Anas Bin Izhar, Developer in Lahore, Punjab, Pakistan
Anas is available for hire
Hire Anas

Anas Bin Izhar

Bio

Anas is a security engineer with 8+ years of experience helping organizations secure their SaaS platforms from threat actors. He is an expert in application security, cloud security, penetration testing, and information system compliance, including ISO 27001 and SOC 2. With keen attention to detail and the ability to adapt to a fast-paced environment, Anas outperforms clients' expectations and provides agile and secure solutions to meet their business needs.

Portfolio

Alia Omar
Software Architecture, Security, Risk Assessment, Security Audits, IoT Security...
Distributed Coders Inc.
IT Security, Vulnerability Assessment, Vulnerability Identification...
Forecasted Finance LLC
Security Audits, IT Security, Penetration Testing, Application Security...

Experience

  • Penetration Testing - 7 years
  • Cloud Security - 5 years
  • Vulnerability Management - 5 years
  • Incident Response - 4 years
  • Application Security - 4 years
  • ISO 27001 - 4 years
  • Python 3 - 3 years
  • DevSecOps - 1 year

Preferred Environment

Python 3, Bash, Burp Suite, Kali Linux, Amazon Web Services (AWS), Linux, MacOS, Windows, Docker

The most amazing...

...thing I've done is secure 100+ applications for various clients, such as AT&T, the Government of Barbados, and Silo.

Work Experience

Senior Cybersecurity Consultant for Risk Assessment Innovation

2025 - 2025
Alia Omar
  • Designed and implemented an enterprise risk management system aligned with the NIST Risk Management Framework (RMF), ensuring comprehensive asset identification, risk categorization, and control alignment across the organization.
  • Developed and maintained a centralized risk register to improve enterprise-wide visibility, accountability, and structured risk tracking.
  • Established standardized risk scoring criteria using a likelihood-impact matrix to enable consistent and defensible risk-based decision-making.
Technologies: Software Architecture, Security, Risk Assessment, Security Audits, IoT Security, Industrial Control Systems (ICS), ISO 27001, NIST, SOC 2, Artificial Intelligence (AI), Data Encryption

IT Security Engineer

2025 - 2025
Distributed Coders Inc.
  • Conducted a penetration test on their infrastructure and assets.
  • Documented all the findings along with proof of concepts to help them understand the risks.
  • Helped the team patch the issues and conducted retesting to make sure the patches are applied effectively and cannot be bypassed.
Technologies: IT Security, Vulnerability Assessment, Vulnerability Identification, Penetration Testing, Security Audits, Website Audits, Application Security, Cybersecurity, OWASP, Artificial Intelligence (AI), Data Encryption, GraphQL

Security Auditor

2025 - 2025
Forecasted Finance LLC
  • Conducted a security assessment of their infrastructure and application, resulting in multiple critical severity findings.
  • Tracked and worked with the team to apply appropriate fixes to mitigate these vulnerabilities.
  • Mentored the team to implement security controls like SCA, SAST, and DAST to ensure that the code going into production is secure.
Technologies: Security Audits, IT Security, Penetration Testing, Application Security, Data Encryption, GraphQL

Application Security Developer

2024 - 2024
Thinking LSAT LLC
  • Conducted a full security assessment of AWS infrastructure and web application.
  • Strengthened their AWS infrastructure as per best practices to enhance their security.
  • Enabled security monitoring in AWS via GuardDuty, CloudWatch, and CloudTrail to make sure it detects any security threats.
  • Developed playbooks for the security alerts to make sure the team can respond promptly to the security incidents.
  • Guided them to implement SAST and SCA tools to make sure they are developing applications securely.
Technologies: Security, Amazon Web Services (AWS), OWASP, NIST, Vulnerability Management, JavaScript, React, Node.js, Data Encryption, GraphQL

AWS and Mobile Security Expert

2023 - 2023
EX3 Labs
  • Conducted a penetration test and security audit on the Carent web, mobile, and cloud infrastructure.
  • Provided support in remedying the identified issues in the application and cloud.
  • Implemented static application security scanning via Snyk in the application build process to remediate vulnerabilities in the earlier phase of the software development lifecycle (SDLC).
  • Provided general consultancy for secure SDLC during the product development process of Carent.
Technologies: DevSecOps, IT Security, Web Security, Amazon Web Services (AWS), Security Audits, Security, Mobile Security, SOC 2, Amazon S3 (AWS S3), Certified Information Systems Security Professional, HIPAA Compliance, HIPAA Electronic Data Interchange (EDI), React Native, Amazon DocumentDB, DocumentDB, Amazon DynamoDB, Amazon EC2, Threat Intelligence, GRC, Documentation, OWASP, NIST, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Vulnerability Scanning, ELK (Elastic Stack), Logging, SQL, Anomaly Detection, Incident Handling, Penetration Testing, OSCP, Ethical Hacking, Data Encryption

