Syed is available for hire
Hire SyedSyed Jan Muhammad Zaidi
Verified Expert in Engineering
Cybersecurity Engineer and Developer
Melbourne, Victoria, Australia
Toptal member since February 5, 2026
Bio
Syed is a cybersecurity professional who helps enterprises and startups strengthen their application, cloud, and overall security posture. He blends hands-on testing, risk assessments, and remediation guidance to uncover real attack paths and improve defenses. Skilled across web, API, mobile, and cloud environments, Syed partners with engineering and leadership teams to translate technical findings into business risk and actionable fixes that improve long-term security maturity and resilience.
Portfolio
Darkanon
ISO 27001, Penetration Testing, Application Security, Cloud Security...
Trillium Information Security Systems
Penetration Testing, Application Security...
Mutex Systems Pvt. Ltd
Penetration Testing, Vulnerability Assessment...
Experience
- ISO 27001 - 6 years
- Penetration Testing - 6 years
- Application Security - 6 years
- Risk Assessment - 6 years
- Security Audits - 6 years
- Python - 6 years
- Risk Analysis - 5 years
- Stakeholder Communication - 5 years
Preferred Environment
Linux, Windows, MacOS, Git, Slack, CI/CD Pipelines
The most amazing...
...success has been discovering a real-world RCE that became a published CVE and ranked in the global top 100 on Intigriti for reporting critical vulnerabilities.
Work Experience
Founder and Principal Security Consultant
2021 - PRESENT
Darkanon
- Founded and led a cybersecurity consulting practice delivering penetration testing, cloud security reviews, and risk assessments for startup and enterprise clients.
- Directed end-to-end security engagements, defining scope, threat models, and testing strategy while executing deep technical assessments across web, API, and cloud systems.
- Advised founders and engineering leaders on security posture, translating technical findings into business risk and prioritized remediation roadmaps.
- Delivered executive-level reports and technical deep dives that accelerated remediation and improved client security maturity.
- Validated complex attack chains and proof-of-concept (POC) exploits to demonstrate the real-world impact of vulnerabilities.
- Mentored junior consultants and established internal testing methodology aligned with OWASP, PTES, and MITRE ATT&CK.
- Supported presales and solution design discussions, shaping security assessment strategy and client engagement plans.
Technologies: ISO 27001, Penetration Testing, Application Security, Cloud Security, Security Audits, Vulnerability Management, Threat Modeling, Security Architecture, Risk Assessment, Amazon Web Services (AWS), Azure, Strategy, Client Consulting, Stakeholder Communication, Technical Leadership, Risk Analysis, Python, Burp Suite, IT Security, Security
Supervisor Security Assessments
2021 - 2025
Trillium Information Security Systems
- Performed in-depth technical security assessments across web, API, mobile, and cloud platforms, identifying exploitable attack paths and high-risk misconfigurations.
- Evaluated AWS and Azure environments for privilege escalation, identity risks, and data exposure, providing remediation guidance and risk treatment recommendations.
- Executed penetration tests aligned with OWASP and PTES methodologies, validating real-world impact and supporting secure remediation planning.
- Reviewed CI/CD workflows and application deployments to identify security gaps in build, access control, and secret management processes.
- Developed POC exploits to demonstrate business impact and support prioritization of critical vulnerabilities.
- Collaborated with engineering teams to translate findings into risk treatment actions and practical remediation roadmaps.
- Supported the vulnerability management lifecycle by validating fixes, retesting systems, and tracking remediation progress across client environments.
- Assisted in aligning technical findings with risk management and compliance expectations across client engagements.
Technologies: Penetration Testing, Application Security, Web Application Security (Web AppSec), Mobile Security, Mobile App Security, Cloud Security, AWS Cloud Security, Azure Cloud Security, Network Security, Red Teaming, Secure Code Best Practices, Vulnerability Assessment, AWS Identity and Access Management, Active Directory (AD), Burp Suite, Metasploit, ISO 27001, OWASP, MITRE ATT&CK, OWASP ASVS, OWASP MASVS, Python, Windows PowerShell, Kubernetes, CI/CD Pipelines, Risk Assessment, IT Security, Kubernetes Security, Security, GitHub Actions
Vulnerability Assessment and Penetration Testing (VAPT) Engineer
2020 - 2021
Mutex Systems Pvt. Ltd
- Performed vulnerability assessments and penetration testing across web and mobile applications, identifying OWASP top 10 and logic-based security flaws.
- Executed security testing using tools such as Burp Suite, Metasploit, Nessus, and Nexpose to uncover exploitable vulnerabilities in client environments.
- Conducted static code analysis using Checkmarx and Fortify to identify insecure coding patterns and high-risk vulnerabilities.
- Supported the deployment and configuration of security tools, including Rapid7 Nexpose, Metasploit Pro, and AppSpider across client networks.
- Assisted in remediation validation by retesting identified vulnerabilities and confirming effectiveness of applied security fixes.
- Performed security assessments on Linux and Windows environments, identifying configuration weaknesses and patch gaps.
- Provided technical support and guidance to clients during remediation phases to improve overall security posture.
- Documented technical findings and contributed to structured vulnerability reports delivered to client stakeholders.
- Conducted basic network and infrastructure assessments to identify exposed services and misconfigurations.
Technologies: Penetration Testing, Vulnerability Assessment, Web Application Security (Web AppSec), Mobile App Security, Network Security, Burp Suite, Nexpose, Rapid7, Checkmarx, Nessus, Fortinet, OWASP Top 10, Linux, Windows, Metasploit, IT Security, Security
Experience
Incident Response and Risk Assessment for Automotive Manufacturer
https://www.linkedin.com/posts/syed-jan-muhammad-zaidi_digitalguardian-proudmoment-cybersecurity-activity-7105892558563627009-cFKqI supported incident response and led technical security testing following a cyber incident affecting a major automotive manufacturer in Pakistan.
I conducted rapid risk assessments across web applications and internal networks to identify potential entry points, privilege escalation paths, and data exposure risks. I also coordinated testing efforts with stakeholders to validate vulnerabilities, assess blast radius, and prioritize remediation actions aligned with business impact. I delivered structured findings and risk treatment recommendations to support containment, recovery, and longer-term security improvements.
This engagement strengthened incident response coordination, improved visibility into attack surface risks, and helped the organization implement more resilient security controls and monitoring practices.
I was awarded the Guardian of the Digital Realm for my outstanding performance on the project.
I conducted rapid risk assessments across web applications and internal networks to identify potential entry points, privilege escalation paths, and data exposure risks. I also coordinated testing efforts with stakeholders to validate vulnerabilities, assess blast radius, and prioritize remediation actions aligned with business impact. I delivered structured findings and risk treatment recommendations to support containment, recovery, and longer-term security improvements.
This engagement strengthened incident response coordination, improved visibility into attack surface risks, and helped the organization implement more resilient security controls and monitoring practices.
I was awarded the Guardian of the Digital Realm for my outstanding performance on the project.
Discovery of Remote Code Execution Vulnerability (Published CVE)
https://nvd.nist.gov/vuln/detail/CVE-2024-3121I identified and responsibly disclosed a critical remote code execution vulnerability in a widely used open-source application. I performed vulnerability analysis, developed a working POC exploit, and coordinated disclosure with maintainers. The issue was assigned a public CVE and remediated by the development team. This work demonstrated strong vulnerability research capability and reinforced secure coding practices within the affected project ecosystem.
End-to-end Security Assessment for Multi-tenant SaaS Platform
I directed a comprehensive security assessment covering web, API, cloud infrastructure, and identity controls for a multi-tenant SaaS platform. I identified critical attack paths, including those involving privilege escalation and data exposure. I also delivered a risk-prioritized remediation roadmap and worked with engineering teams to validate fixes and improve overall security posture.
Cloud and Identity Security Assessment for Enterprise Environment
I performed an in-depth security review of cloud and identity architecture across AWS and Azure environments for an enterprise client. I assessed IAM configurations, role permissions, exposed services, and logging practices to identify privilege escalation paths and data exposure risks. I also conducted targeted testing to validate real-world exploitability and provided a structured risk treatment plan aligned with business priorities. Finally, I collaborated with engineering teams to implement improved access controls, monitoring, and secure configuration baselines.
The project improved visibility into cloud risks and supported the client's broader security and compliance objectives.
The project improved visibility into cloud risks and supported the client's broader security and compliance objectives.
CI/CD and Secure Development Pipeline Review
I reviewed CI/CD pipelines, deployment workflows, and access controls for a cloud-hosted application environment. I identified risks related to secret management, build permissions, and insecure pipeline configurations that could allow unauthorized code execution or data access. I also conducted targeted validation testing and provided actionable recommendations to strengthen pipeline security and reduce supply-chain risk. I worked with engineering teams to improve secure configuration practices and integrate security checks into the development lifecycle.
This engagement improved the client's confidence in their release process and reduced exposure to build-pipeline attacks.
This engagement improved the client's confidence in their release process and reduced exposure to build-pipeline attacks.
Education
2017 - 2021
Bachelor's Degree in Computer Science
Bahria University - Islamabad, Pakistan
Certifications
FEBRUARY 2023 - MARCH 2026
Certified Ethical Hacker (Practical)
EC-Council
SEPTEMBER 2022 - PRESENT
Certified Red Team Professional
Altered Security
DECEMBER 2020 - PRESENT
InsightVM Certified Administrator
Rapid7
JULY 2020 - PRESENT
Penetration Testing, Incident Response, and Forensics
Coursera
Skills
Tools
Git, Slack, Metasploit, Nexpose, Checkmarx, Nessus, IBM Security AppScan
Paradigms
Penetration Testing, Secure Code Best Practices, DevSecOps, Security Orchestration, Automation, and Response (SOAR)
Platforms
Linux, Windows, Burp Suite, Kubernetes, MacOS, Amazon Web Services (AWS), Azure, Rapid7
Languages
Python, C++
Frameworks
Windows PowerShell
Other
CI/CD Pipelines, Information Security, ISO 27001, Application Security, Cloud Security, Security Audits, Web Application Security (Web AppSec), Mobile Security, Mobile App Security, AWS Cloud Security, Azure Cloud Security, OWASP ASVS, OWASP MASVS, OWASP Top 10, IT Security, Security, Threat Modeling, Stakeholder Communication, MITRE ATT&CK, GitHub Actions, Cybersecurity Operations, Vulnerability Management, Security Architecture, Risk Assessment, Strategy, Client Consulting, Technical Leadership, Risk Analysis, Network Security, Red Teaming, Vulnerability Assessment, AWS Identity and Access Management, Active Directory (AD), OWASP, Fortinet, Information Gathering, Malware Analysis, Social Engineering, Source Code Review, Incident Response, Patch Management, Security Operations Centers (SOC), Digital Forensics, Security Analysis, Scripting, Kubernetes Security
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring