Security Engineer & Deliverability Expert server hardening

Harden and secure the server & app, validate/restore DB integrity, and configure Brevo + DNS so emails (transactional & notifications) are authenticated and not routed to spam.

Objectives / Deliverables • Security audit report (1–2 pages): vulnerabilities found, priority fixes, risk rating. • Implement immediate hardening: disable root SSH, create non-root user, rotate keys, setup firewall (ufw/iptables), fail2ban, disable unused services, TLS setup, update packages. • Restore/verify DB integrity (if backups exist) and confirm model artifact location. • Configure monitoring/logging (simple): log rotation, basic log shipping (or UptimeRobot/health checks). • Implement SPF, DKIM, DMARC for Brevo & verify domain authentication (DNS records added). Test deliverability and provide evidence (MXToolbox / mail-tester results). • Produce a short runbook: backup, emergency restore, how to rotate keys and add new deploys. • 14-day post-migration monitoring period (optional) — respond to critical incidents.

Acceptance criteria • Server hardened and accessible via non-root user; SSH keys rotated. • Post-hardening scan shows no critical vuln (report included). • SPF/DKIM/DMARC implemented and passing; Mail-Tester score > 7/10 or similar confirmation from Brevo. • Backup taken & DB dump with checksum available. • Clear runbook provided.

Skills & experience • Linux sysadmin experience; real world hardening projects. • Experience with Hetzner/ServerMania or typical cloud hosting. • Strong email deliverability knowledge (SPF/DKIM/DMARC + Brevo or Sendgrid). • Penetration testing/OS hardening certs desirable (e.g., CIS, OSCP).

Timeline & budget (suggested) • Timeline: 2–5 days for audit + hardening; 14 days monitoring optional.

Budget: USD 400 (Fixed Price)

Proposals: 17 freelancers have applied