Senior PHP and AWS Developer

2023 - 2023
Shared Flight
  • Conducted compromise assessment to detect the root cause of a security incident.
  • Performed a penetration test (pentest) on the application and AWS cloud infrastructure.
  • Assisted the team in applying mitigation to ensure flaws were patched successfully.
Technologies: PHP, Web Security, Cloud Security, Symfony, Twig, Amazon Web Services (AWS), Strapi, Security, IT Security, Incident Response, Static Application Security Testing (SAST), Threat Intelligence, Documentation, OWASP, NIST, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Vulnerability Scanning, Logging, SQL, Anomaly Detection, Incident Handling, Penetration Testing, OSCP, Ethical Hacking, Data Encryption

Information Security Specialist

2022 - 2022
Silo
  • Conducted black-box penetration tests on two of Silo's production web applications.
  • Provided all the test cases performed during penetration testing per OWASP recommended controls.
  • Produced a professional report, including all the vulnerabilities and remediation steps.
  • Consulted and provided feedback on multiple issues reported by the community.
Technologies: Vulnerability Management, Penetration Testing, Security Audits, Security, IT Security, OWASP, Website Audits, Application Security, Cybersecurity, Certified Ethical Hacker (CEH), Vulnerability Identification, Web Security, Data Security, Web Architecture, WordPress, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Security Analysis, Ethical Hacking, Hacking, Database Security, Linux, Apache, Cloudflare, DDoS, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Documentation, NIST, Node.js, React, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Vulnerability Scanning, Logging, SQL, Incident Handling, OSCP

Information Security Consultant

2020 - 2022
Freelance
  • Performed penetration testing services for multiple clients, including government organizations and a SaaS startup.
  • Provided cybersecurity mentoring services to one of the leading educational platforms.
  • Wrote 10+ cybersecurity articles for a client in this niche.
Technologies: APIs, Application Security, Amazon Web Services (AWS), Bash, Burp Suite, Cloud Security, Compliance, Computer Networking, DevSecOps, Git, Incident Response, Interviewing, Technical Hiring, IT Security, Scripting, Incident Management, Certified Ethical Hacker (CEH), IoT Security, Python, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Web Security, Data Security, Web Architecture, WordPress, JavaScript, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, AWS Marketplace, Cloud Services, AWS CloudFormation, Internet of Things (IoT), AWS IoT, Database Security, Linux, Apache, DDoS, Laravel, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Documentation, OWASP, NIST, React, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Security Information and Event Management (SIEM), Vulnerability Scanning, IDS/IPS, ELK (Elastic Stack), Security Orchestration, Automation, and Response (SOAR), Logging, SQL, Anomaly Detection, Incident Handling, Penetration Testing, Security, OSCP

Security Engineer L2

2021 - 2021
Sendoso
  • Led the penetration testing of the Sendoso SaaS platform.
  • Developed an information security management system (ISMS) for Sendoso to assist in the ISO 27001 audit.
  • Investigated multiple security incidents and created playbooks for the incident response process.
Technologies: Penetration Testing, DevSecOps, Cloud Security, Incident Response, Information Security Management Systems (ISMS), ISO 27001, Python 3, Bash, Source Code Review, Task Analysis, IT Security, Risk Assessment, Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Web Security, Data Security, Web Architecture, WordPress, JavaScript, SOC 2, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, DevOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Database Security, Linux, Apache, DDoS, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), GRC, Documentation, Business Continuity Planning (BCP), OWASP, React, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Security Information and Event Management (SIEM), Vulnerability Scanning, Security Orchestration, Automation, and Response (SOAR), Logging, SQL, Anomaly Detection, Incident Handling, Security

Information Security Analyst

2019 - 2021
ibex
  • Developed an application security testing process and completed penetration testing of 40+ applications carried out by their patching activities.
  • Led quarterly vulnerability and patch management exercises for all sites in the United States, including workstations and servers.
  • Assisted in multiple information security audits, including ISO 27001, PCI DSS, and SOC 2.
  • Enhanced information security log monitoring and incident response processes.
  • Managed and optimized the LogRhythm SIEM platform for security monitoring, incident detection, and response.
  • Integrated diverse log sources (cloud services, endpoints, and network devices) to enhance threat detection and visibility.
  • Created and fine-tuned correlation rules, dashboards, and alarms to minimize false positives and improve alert accuracy.
Technologies: Python 3, Penetration Testing, Information Security Management Systems (ISMS), Information Security, SOC 2, ISO 27001, PCI DSS, Security Operations Centers (SOC), Security, Vulnerability Management, Website Audits, Source Code Review, Task Analysis, IT Security, Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Web Security, Data Security, Web Architecture, WordPress, JavaScript, HIPAA Compliance, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, SecOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Internet of Things (IoT), Database Security, Linux, Apache, DDoS, Laravel, Ubuntu, ISO 27002, Single Sign-on (SSO), GRC, Documentation, Business Continuity Planning (BCP), OWASP, Node.js, React, REST APIs, TypeScript, Communication, Web App Security, Security Information and Event Management (SIEM), IDS/IPS, CISSP, Security Orchestration, Automation, and Response (SOAR), Logging, SQL, Anomaly Detection, Incident Handling

Experience

Third-party Supplier Audit Automation

Automated the vulnerability detection of third-party production partners to assess each supplier's risk, saving the company 540 hours of manual effort.

The tool detected the following vulnerabilities:
• Weak passwords
• Insecure connections
• Vulnerable software
• Compliance checks

Creation of Application Security Exercises

https://www.hackerrank.com
Created application security screening questions for HackerRank, the world's leading technical assessment website. These questions were a combination of scenario-based multiple-choice questions and exercises to find bugs in the code snippets that assess the analytical and technical capabilities of a candidate. The questions I created are being used by HackerRank's clients to screen application security candidates.

Cybersecurity Mentoring

https://www.thinkful.com/
I have mentored multiple students and professionals to pursue their careers in cybersecurity for one of the leading education platforms in the United States. I guided the students in their course content and discussed real-life scenarios of implementing these concepts during my career. Mentors also helped students land their first jobs in cybersecurity by connecting them with their networks.

Pentest of Silo's Web Application

https://www.silo.finance
Silo is a crypto trading platform that allows traders to trade cryptocurrencies. I was hired to perform a penetration test on their web assets as per Open Web Application Security Project (OWASP) standards. The delivery was a professional report documenting all the vulnerabilities found during the engagement and recommendations for mitigation. Pentest was performed successfully, followed up by the mitigation strategies with the team.

Education

2014 - 2018

Bachelor's Degree in Electrical Engineering

National University of Sciences and Technology - Islamabad, Pakistan

Certifications

DECEMBER 2025 - PRESENT

Certified Cloud-Native Security Expert

Practical DevSecOps

FEBRUARY 2024 - PRESENT

Certified DevSecOps Professional (CDP)

Practical DevSecOps

AUGUST 2021 - PRESENT

Offensive Security Certified Professional (OSCP)

Offensive Security

Skills

Libraries/APIs

Node.js, React, REST APIs

Tools

Git, Apache, ELK (Elastic Stack), Logging, CircleCI, SonarQube, AWS CloudFormation, Ansible, GitLab CI/CD

Languages

Python 3, Bash, Python, JavaScript, TypeScript, SQL, GraphQL, PHP

Paradigms

Penetration Testing, DevSecOps, Web Architecture, DevOps, DDoS, Security Orchestration, Automation, and Response (SOAR), Anomaly Detection, Object-oriented Programming (OOP), HIPAA Compliance, Continuous Deployment, Role-based Access Control (RBAC), Microservices

Platforms

Kali Linux, Burp Suite, Amazon Web Services (AWS), Linux, WordPress, Amazon EC2, Ubuntu, Docker, Kubernetes, AWS IoT, MacOS, Windows

Industry Expertise

Cybersecurity

Storage

Amazon S3 (AWS S3), Database Security, MySQL, Amazon DynamoDB, Inspec

Frameworks

Laravel, React Native, Symfony, Twig

Other

Information Security Management Systems (ISMS), Information Security, ISO 27001, Security Operations Centers (SOC), Cloud Security, Incident Response, Vulnerability Assessment, Web Security, Application Security, Computer Networking, Scripting, Security Audits, Security, Vulnerability Management, OWASP Top 10, OWASP, Website Audits, APIs, Source Code Review, Task Analysis, IT Security, OSCP, Certified Ethical Hacker (CEH), Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Security Management, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Data Security, NIST, Security Analysis, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Cloudflare, ISO 27002, Single Sign-on (SSO), Threat Intelligence, GRC, Documentation, Business Continuity Planning (BCP), Code Auditing, Communication, Web App Security, Security Information and Event Management (SIEM), Vulnerability Scanning, IDS/IPS, CISSP, Incident Handling, Artificial Intelligence (AI), Data Encryption, SOC 2, PCI DSS, Incident Management, Mobile Security, Compliance, SOC Compliance, CI/CD Pipelines, Interviewing, Technical Hiring, IoT Security, Risk Assessment, Security Testing, Certified Information Systems Security Professional, Identity & Access Management (IAM), Okta, System Administration, Infrastructure as Code (IaC), Internet of Things (IoT), Algorithms, Cryptography, Infrastructure, Networking, HIPAA Electronic Data Interchange (EDI), Amazon DocumentDB, DocumentDB, Strapi, Compliance as Code (CaC), Containers, Software Architecture, Industrial Control Systems (ICS)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring