Anas Bin Izhar
Verified Expert in Engineering
Information Security Engineer and Developer
Lahore, Punjab, Pakistan
Toptal member since August 18, 2022
Anas is an IT security engineer with five years of experience helping organizations secure their SaaS platforms from threat actors. He is an expert in application security, cloud security, penetration testing, and information system compliance, including ISO 27001 and SOC 2. With keen attention to detail and the ability to adapt to a fast-paced environment, Anas outperforms clients' expectations and provides agile and secure solutions to meet their business needs.
Portfolio
Experience
Availability
Preferred Environment
Python 3, Bash, Burp Suite, Kali Linux, Amazon Web Services (AWS), Linux, MacOS, Windows, Docker
The most amazing...
...thing I've done is secure 100+ applications for various clients, such as AT&T, the Government of Barbados, and Silo.
Work Experience
Information Security Analyst
Gelato
- Led the penetration testing and patch management for multiple Gelato products.
- Automated vulnerability assessments of third-party production partners.
- Led the journey to ISO 27001 with cross-team collaboration.
- Managed the responsible disclosure program and worked with external researchers to make Gelato secure.
- Used multiple AWS services to ensure security in the cloud.
AWS and Mobile Security Expert
EX3 Labs
- Conducted a penetration test and security audit on the Carent web, mobile, and cloud infrastructure.
- Provided support in remedying the identified issues in the application and cloud.
- Implemented static application security scanning via Snyk in the application build process to remediate vulnerabilities in the earlier phase of the software development lifecycle (SDLC).
- Provided general consultancy for secure SDLC during the product development process of Carent.
Senior PHP and AWS Developer
Shared Flight
- Conducted compromise assessment to detect the root cause of a security incident.
- Performed a penetration test (pentest) on the application and AWS cloud infrastructure.
- Assisted the team in applying mitigation to ensure flaws were patched successfully.
Information Security Specialist
Silo
- Conducted black-box penetration tests on two of Silo's production web applications.
- Provided all the test cases performed during penetration testing per OWASP recommended controls.
- Produced a professional report, including all the vulnerabilities and remediation steps.
- Consulted and provided feedback on multiple issues reported by the community.
Information Security Consultant
Freelance
- Performed penetration testing services for multiple clients, including government organizations and a SaaS startup.
- Provided cybersecurity mentoring services to one of the leading educational platforms.
- Wrote 10+ cybersecurity articles for a client in this niche.
Security Engineer L2
Sendoso
- Led the penetration testing of the Sendoso SaaS platform.
- Developed an information security management system (ISMS) for Sendoso to assist in the ISO 27001 audit.
- Investigated multiple security incidents and created playbooks for the incident response process.
Information Security Analyst
ibex
- Developed an application security testing process and completed penetration testing of 40+ applications carried out by their patching activities.
- Led quarterly vulnerability and patch management exercises for all sites in the United States, including workstations and servers.
- Assisted in multiple information security audits, including ISO 27001, PCI DSS, and SOC 2.
- Enhanced information security log monitoring and incident response processes.
Experience
Third-party Supplier Audit Automation
The tool detected the following vulnerabilities:
• Weak passwords
• Insecure connections
• Vulnerable software
• Compliance checks
Creation of Application Security Exercises
https://www.hackerrank.comCybersecurity Mentoring
https://www.thinkful.com/Pentest of Silo's Web Application
https://www.silo.financeEducation
Bachelor's Degree in Electrical Engineering
National University of Sciences and Technology - Islamabad, Pakistan
Certifications
Certified DevSecOps Professional (CDP)
Practical DevSecOps
Offensive Security Certified Professional (OSCP)
Offensive Security
Skills
Libraries/APIs
Node.js, React.js, REST API
Tools
Git, Apache, CircleCI, SonarQube, AWS, Ansible
Languages
Python, Bash, Python, JavaScript, TypeScript, PHP
Paradigms
Penetration Testing, DevSecOps, Web Architecture, DevOps, DDoS, Object-oriented Programming (OOP), HIPAA Compliance, Agile Development
Platforms
Linux, Burp Suite, AWS, Linux, WordPress Development, Amazon EC2, Ubuntu, Docker, Kubernetes, AWS IoT, MacOS, Windows Development
Industry Expertise
Cybersecurity
Storage
Database, MySQL, Amazon S3, AWS, Inspec
Frameworks
Laravel, React Native, Symfony, Twig
Other
Information Security Management Systems (ISMS), Information Security, ISO 27001, Security Operations Centers (SOC), Cloud Security, Incident Response, Vulnerability Assessment, System Security, Application Security, Computer Networking, Scripting, Security Audits, Security, Vulnerability Management, OWASP Top 10, OWASP, Website Audits, APIs, Source Code Review, Task Analysis, IT Security, OSCP, Ethical Hacking, Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Security Management, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Data Security, NIST, Security Analysis, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, System Security, System Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Cloudflare, ISO 27002, SSO Engineering, System Security, GRC, Documentation, Business Continuity Planning (BCP), Code Auditing, Communication Coaching, System Security, SOC 2( Service Organization Control), PCI DSS, Incident Management, Mobile Security, Compliance, SOC Compliance, CI/CD Pipelines, Interviewing, Technical Hiring, System Security, Risk Assessment, System Security, Certified Information Systems Security Professional, Identity & Access Management (IAM), OKTA, System Administration, Infrastructure as Code (IaC), Artificial Intelligence, Algorithms, Crytographer, Infrastructure, Networking, HIPAA Electronic Data Interchange (EDI), Amazon DocumentDB, DocumentDB, Strapi, Compliance as Code (CaC)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring