Anas Bin Izhar, Developer in Lahore, Punjab, Pakistan
Anas is available for hire
Hire Anas

Anas Bin Izhar

Verified Expert  in Engineering

Information Security Engineer and Developer

Lahore, Punjab, Pakistan

Toptal member since August 18, 2022

Bio

Anas is an IT security engineer with five years of experience helping organizations secure their SaaS platforms from threat actors. He is an expert in application security, cloud security, penetration testing, and information system compliance, including ISO 27001 and SOC 2. With keen attention to detail and the ability to adapt to a fast-paced environment, Anas outperforms clients' expectations and provides agile and secure solutions to meet their business needs.

Portfolio

Gelato
Penetration Testing, Incident Response, ISO 27001, Cloud Security, Git, Python...
EX3 Labs
DevSecOps, IT Security, System Security, AWS, Security Audits, Security...
Shared Flight
PHP, System Security, Cloud Security, Symfony, Twig, AWS, Strapi, Security...

Experience

Availability

Full-time

Preferred Environment

Python 3, Bash, Burp Suite, Kali Linux, Amazon Web Services (AWS), Linux, MacOS, Windows, Docker

The most amazing...

...thing I've done is secure 100+ applications for various clients, such as AT&T, the Government of Barbados, and Silo.

Work Experience

Information Security Analyst

2021 - PRESENT
Gelato
  • Led the penetration testing and patch management for multiple Gelato products.
  • Automated vulnerability assessments of third-party production partners.
  • Led the journey to ISO 27001 with cross-team collaboration.
  • Managed the responsible disclosure program and worked with external researchers to make Gelato secure.
  • Used multiple AWS services to ensure security in the cloud.
Technologies: Penetration Testing, Incident Response, ISO 27001, Cloud Security, Git, Python, Bash, CircleCI, DevSecOps, Burp Suite, Security Audits, System Security, OWASP Top 10, OWASP, CI/CD Pipelines, Source Code Review, Task Analysis, Interviewing, Technical Hiring, IT Security, Risk Assessment, Risk Management, System Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Ethical Hacking, Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Data Security, Web Architecture, WordPress Development, JavaScript, Amazon S3, Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), NIST, Security Analysis, OKTA, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, AWS Marketplace, Infrastructure as Code (IaC), Kubernetes, Cloud Services, AWS, SecOps, DevOps, System Security, System Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Database, Linux, Apache, Cloudflare, DDoS, Laravel, Ubuntu, Algorithms, ISO 27002, SSO Engineering, System Security, GRC, Documentation, Business Continuity Planning (BCP), Node.js, React.js, Code Auditing, REST API, TypeScript, Communication Coaching, System Security

AWS and Mobile Security Expert

2023 - 2023
EX3 Labs
  • Conducted a penetration test and security audit on the Carent web, mobile, and cloud infrastructure.
  • Provided support in remedying the identified issues in the application and cloud.
  • Implemented static application security scanning via Snyk in the application build process to remediate vulnerabilities in the earlier phase of the software development lifecycle (SDLC).
  • Provided general consultancy for secure SDLC during the product development process of Carent.
Technologies: DevSecOps, IT Security, System Security, AWS, Security Audits, Security, Mobile Security, SOC 2( Service Organization Control), Amazon S3, Certified Information Systems Security Professional, HIPAA Compliance, HIPAA Electronic Data Interchange (EDI), React Native, Amazon DocumentDB, DocumentDB, AWS, Amazon EC2, System Security, GRC, Documentation, OWASP, NIST, Code Auditing, REST API, TypeScript, Communication Coaching, System Security

Senior PHP and AWS Developer

2023 - 2023
Shared Flight
  • Conducted compromise assessment to detect the root cause of a security incident.
  • Performed a penetration test (pentest) on the application and AWS cloud infrastructure.
  • Assisted the team in applying mitigation to ensure flaws were patched successfully.
Technologies: PHP, System Security, Cloud Security, Symfony, Twig, AWS, Strapi, Security, IT Security, Incident Response, Static Application Security Testing (SAST), System Security, Documentation, OWASP, NIST, Code Auditing, REST API, TypeScript, Communication Coaching, System Security

