Khwaja Zia ul Hasan, Developer in Karachi, Sindh, Pakistan
Khwaja is available for hire
Hire Khwaja

Khwaja Zia ul Hasan

Verified Expert  in Engineering

Cyber Security Architect and Developer

Karachi, Sindh, Pakistan
Toptal Member Since
October 21, 2022

Zia is a CISSP-certified Cyber Security Architect with more than 13 years of experience in the industry. He has worked on product-based security like SIEM, PAM, MFA, DLP, and endpoint protection solutions. Zia has experience in security architecture reviews, cloud security assessments with AWS, and security tool optimization projects.


BeyondTrust PAM, Amazon Web Services (AWS), ALGO, Network Security...
Redington Gulf
RSA SecurID, NetWitness, Endpoint Protection...
Trillium Information Security Systems
IBM QRadar, SIEM, Identity & Access Management (IAM), IT Security, Security




Preferred Environment

Amazon Web Services (AWS), Windows, Linux, Privileged Access Management (PAM), SIEM

The most amazing...

...things I've achieved are receiving AlgoSec's MVP award and winning the first prize in threat hunting RSA's KSA event using the RSA NetWitness platform.

Work Experience

Security Architect

2020 - PRESENT
  • Received a minimum viable product (MVP) award from AlgoSec, the market leader for network security policy management.
  • Executed a security tool optimization project for one of the financial sectors.
  • Conducted a cloud security assessment for a client with infrastructure hosted on AWS.
  • Managed the company's cyber security solutions team.
  • Performed network architecture reviews for several customers.
  • Developed proofs of concept (POCs) and completed demonstrations, training sessions, and projects on the LogRhythm NextGen SIEM platform, BeyondTrust Password Safe, and the AlgoSec security management suite (ASMS).
  • Implemented BeyondTrust Password Safe and integrated it with more than 300 assets for several leading banks.
  • Completed the implementation of the LogRhythm NextGen SIEM platform and provided support for Dig8Labs customers.
  • Designed solutions, gave presentations, demonstrations, webinars, and workshops, conducted evaluations, prepared proposals, and responded to requests for x (RFxs), and tenders for cybersecurity solutions.
Technologies: BeyondTrust PAM, Amazon Web Services (AWS), ALGO, Network Security, Critical Security Controls (CIS Controls), AutoIt, JSON, IT Security, Security

Security Consultant

2015 - 2019
Redington Gulf
  • Implemented an RSA SecurID multi-factor authentication (MFA) solution for various clients in the Kingdom of Saudi Arabia (KSA).
  • Conducted training sessions on Bluecoat ProxySG for several partners.
  • Developed POCs for Symantec Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR) solutions for several customers.
  • Acted as a pre-sales cybersecurity engineer, primarily working on technical sales of the RSA Advanced Security Operation Center (ASOC) Solution, identity and access management suite, and Symantec Integrated Cyber Defense Manager.
  • Used product knowledge of RSA and Symantec solutions to deliver excellent customer service to customers, channel partners, and technology partners.
Technologies: RSA SecurID, NetWitness, Endpoint Protection, Endpoint Detection and Response (EDR), SIEM, Proxy Servers, Symantec, IT Security, Security

Lead Information Security Consultant

2014 - 2015
Trillium Information Security Systems
  • Implemented IBM products, such as Security QRadar Security Information and Event Management (SIEM) and QFlow.
  • Developed POCs for IBM and CA's single sign-on (SSO) solutions.
  • Created POCs for CA's shared account manager for a financial sector.
Technologies: IBM QRadar, SIEM, Identity & Access Management (IAM), IT Security, Security

Senior Information Security Engineer

2012 - 2014
  • Deployed an RSA SIEM solution called the RSA enVision platform for one of our clients.
  • Conducted web application vulnerability assessments and penetration testing using tools like Acunetix, Crowbar, Burp Suite, sslstrip, PadBuster, and others.
  • Performed network-based vulnerability assessment and penetration testing using various tools like Nessus, Nmap, Metasploit, Wireshark, and others.
  • Competed an IT security assessment using CIS, DISA, and NSA benchmarks.
  • Conducted risk assessments of business processes and supporting systems according to ISO/IEC 27005 guidelines.
  • Designed and conducted presentations, demonstrations, and evaluations. Prepared proposals for Barracuda, Fortinet, McAfee, Kaspersky, RSA, and IBM security solutions.
  • Deployed and supported McAfee Data Loss Prevention Endpoint and Kaspersky Anti-Virus solutions.
Technologies: SIEM, Risk Assessment, Data Loss Prevention (DLP), IT Security, Security

Cloud Security Assessment for AWS Infrastructure

Performed a cloud security assessment following the State Bank of Pakistan requirements at a client's request. After considering all aspects of the AWS Well-Architected Framework security pillar, I proposed a redesigned model for them.

Optimization of Security Tools

Identified whether a Pakistani bank utilizes its security tools in an optimized and fully-functional way following its request for optimization of existing security tools. I prepared working papers for each domain and determined security gaps in the organization, missing functionalities, and functionalities that existed but were not utilized.

LogRhythm SIEM Implementation

Deployed the LogRhythm SIEM platform in the financial sector. This deployment included integrating devices like Microsoft Windows, Linux platforms, network devices, and databases. I also worked on dashboard creation, correlation of rules, and creation of reports.

BeyondTrust Password Safe Implementation

Implemented a BeyondTrust Password Safe solution for a financial sector and integrated around 200 assets. It also covered application onboarding using AutoIT scripting and custom platform creation for SSH-based devices.

Network Security Architecture Review

Performed a network security architecture review of a financial sector's core banking application. It covered devices' communications perspective, interactions with each node, segmentations, network access control lists (ACLs), and more.

Security Assessment for an Asset Management Sector

Performed a complete security assessment for an asset management organization using the top CIS 18 controls. It included all the domains of the CIS top 18. I shared a comprehensive report with the customer on findings and improvement suggestions.

RSA SecurID Implementation for a Ministry

Deployed the RSA SecurID platform in a high availability setup for one of the ministries of Saudi Arabia. It included integrations with operating systems, network devices, and applications. It also provided hardware and soft tokens to users.
2007 - 2008

Master's Degree in Cyber Security

University of Bradford - Bradford, United Kingdom

2003 - 2007

Bachelor's Degree in Computer Engineering

Sir Syed University of Engineering and Technology - Karachi, Pakistan

AUGUST 2021 - AUGUST 2023

AlgoSec Security Administrator



CISSP – Certified Information Systems Security Professional



IBM QRadar

Industry Expertise

Cybersecurity, Network Security


ALGO, AutoIt


Amazon Web Services (AWS), Windows, Linux




Privileged Access Management (PAM), SIEM, BeyondTrust PAM, RSA SecurID, CISSP, IT Security, Critical Security Controls (CIS Controls), Endpoint Protection, Endpoint Detection and Response (EDR), Proxy Servers, Symantec, Security, NetWitness, Computer Engineering, Security Architecture, LogRhythm, BeyondTrust Password Safe, Identity & Access Management (IAM), Risk Assessment, Data Loss Prevention (DLP)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.


Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring