Cloud Security Jobs

The task is to create a brand-new Microsoft 365 E5 tenant for my client and configure it so that security is airtight from day one. Enhanced security features are the single priority—every element that protects privacy and data (Defender, Purview Information Protection, Conditional Access, Identity Governance, the lot) must be switched on, tuned, and tested. At this stage we are not tying the tenant to any on-premises environment or other cloud service, so you can work in a clean slate scenario. What I expect as concrete deliverables: • Tenant creation and licence assignment for all users • Configuration of Identity & Access Management: MFA enforcement, Conditional Access policies, Privileged Identity Management • Threat protection hardening: Microsoft Defende...

I’m looking for someone who can jump into my AWS account, create or adjust a single S3 bucket so it remains private, and configure it specifically for media storage. Once the bucket is in place, I need direct URLs that already include the necessary security controls—no presigned links that expire, just permanent links that can only be accessed as intended (for example, through a signed CloudFront distribution or an Origin-Access-Control setup). Here’s what I expect at completion: • A correctly-configured S3 bucket with private access policies and minimal public exposure • The IAM roles or policies required for my application to upload and retrieve files programmatically • At least one working, secure URL that proves the configuration works • A b...

Cloud Engineer – Amazon WorkSpaces Setup & Configuration Summary What will be done? The purpose of this project is to deploy and configure a test environment featuring a single Amazon WorkSpaces Personal instance for Robin. This environment will provide seamless integration with existing AWS infrastructure and will enable power users to access current applications and services through a secure, cloud-based virtual desktop. Robin will utilize this environment specifically to validate workflow processes and assess application performance as part of the transition from a traditional RDS setup to Amazon WorkSpaces, ensuring operational continuity and optimal user experience during the migration. Deploy Amazon WorkSpaces using Quick Setup wizard for rapid pilot testing Use AWS WorkSp...

Summary Project Description: We need a third-party expert to collaborate with our engineer to streamline a complex user workflow for a surgical center moving to a cloud-only Azure AVD environment. The desired solution is to use Azure AVD with Windows IoT Enterprise and an HID card reader for a streamlined, minimal-interaction login using card swipe and a potential PIN code. The current AVD card swipe process requires multiple click-throughs, and we need a solution to simplify this. AVD Card Swipe and FIDO Authentication Streamlining Key Deliverables: Brainstorming & Consultation: Provide expert guidance and brainstorm with our internal engineer on streamlining the AVD card scanning and FIDO login process. Policy Development: Advise on and help configure necessary Intune policies and ...

RDP Server Migration & VPN Configuration Summary 1. Current State Currently uses: A dedicated RDP server in Azure Installed with Mocha TN3270 for Windows 10/11 To access a State-hosted IBM Mainframe system Through a State-managed VPN connection That RDP server exists for a single purpose: To allow users to run the TN3270 client and access the State IBM mainframe. Current Network Path Workstation → RDP to Azure server → pfSense firewall in Azure → State VPN → IBM Mainframe Azure contains: A virtual network A pfSense firewall A VPN tunnel from pfSense to the State network The RDP server routes traffic through pfSense, which then routes to the State VPN. This introduces: Unnecessary infrastructure (RDP server) Additional attack surface Additional management ov...

1. JOB POST: Odoo SaaS Security Configuration – QMS User Roles (3‑Tier Access Model) Project Overview We are a small company implementing a lightweight Quality Management System (QMS) inside Odoo SaaS. We need an experienced Odoo SaaS security specialist to design and configure a three‑level permission model that is clean, audit‑friendly, and fully compatible with SaaS limitations (no backend access, no custom modules, no Studio). Required Deliverable: 3‑Level QMS Security Model 1. QMS Read‑Only (External Auditors / Inspectors) - Read‑only access to QMS menus and documents. - No create/edit/delete. - No access to non‑QMS modules. - Must avoid Portal/Public menu leakage. - Must be safe for ISO/FDA/MHRA audits. 2. QMS Contributor (Internal Staff) - Can create and edit QMS documents. -...

My site already runs through Cloudflare and basic protection is in place, yet I know the platform can do much more for security. I want a seasoned Cloudflare specialist to go through my current setup, tighten every loose end, and leave me with a hardened configuration I can trust. Scope of work • Firewall rules – Review what I have, remove redundancies, and add precise allow/deny rules and rate limits that match real-world traffic patterns without blocking legitimate users. • SSL/TLS – Move the zone to the most secure Full (Strict) mode, renew or generate any required origin certificates, enforce HSTS and secure ciphers, and confirm end-to-end encryption is flawless. • Bot management – Configure Bot Fight Mode and related features so genuine traffic ...

We are looking for an experienced IT Systems Administrator who specializes in: Microsoft Intune (endpoint security, device compliance, configuration profiles) Microsoft 365 administration (Exchange Online, Teams, SharePoint, OneDrive, Entra ID / Azure AD) Windows device onboarding, security baselines, BitLocker, Defender, and software deployment Scope of work includes: Setting up and enforcing endpoint security and compliance policies for laptops Creating and managing Intune configuration profiles and app deployments Hardening devices with Defender, BitLocker, and other M365 security tools Supporting user onboarding, access control, and general M365 administration Providing documentation for setup and ongoing maintenance Requirements: Proven experience with Intune and Microsoft ...

