-scale hosting environments.

• Describe your recent experience with similar projects
• Please list any certifications related to this project