Information Security Specialist

2022 - 2022
Silo
  • Conducted black-box penetration tests on two of Silo's production web applications.
  • Provided all the test cases performed during penetration testing per OWASP recommended controls.
  • Produced a professional report, including all the vulnerabilities and remediation steps.
  • Consulted and provided feedback on multiple issues reported by the community.
Technologies: Vulnerability Management, Penetration Testing, Security Audits, Security, IT Security, OWASP, Website Audits, Application Security, Cybersecurity, Ethical Hacking, Vulnerability Identification, System Security, Data Security, Web Architecture, WordPress Development, Amazon S3, Certified Information Systems Security Professional, Amazon EC2, Security Analysis, Ethical Hacking, Hacking, Database, Linux, Apache, Cloudflare, DDoS, Ubuntu, Algorithms, ISO 27002, SSO Engineering, Documentation, NIST, Node.js, React.js, Code Auditing, REST API, TypeScript, Communication Coaching, System Security

Information Security Consultant

2020 - 2022
Freelance
  • Performed penetration testing services for multiple clients, including government organizations and a SaaS startup.
  • Provided cybersecurity mentoring services to one of the leading educational platforms.
  • Wrote 10+ cybersecurity articles for a client in this niche.
Technologies: APIs, Application Security, AWS, Bash, Burp Suite, Cloud Security, Compliance, Computer Networking, DevSecOps, Git, Incident Response, Interviewing, Technical Hiring, IT Security, Scripting, Incident Management, Ethical Hacking, System Security, Python, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, System Security, Data Security, Web Architecture, WordPress Development, JavaScript, Amazon S3, Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), Security Analysis, OKTA, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, AWS Marketplace, Cloud Services, AWS, Artificial Intelligence, AWS IoT, Database, Linux, Apache, DDoS, Laravel, Ubuntu, Algorithms, ISO 27002, SSO Engineering, Documentation, OWASP, NIST, React.js, Code Auditing, REST API, TypeScript, Communication Coaching, System Security

Security Engineer L2

2021 - 2021
Sendoso
  • Led the penetration testing of the Sendoso SaaS platform.
  • Developed an information security management system (ISMS) for Sendoso to assist in the ISO 27001 audit.
  • Investigated multiple security incidents and created playbooks for the incident response process.
Technologies: Penetration Testing, DevSecOps, Cloud Security, Incident Response, Information Security Management Systems (ISMS), ISO 27001, Python, Bash, Source Code Review, Task Analysis, IT Security, Risk Assessment, Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Ethical Hacking, Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, System Security, Data Security, Web Architecture, WordPress Development, JavaScript, SOC 2( Service Organization Control), Amazon S3, Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), NIST, Security Analysis, OKTA, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, DevOps, System Security, System Security, Monitoring, Intrusion Detection Systems (IDS), Database, Linux, Apache, DDoS, Ubuntu, Algorithms, ISO 27002, SSO Engineering, GRC, Documentation, Business Continuity Planning (BCP), OWASP, React.js, Code Auditing, REST API, TypeScript, Communication Coaching, System Security

Information Security Analyst

2019 - 2021
ibex
  • Developed an application security testing process and completed penetration testing of 40+ applications carried out by their patching activities.
  • Led quarterly vulnerability and patch management exercises for all sites in the United States, including workstations and servers.
  • Assisted in multiple information security audits, including ISO 27001, PCI DSS, and SOC 2.
  • Enhanced information security log monitoring and incident response processes.
Technologies: Python, Penetration Testing, Information Security Management Systems (ISMS), Information Security, SOC 2( Service Organization Control), ISO 27001, PCI DSS, Security Operations Centers (SOC), Security, Vulnerability Management, Website Audits, Source Code Review, Task Analysis, IT Security, Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Ethical Hacking, Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, System Security, Data Security, Web Architecture, WordPress Development, JavaScript, HIPAA Compliance, Identity & Access Management (IAM), NIST, Security Analysis, OKTA, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, SecOps, System Security, System Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Artificial Intelligence, Database, Linux, Apache, DDoS, Laravel, Ubuntu, ISO 27002, SSO Engineering, GRC, Documentation, Business Continuity Planning (BCP), OWASP, Node.js, React.js, REST API, TypeScript, Communication Coaching, System Security

Third-party Supplier Audit Automation

Automated the vulnerability detection of third-party production partners to assess each supplier's risk, saving the company 540 hours of manual effort.

