1. Home
  2. Freelancers
  3. marco.bianchi
Save

Report this freelancer

marco.bianchi

Senior Cybersecurity Consultant | Offensive Security Specialist
United Kingdom
1 January 1990
  • Successful Projects
    1
  • Services Delivered
    1
  • Completed Services
    1
  • Services Pending
    0

Freelancer Information

I’m Marco Bianchi, a cybersecurity consultant originally from Rome and now based in the United Kingdom. I focus on in-depth, manual security testing of web applications, APIs, and mobile platforms. My role is to identify vulnerabilities that matter and support engineering teams in fixing them without disrupting their workflow.

I started my career as a backend developer. I’ve worked with production systems built in Python, Node.js, and TypeScript. I’ve been on release calls, written urgent patch scripts, and reviewed rushed code. That background shaped how I work today. I understand where security issues emerge and how to address them without friction.

Since 2016, I’ve worked with clients across Europe including fintech platforms, health data services, and SaaS providers. My approach is deeply manual and tailored to each target. I focus on authentication, access control, session handling, insecure design, and business logic flaws. I don’t rely on automated tools unless they save time — I test based on how your app works, not just what it’s built with.

Recent examples of my work:

  • Security review of a GraphQL-based SaaS platform used by over 500 organisations. I discovered a logic flaw that allowed cross-tenant access to billing records. Delivered exact payloads and supported the team in fixing the resolver-level logic.
  • Mobile pentest for a European finance startup. Reverse-engineered a React Native app, identified token leakage and session reuse. Helped the team build a more secure session manager before a compliance audit.
  • Threat modelling and architecture review for a healthtech platform preparing for ISO 27001. Focused on IAM, user onboarding risks, and third-party exposure. Worked with their dev lead to implement risk controls with minimal code changes.

I regularly use Burp Suite Pro, Postman, Frida, MobSF, mitmproxy, ZAP, and custom Python scripts. I’ve integrated into CI workflows, written test documentation for engineers, and contributed to hardening sprints before product launches.

I hold the OSCP, OSWE, and AWS Security Specialty certifications. I’ve reported critical bugs to EU SaaS companies, worked under NDAs with regulated platforms, and helped startups prepare for investor due diligence and security reviews.

Clients say I work quietly, move fast, and communicate clearly. I don’t oversell. I don’t deliver noise. I focus on issues that matter, and I stay involved until they’re resolved. If your product is growing and security matters to you, I’d be happy to help you level up before the pressure hits.

Freelancer Education

M
2014 – 2016 MSc Cybersecurity and Software Systems
Politecnico di Milano

Completed a two-year master’s programme focused on secure system design, network defense, cryptographic protocols, and applied software engineering. Worked on multiple hands-on lab projects covering web application vulnerabilities, secure coding practices, and distributed system threats. Final thesis explored privilege escalation risks in containerised environments and mitigation strategies using Linux namespaces and AppArmor.

B
2010 – 2013 BSc Computer Engineering
Sapienza University of Rome

Studied the foundations of computer science, programming, and network infrastructure. Gained hands-on experience with C, Java, and low-level systems through coursework in operating systems, algorithms, and computer architecture. Participated in a security elective focused on buffer overflows, memory safety, and basic reverse engineering, which sparked a long-term interest in offensive security and application hardening.

Work & Experience

S
Jan 2020 - Present Senior Application Security Consultant
Undisclosed European Fintech

Led manual security testing for core web and mobile products used by over 200,000 monthly users. Focused on authentication, authorization, API security, and business logic flaws. Worked directly with backend, frontend, and DevOps teams to triage findings, validate fixes, and implement secure-by-default development patterns. Contributed to security roadmap planning and advised on audit preparation for ISO 27001 and GDPR compliance.

S
Sep 2016 - Dec 2019 Security Engineer
Undisclosed SaaS Platform

Performed application security reviews, threat modelling, and code audits across Node.js and Django microservices. Built internal tooling for automated recon and logic testing. Helped integrate security controls into CI workflows and participated in incident response efforts during early-stage breaches. Supported the engineering team with secure coding workshops and vulnerability remediation guidance.

Awards

O
2020 OSCP
Completed hands-on certification focused on real-world exploitation, privilege escalation, and network pivoting across a controlled lab environment. Demonstrated ability to perform full-scope assessments and document findings in a professional report under time constraints.
O
2023 OSWE – Offensive Security Web Expert
Advanced certification focused on white-box web application security. Required source code analysis, exploit development, and bypassing modern web defenses. Passed the 48-hour practical exam with a focus on authentication bypass and business logic exploitation.
A
2022 AWS Certified Security – Specialty
Validated advanced knowledge of securing cloud infrastructure, IAM design, incident response, data protection, and compliance in AWS environments. Applied to real-world client projects involving cloud service hardening and secure architecture reviews.

Services

Browse Full List
$100.00 / hr
Message

Related Freelancers