Anas is available for hire

Anas Bin Izhar

Verified Expert in Engineering

Information Security Engineer and Developer

Location

Lahore, Punjab, Pakistan

Toptal Member Since

August 18, 2022

Anas is an IT security engineer with five years of experience helping organizations secure their SaaS platforms from threat actors. He is an expert in application security, cloud security, penetration testing, and information system compliance, including ISO 27001 and SOC 2. With keen attention to detail and the ability to adapt to a fast-paced environment, Anas outperforms clients' expectations and provides agile and secure solutions to meet their business needs.

Portfolio

Gelato

Penetration Testing, Incident Response, ISO 27001, Cloud Security, Git...

EX3 Labs

DevSecOps, IT Security, Web Security, Amazon Web Services (AWS)...

Shared Flight

PHP, Web Security, Cloud Security, Symfony, Twig, Amazon Web Services (AWS)...

Experience

ISO 27001 - 4 years Incident Response - 4 years Vulnerability Management - 4 years Application Security - 4 years Penetration Testing - 4 years Python 3 - 3 years Cloud Security - 3 years DevSecOps - 1 year

Availability

Full-time

Preferred Environment

Python 3, Bash, Burp Suite, Kali Linux, Amazon Web Services (AWS), Linux, MacOS, Windows, Docker

The most amazing...

...thing I've done is secure 100+ applications for various clients, such as AT&T, the Government of Barbados, and Silo.

Work Experience

Information Security Analyst

2021 - PRESENT

Gelato

Led the penetration testing and patch management for multiple Gelato products.
Automated vulnerability assessments of third-party production partners.
Led the journey to ISO 27001 with cross-team collaboration.
Managed the responsible disclosure program and worked with external researchers to make Gelato secure.
Used multiple AWS services to ensure security in the cloud.

Technologies: Penetration Testing, Incident Response, ISO 27001, Cloud Security, Git, Python 3, Bash, CircleCI, DevSecOps, Burp Suite, Security Audits, Web Security, OWASP Top 10, OWASP, CI/CD Pipelines, Source Code Review, Task Analysis, Interviewing, Technical Hiring, IT Security, Risk Assessment, Risk Management, Security Testing, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Data Security, Web Architecture, WordPress, JavaScript, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, AWS Marketplace, Infrastructure as Code (IaC), Kubernetes, Cloud Services, AWS CloudFormation, SecOps, DevOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Database Security, Linux, Apache, Cloudflare, DDoS, Laravel, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Threat Intelligence, GRC, Documentation, Business Continuity Planning (BCP)

AWS and Mobile Security Expert

2023 - 2023

EX3 Labs

Conducted a penetration test and security audit on the Carent web, mobile, and cloud infrastructure.
Provided support in remedying the identified issues in the application and cloud.
Implemented static application security scanning via Snyk in the application build process to remediate vulnerabilities in the earlier phase of the software development lifecycle (SDLC).
Provided general consultancy for secure SDLC during the product development process of Carent.

Technologies: DevSecOps, IT Security, Web Security, Amazon Web Services (AWS), Security Audits, Security, Mobile Security, SOC 2, Amazon S3 (AWS S3), Certified Information Systems Security Professional, HIPAA Compliance, HIPAA Electronic Data Interchange (EDI), React Native, Amazon DocumentDB, DocumentDB, Amazon DynamoDB, Amazon EC2, Threat Intelligence, GRC, Documentation

Senior PHP and AWS Developer

2023 - 2023

Shared Flight

Conducted compromise assessment to detect the root cause of a security incident.
Performed a penetration test (pentest) on the application and AWS cloud infrastructure.
Assisted the team in applying mitigation to ensure flaws were patched successfully.

Technologies: PHP, Web Security, Cloud Security, Symfony, Twig, Amazon Web Services (AWS), Strapi, Security, IT Security, Incident Response, Static Application Security Testing (SAST), Threat Intelligence, Documentation

Information Security Specialist

2022 - 2022

Silo

Conducted black-box penetration tests on two of Silo's production web applications.
Provided all the test cases performed during penetration testing per OWASP recommended controls.
Produced a professional report, including all the vulnerabilities and remediation steps.
Consulted and provided feedback on multiple issues reported by the community.

Technologies: Vulnerability Management, Penetration Testing, Security Audits, Security, IT Security, OWASP, Website Audits, Application Security, Cybersecurity, Certified Ethical Hacker (CEH), Vulnerability Identification, Web Security, Data Security, Web Architecture, WordPress, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Security Analysis, Ethical Hacking, Hacking, Database Security, Linux, Apache, Cloudflare, DDoS, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Documentation

Information Security Consultant

2020 - 2022

Freelance

Performed penetration testing services for multiple clients, including government organizations and a SaaS startup.
Provided cybersecurity mentoring services to one of the leading educational platforms.
Wrote 10+ cybersecurity articles for a client in this niche.

Technologies: APIs, Application Security, Amazon Web Services (AWS), Bash, Burp Suite, Cloud Security, Compliance, Computer Networking, DevSecOps, Git, Incident Response, Interviewing, Technical Hiring, IT Security, Scripting, Incident Management, Certified Ethical Hacker (CEH), IoT Security, Python, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Web Security, Data Security, Web Architecture, WordPress, JavaScript, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, AWS Marketplace, Cloud Services, AWS CloudFormation, Internet of Things (IoT), AWS IoT, Database Security, Linux, Apache, DDoS, Laravel, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Documentation

Security Engineer L2

2021 - 2021

Sendoso

Led the penetration testing of the Sendoso SaaS platform.
Developed an information security management system (ISMS) for Sendoso to assist in the ISO 27001 audit.
Investigated multiple security incidents and created playbooks for the incident response process.