The tool detected the following vulnerabilities:
• Weak passwords
• Insecure connections
• Vulnerable software
• Compliance checks

Creation of Application Security Exercises

https://www.hackerrank.com
Created application security screening questions for HackerRank, the world's leading technical assessment website. These questions were a combination of scenario-based multiple-choice questions and exercises to find bugs in the code snippets that assess the analytical and technical capabilities of a candidate. The questions I created are being used by HackerRank's clients to screen application security candidates.

Cybersecurity Mentoring

https://www.thinkful.com/
I have mentored multiple students and professionals to pursue their careers in cybersecurity for one of the leading education platforms in the United States. I guided the students in their course content and discussed real-life scenarios of implementing these concepts during my career. Mentors also helped students land their first jobs in cybersecurity by connecting them with their networks.

Pentest of Silo's Web Application

https://www.silo.finance
Silo is a crypto trading platform that allows traders to trade cryptocurrencies. I was hired to perform a penetration test on their web assets as per Open Web Application Security Project (OWASP) standards. The delivery was a professional report documenting all the vulnerabilities found during the engagement and recommendations for mitigation. Pentest was performed successfully, followed up by the mitigation strategies with the team.
2014 - 2018

Bachelor's Degree in Electrical Engineering

National University of Sciences and Technology - Islamabad, Pakistan

FEBRUARY 2024 - PRESENT

Certified DevSecOps Professional (CDP)

Practical DevSecOps

AUGUST 2021 - PRESENT

Offensive Security Certified Professional (OSCP)

Offensive Security

Libraries/APIs

Node.js, React.js, REST API

Tools

Git, Apache, CircleCI, SonarQube, AWS, Ansible

Languages

Python, Bash, Python, JavaScript, TypeScript, PHP

Paradigms

Penetration Testing, DevSecOps, Web Architecture, DevOps, DDoS, Object-oriented Programming (OOP), HIPAA Compliance, Agile Development

Platforms

Linux, Burp Suite, AWS, Linux, WordPress Development, Amazon EC2, Ubuntu, Docker, Kubernetes, AWS IoT, MacOS, Windows Development

Industry Expertise

Cybersecurity

Storage

Database, MySQL, Amazon S3, AWS, Inspec

Frameworks

Laravel, React Native, Symfony, Twig

Other

Information Security Management Systems (ISMS), Information Security, ISO 27001, Security Operations Centers (SOC), Cloud Security, Incident Response, Vulnerability Assessment, System Security, Application Security, Computer Networking, Scripting, Security Audits, Security, Vulnerability Management, OWASP Top 10, OWASP, Website Audits, APIs, Source Code Review, Task Analysis, IT Security, OSCP, Ethical Hacking, Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Security Management, Vulnerability Identification, Architecture, Data Protection, Data-level Security, GDPR, Data Security, NIST, Security Analysis, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, System Security, System Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Cloudflare, ISO 27002, SSO Engineering, System Security, GRC, Documentation, Business Continuity Planning (BCP), Code Auditing, Communication Coaching, System Security, SOC 2( Service Organization Control), PCI DSS, Incident Management, Mobile Security, Compliance, SOC Compliance, CI/CD Pipelines, Interviewing, Technical Hiring, System Security, Risk Assessment, System Security, Certified Information Systems Security Professional, Identity & Access Management (IAM), OKTA, System Administration, Infrastructure as Code (IaC), Artificial Intelligence, Algorithms, Crytographer, Infrastructure, Networking, HIPAA Electronic Data Interchange (EDI), Amazon DocumentDB, DocumentDB, Strapi, Compliance as Code (CaC)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring