Keselamatan Awan Jobs

I need an experienced security engineer to harden our multi-tenant SaaS product, prepare us for HIPAA and SOC 2 Type II audits, and stay on call for incident response. The stack runs primarily on AWS, Azure or GCP, with containerised workloads orchestrated by Kubernetes. Day-to-day you will probe our web apps and APIs with Burp Suite and OWASP ZAP, script automation in Bash, and guide the team as we fold security controls into an established Git-based CI/CD pipeline. Key objectives • Run a full penetration test against the platform, documenting exploitable findings against the OWASP Top 10 and cloud-specific misconfigurations. • Configure vulnerability scanning (Nessus, Snyk, Trivy) and wire SAST, DAST and dependency checks into our build pipelines. • Implement and v...

I’m ready to launch a production-grade web application on AWS and need the underlying infrastructure designed and built with security and high availability at its core. The workload will run on EC2, and general-purpose instances are fine; the focus is on a rock-solid architecture, not exotic hardware profiles. Here’s what I have in mind: a VPC with public and private subnets spread across at least two Availability Zones, an Application Load Balancer in front, Auto Scaling groups to keep capacity healthy, and tight security groups plus IAM roles that follow least-privilege rules. Logging to S3, monitoring and alerts through CloudWatch, and encrypted traffic everywhere (ACM certificates, HTTPS, TLS-enabled internal hops) are all must-haves. Wherever possible, I’d like the ...

I need someone who can jump into my Google Cloud Console and create a fresh API key for Vertex AI. The key must have Full access because it will power a third-party application that sits outside the Google ecosystem. Here’s what I expect: • A properly scoped, active API key that can call every Vertex AI endpoint required by the external app. • Any service-account or IAM tweaks completed so the key works immediately—no extra permission errors. • A quick note or screen-share walkthrough showing me where the key lives in the console and how to rotate or revoke it later. You should already be comfortable with Google Cloud Console, IAM roles, and Vertex AI service enablement so the process is smooth and secure.

1. JOB POST: Odoo SaaS Security Configuration – QMS User Roles (3‑Tier Access Model) Project Overview We are a small company based in the UK and use Odoo to manage our business. We have a requirement to add 3 users to the system in Odoo. See below. We need an experienced Odoo SaaS security specialist to design and configure a three‑level permission model that is clean, audit‑friendly, and fully compatible with SaaS limitations (no backend access, no custom modules, no Studio). Required Deliverable: 3‑Level QMS Security Model 1. QMS Read‑Only (External Auditors / Inspectors) - Read‑only access to QMS menus and documents. - No create/edit/delete. - No access to non‑QMS modules. - Must avoid Portal/Public menu leakage. - Must be safe for ISO/FDA/MHRA audits. 2. QMS Contributor (Inte...

Se requiere especialista en ciberseguridad / redes / seguridad informática para desarrollar la parte práctica de un trabajo personal. El proyecto consiste en la implementación y validación técnica de una arquitectura Zero Trust en un entorno virtualizado, comparándola con una arquitectura tradicional basada en VPN. ALCANCE DEL TRABAJO El freelancer deberá: 1. Construir laboratorio virtual Crear entorno simulado de red empresarial. Implementar: Servidor de autenticación (IAM o similar). Servidor de aplicaciones. Segmentación de red. Endpoint remoto. Gateway o firewall. Puede utilizar herramientas como: VMware, VirtualBox, GNS3, Proxmox, Azure Lab, AWS Lab u otra propuesta técnicamente viable. 2. Implementar arquite...

Project Title AWS Architecture Review & Cost Optimisation Recommendations Project Description I am looking for an experienced AWS architecture expert to review my current AWS setup and provide recommendations on how to optimise the infrastructure and reduce costs. This project is review and advisory only. No implementation is required. Scope of Work The expert will: • Review the current AWS architecture and services in use • Identify areas where costs can be reduced • Identify any inefficient resource usage or misconfiguration • Suggest alternative architecture or services that may improve cost efficiency • Recommend best practices for ongoing AWS cost optimisation Deliverable A written report including: • Overview of current architecture (based...

Cloudflare Zero Trust & Starlink CGNAT Home Network – Project Summary This project involves designing a secure home SASE-style network using Starlink Gen 3 (CGNAT) and Cloudflare Zero Trust to protect internal infrastructure while enabling secure remote access. Because Starlink operates behind CGNAT, traditional port forwarding cannot be used. Instead, Cloudflare Tunnel will create encrypted outbound connections to securely expose internal services without opening inbound ports. The network includes NAS storage, Home Assistant, IoT devices, PTZ/NVR security cameras, UPS monitoring systems, and smart-home integrations (Google Home, Alexa, Apple Home). The architecture must provide secure remote administration while maintaining normal automation functionality. Security will rely...

TÉRMINOS DE REFERENCIA Servicio de Análisis de Vulnerabilidades y Pruebas de Intrusión para Infraestructura Tecnológica 1. OBJETIVO DE LA CONTRATACIÓN Contratar un servicio especializado de Análisis de Vulnerabilidades y Pruebas de Intrusión que permita evaluar el nivel de seguridad en: • Defensa perimetral • Redes internas • Sistemas operativos • Aplicaciones web publicadas • Aplicaciones móviles • Sistemas de información y equipos de comunicación 2. PLAZO DE PRESTACIÓN DEL SERVICIO El servicio deberá ejecutarse en un plazo máximo de 45 días calendario. 3. DESCRIPCIÓN DEL SERVICIO Actividades • Evaluar el nivel de seguridad en aplicaciones web, activo...

The task is to create a brand-new Microsoft 365 E5 tenant for my client and configure it so that security is airtight from day one. Enhanced security features are the single priority—every element that protects privacy and data (Defender, Purview Information Protection, Conditional Access, Identity Governance, the lot) must be switched on, tuned, and tested. At this stage we are not tying the tenant to any on-premises environment or other cloud service, so you can work in a clean slate scenario. What I expect as concrete deliverables: • Tenant creation and licence assignment for all users • Configuration of Identity & Access Management: MFA enforcement, Conditional Access policies, Privileged Identity Management • Threat protection hardening: Microsoft Defende...

I’m looking for someone who can jump into my AWS account, create or adjust a single S3 bucket so it remains private, and configure it specifically for media storage. Once the bucket is in place, I need direct URLs that already include the necessary security controls—no presigned links that expire, just permanent links that can only be accessed as intended (for example, through a signed CloudFront distribution or an Origin-Access-Control setup). Here’s what I expect at completion: • A correctly-configured S3 bucket with private access policies and minimal public exposure • The IAM roles or policies required for my application to upload and retrieve files programmatically • At least one working, secure URL that proves the configuration works • A b...

Cloud Engineer – Amazon WorkSpaces Setup & Configuration Summary What will be done? The purpose of this project is to deploy and configure a test environment featuring a single Amazon WorkSpaces Personal instance for Robin. This environment will provide seamless integration with existing AWS infrastructure and will enable power users to access current applications and services through a secure, cloud-based virtual desktop. Robin will utilize this environment specifically to validate workflow processes and assess application performance as part of the transition from a traditional RDS setup to Amazon WorkSpaces, ensuring operational continuity and optimal user experience during the migration. Deploy Amazon WorkSpaces using Quick Setup wizard for rapid pilot testing Use AWS WorkSp...

Summary Project Description: We need a third-party expert to collaborate with our engineer to streamline a complex user workflow for a surgical center moving to a cloud-only Azure AVD environment. The desired solution is to use Azure AVD with Windows IoT Enterprise and an HID card reader for a streamlined, minimal-interaction login using card swipe and a potential PIN code. The current AVD card swipe process requires multiple click-throughs, and we need a solution to simplify this. AVD Card Swipe and FIDO Authentication Streamlining Key Deliverables: Brainstorming & Consultation: Provide expert guidance and brainstorm with our internal engineer on streamlining the AVD card scanning and FIDO login process. Policy Development: Advise on and help configure necessary Intune policies and ...

RDP Server Migration & VPN Configuration Summary 1. Current State Currently uses: A dedicated RDP server in Azure Installed with Mocha TN3270 for Windows 10/11 To access a State-hosted IBM Mainframe system Through a State-managed VPN connection That RDP server exists for a single purpose: To allow users to run the TN3270 client and access the State IBM mainframe. Current Network Path Workstation → RDP to Azure server → pfSense firewall in Azure → State VPN → IBM Mainframe Azure contains: A virtual network A pfSense firewall A VPN tunnel from pfSense to the State network The RDP server routes traffic through pfSense, which then routes to the State VPN. This introduces: Unnecessary infrastructure (RDP server) Additional attack surface Additional management ov...

My site already runs through Cloudflare and basic protection is in place, yet I know the platform can do much more for security. I want a seasoned Cloudflare specialist to go through my current setup, tighten every loose end, and leave me with a hardened configuration I can trust. Scope of work • Firewall rules – Review what I have, remove redundancies, and add precise allow/deny rules and rate limits that match real-world traffic patterns without blocking legitimate users. • SSL/TLS – Move the zone to the most secure Full (Strict) mode, renew or generate any required origin certificates, enforce HSTS and secure ciphers, and confirm end-to-end encryption is flawless. • Bot management – Configure Bot Fight Mode and related features so genuine traffic ...

We are looking for an experienced IT Systems Administrator who specializes in: Microsoft Intune (endpoint security, device compliance, configuration profiles) Microsoft 365 administration (Exchange Online, Teams, SharePoint, OneDrive, Entra ID / Azure AD) Windows device onboarding, security baselines, BitLocker, Defender, and software deployment Scope of work includes: Setting up and enforcing endpoint security and compliance policies for laptops Creating and managing Intune configuration profiles and app deployments Hardening devices with Defender, BitLocker, and other M365 security tools Supporting user onboarding, access control, and general M365 administration Providing documentation for setup and ongoing maintenance Requirements: Proven experience with Intune and Microsoft ...

I run a custom web application on an Ubuntu droplet at DigitalOcean. Although every obvious door is locked—UFW rules are strict, all unnecessary ports are closed, Fail2ban is active, and SSH keys have been rotated—crypto-miners keep finding a way in and even wiping my authorized_keys file. and they also remove the logs. I need a specialist who can dig deeper than the basics, trace exactly how the breaches occur, close those vectors for good, and leave the box fully hardened. Think kernel-level auditing, service isolation, intrusion-detection tooling, automated patching, and any other best practices you know work on Ubuntu in a cloud-VM context. Deliverables I must see before sign-off: • A concise report pinpointing the original compromise path(s) and the corrective...

We are a new SaaS startup looking for a rigorous security specialist to perform a **comprehensive end-to-end security audit**. Our mobile app (iOS & Android) is our core product and requires deep-dive scrutiny, while our landing pages and staff admin panel need a focused vulnerability assessment to ensure total ecosystem integrity. ### **The Scope of Work** We need more than a generic automated scan; we require a blend of manual penetration testing and structured configuration review. * **Mobile App (Deep Dive):** Comprehensive testing based on the **OWASP Mobile Application Security (MAS)** framework. This includes binary analysis, session management, local data storage security, and API communication. * **Web & Admin Panel:** Vulnerability assessment of the staff-facing das...