I run a custom web application on an Ubuntu droplet at DigitalOcean. Although every obvious door is locked—UFW rules are strict, all unnecessary ports are closed, Fail2ban is active, and SSH keys have been rotated—crypto-miners keep finding a way in and even wiping my authorized_keys file. and they also remove the logs. I need a specialist who can dig deeper than the basics, trace exactly how the breaches occur, close those vectors for good, and leave the box fully hardened. Think kernel-level auditing, service isolation, intrusion-detection tooling, automated patching, and any other best practices you know work on Ubuntu in a cloud-VM context. Deliverables I must see before sign-off: • A concise report pinpointing the original compromise path(s) and the corrective...

I am an entry-level cybersecurity professional transitioning into GRC and security roles. I am building high-quality, real projects for my resume and GitHub and I want to understand every decision, not just receive finished documents. This is not a copy-paste or template job. I am looking for someone who can both build and teach. I will provide detailed project READMEs that describe the scenarios and expectations. Your role is to implement them properly and explain the reasoning behind each decision until I clearly understand it. Scope of Work You will work on one or more of the following projects (starting with one, expanding if the quality is good): ISO 27001:2022 Statement of Applicability with justified exclusions Writing a defensible security risk acceptance document Designing an...

I’m seeking a seasoned Pre-Sales Cybersecurity Engineer who can jump in part-time and strengthen our sales motion with large-enterprise prospects. You’ll own the technical conversation from first discovery through contract signature, translating complex security capabilities into clear business value. Your day-to-day will revolve around three core outcomes: • Technical presentations that engage executive and engineering audiences, highlighting our strengths across Network Security, Endpoint Security, and Cloud Security. • Accurate, persuasive responses to RFPs and RFIs, complete with architecture diagrams, deployment options, and measurable ROI statements. • Robust demo and lab environments you build, tune, and maintain so prospects can test drive features ...

Penetration Test of the IT/OT System of a Photovoltaic Power Plant and Battery Energy Storage System 1. Subject of the Contract The subject of this contract is the execution of a comprehensive penetration test of the IT/OT infrastructure of a photovoltaic power plant and battery energy storage system to assess its resilience against cyberattacks and unauthorized remote control. The test must simulate real-world cyberattack scenarios, focusing on the possibility of: Unauthorized remote access Takeover of device control Manipulation of energy production or storage Disruption of system availability Exploitation of communication interfaces Leakage of sensitive data 2. Scope of Testing The test shall include: 2.1 External Testing Simulation of attacks from the public internet Analy...

Conduct a CREST‑approved penetration test covering OWASP Top 10, infrastructure, and API endpoints. Provide a full report and remediation guidance. You must be UK‑based and able to invoice us as a self‑employed contractor or registered business. You will be working as part of a small team during an intensive 2‑week delivery sprint. Deliverables: Pen test plan Full CREST report Remediation list Optional retest (if included in your service)

Backend for a my app using FastAPI, WebSockets/WebRTC, and modern AI services (Whisper STT, LLaMA-style LLMs, Kokoro/Coqui/Piper TTS, Wav2Lip for avatar video). The system powers realtime speech transcription, AI-assisted text polishing, and interactive avatar-based conversations. Responsibilities Backend ownership: Design, maintain, and extend FastAPI HTTP + WebSocket/WebRTC endpoints. AI integration: Connect and optimize Whisper STT, LLMs, and TTS services for low latency and high reliability. Audio/video pipelines: Handle streaming audio (buffering, resampling, normalization). Integrate avatar video generation with Wav2Lip and related tools. Data & performance Work with MongoDB (and/or relational databases) for schemas, indexing, and efficient queries. Implement caching and backg...

We are a new SaaS startup looking for a rigorous security specialist to perform a **comprehensive end-to-end security audit**. Our mobile app (iOS & Android) is our core product and requires deep-dive scrutiny, while our landing pages and staff admin panel need a focused vulnerability assessment to ensure total ecosystem integrity. ### **The Scope of Work** We need more than a generic automated scan; we require a blend of manual penetration testing and structured configuration review. * **Mobile App (Deep Dive):** Comprehensive testing based on the **OWASP Mobile Application Security (MAS)** framework. This includes binary analysis, session management, local data storage security, and API communication. * **Web & Admin Panel:** Vulnerability assessment of the staff-facing das...

TÉRMINOS DE REFERENCIA Servicio de Análisis de Vulnerabilidades y Pruebas de Intrusión para Infraestructura Tecnológica 1. OBJETIVO DE LA CONTRATACIÓN Contratar un servicio especializado de Análisis de Vulnerabilidades y Pruebas de Intrusión que permita evaluar el nivel de seguridad en: • Defensa perimetral • Redes internas • Sistemas operativos • Aplicaciones web publicadas • Aplicaciones móviles • Sistemas de información y equipos de comunicación 2. PLAZO DE PRESTACIÓN DEL SERVICIO El servicio deberá ejecutarse en un plazo máximo de 45 días calendario. 3. DESCRIPCIÓN DEL SERVICIO Actividades • Evaluar el nivel de seguridad en aplicaciones web, activo...