Technologies: Penetration Testing, DevSecOps, Cloud Security, Incident Response, Information Security Management Systems (ISMS), ISO 27001, Python 3, Bash, Source Code Review, Task Analysis, IT Security, Risk Assessment, Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Web Security, Data Security, Web Architecture, WordPress, JavaScript, SOC 2, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, DevOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Database Security, Linux, Apache, DDoS, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), GRC, Documentation, Business Continuity Planning (BCP)

Information Security Analyst

2019 - 2021

ibex

Developed an application security testing process and completed penetration testing of 40+ applications carried out by their patching activities.
Led quarterly vulnerability and patch management exercises for all sites in the United States, including workstations and servers.
Assisted in multiple information security audits, including ISO 27001, PCI DSS, and SOC 2.
Enhanced information security log monitoring and incident response processes.

Technologies: Python 3, Penetration Testing, Information Security Management Systems (ISMS), Information Security, SOC 2, ISO 27001, PCI DSS, Security Operations Centers (SOC), Security, Vulnerability Management, Website Audits, Source Code Review, Task Analysis, IT Security, Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Web Security, Data Security, Web Architecture, WordPress, JavaScript, HIPAA Compliance, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, SecOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Internet of Things (IoT), Database Security, Linux, Apache, DDoS, Laravel, Ubuntu, ISO 27002, Single Sign-on (SSO), GRC, Documentation, Business Continuity Planning (BCP)

Experience

Third-party Supplier Audit Automation

Automated the vulnerability detection of third-party production partners to assess each supplier's risk, saving the company 540 hours of manual effort.

The tool detected the following vulnerabilities:
• Weak passwords
• Insecure connections
• Vulnerable software
• Compliance checks

Creation of Application Security Exercises

https://www.hackerrank.com

Created application security screening questions for HackerRank, the world's leading technical assessment website. These questions were a combination of scenario-based multiple-choice questions and exercises to find bugs in the code snippets that assess the analytical and technical capabilities of a candidate. The questions I created are being used by HackerRank's clients to screen application security candidates.

Cybersecurity Mentoring

https://www.thinkful.com/

I have mentored multiple students and professionals to pursue their careers in cybersecurity for one of the leading education platforms in the United States. I guided the students in their course content and discussed real-life scenarios of implementing these concepts during my career. Mentors also helped students land their first jobs in cybersecurity by connecting them with their networks.

Pentest of Silo's Web Application

https://www.silo.finance

Silo is a crypto trading platform that allows traders to trade cryptocurrencies. I was hired to perform a penetration test on their web assets as per Open Web Application Security Project (OWASP) standards. The delivery was a professional report documenting all the vulnerabilities found during the engagement and recommendations for mitigation. Pentest was performed successfully, followed up by the mitigation strategies with the team.

Education

2014 - 2018

Bachelor's Degree in Electrical Engineering

National University of Sciences and Technology - Islamabad, Pakistan

Certifications

FEBRUARY 2024 - PRESENT

Certified DevSecOps Professional (CDP)

Practical DevSecOps

AUGUST 2021 - PRESENT

Offensive Security Certified Professional (OSCP)

Offensive Security

Skills

Languages

Python 3, Bash, Python, JavaScript, PHP

Tools

Git, Apache, CircleCI, SonarQube, AWS CloudFormation, Ansible

Paradigms

Penetration Testing, DevSecOps, Web Architecture, DevOps, DDoS, Object-oriented Programming (OOP), HIPAA Compliance, Continuous Deployment

Platforms

Kali Linux, Burp Suite, Amazon Web Services (AWS), Linux, WordPress, Amazon EC2, Ubuntu, Docker, Kubernetes, AWS IoT, MacOS, Windows

Industry Expertise

Cybersecurity

Storage

Database Security, MySQL, Amazon S3 (AWS S3), Amazon DynamoDB, Inspec

Other

Information Security Management Systems (ISMS), Information Security, ISO 27001, Security Operations Centers (SOC), Cloud Security, Incident Response, Vulnerability Assessment, Web Security, Application Security, Computer Networking, Scripting, Security Audits, Security, Vulnerability Management, OWASP Top 10, OWASP, Website Audits, APIs, Source Code Review, Task Analysis, IT Security, OSCP, Certified Ethical Hacker (CEH), Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Security Management, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Data Security, NIST, Security Analysis, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Cloudflare, ISO 27002, Single Sign-on (SSO), Threat Intelligence, GRC, Documentation, Business Continuity Planning (BCP), SOC 2, PCI DSS, Incident Management, Mobile Security, Compliance, SOC Compliance, CI/CD Pipelines, Interviewing, Technical Hiring, IoT Security, Risk Assessment, Security Testing, Certified Information Systems Security Professional, Identity & Access Management (IAM), Okta, System Administration, Infrastructure as Code (IaC), Internet of Things (IoT), Algorithms, Cryptography, Infrastructure, Networking, HIPAA Electronic Data Interchange (EDI), Amazon DocumentDB, DocumentDB, Strapi, Compliance as Code (CaC)

Frameworks

Laravel, React Native, Symfony, Twig

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring