Razaq is available for hire

Razaq Azeez

Verified Expert in Engineering

IT Security Expert and Developer

Gothenburg, Sweden

Toptal member since May 1, 2024

Expertise

System Security SOC 2( Service Organization Control)Cybersecurity Penetration Testing AWS Cloud Engineering Java SSO Engineering Firmware Cisco Windows Development

Bio

Razaq has 16 years of information security experience across multiple sectors, including payment and financial services, technology and telecommunications, and audit and consulting. His in-depth professional training and certifications have given him an advanced understanding of essential security domains. Razaq is proficient in vulnerability assessment, cloud security (AWS, Azure, GCP), application security, DevSecOps, threat and risk management, and information security governance.

Portfolio

Yahoo! - Paranoids

Cloud Security, Application Security, Penetration Testing, Source Code Review...

Cyber Instincts AB

VAPT, DevSecOps, Information Security Management Systems (ISMS)...

Bitso

Incident Management, Application Security...

Experience

VAPT - 10 years
Static Application Security Testing (SAST) - 9 years
Dynamic Application Security Testing (DAST) - 8 years
IT Security - 8 years
Information Security Management Systems (ISMS) - 8 years
Application Security - 8 years
GCP Security - 6 years
AWS Cloud Security - 5 years

Availability

Full-time

Preferred Environment

Linux, Windows, Incident Management, ISO 27001, End User Support, Blockchain, Crypto

The most amazing...

...thing I've done is uncover a security exploit in a banking app, leading to the detection of a $3 million fraud incident.

Work Experience

Application Security Developer

2024 - PRESENT

Yahoo! - Paranoids

Reduced in-code vulnerability frequency by providing secure coding awareness to developers.
Enhanced overall security of Yahoo products by identifying threats and recommending mitigations using STRIDE threat modelling approach.
Contributed to reduction of false positive findings by performing exploits of vulnerabilities identified with scanning tools.

Technologies: Cloud Security, Application Security, Penetration Testing, Source Code Review, Threat Modeling, Dynamic Analysis, Design Reviews, DevSecOps, Architecture, Go, Python, Amazon Web Services (AWS), Checkmarx, Google Cloud Platform (GCP), Security Architecture, Vulnerability Assessment, Virtual Cloud Network (VCN), C#, C#.NET, Security Software Development, Vulnerability Identification, Website Audits, SecOps, Incident Response, Security Assessment, Open-source Intelligence (OSINT), Networking, Vulnerability Scanning, IDS/IPS, NMap, Splunk, Metasploit, QualysGuard, Web App Security, Audits, Networks, Encryption, Android, Cybersecurity Automation, Database Security, Scanning, Security Engineering, Software Composition Analysis (SCA), Secure Software Development Lifecycle (SSDLC), Technical Documentation, Mobile App Security, Fraud Detection

Lead Consultant of Application Security

2021 - 2024

Cyber Instincts AB

Reviewed cloud software design in AWS and GCP environments to verify the fulfillment of security requirements, contributing to a 20% reduction in technical debt from vendors and 3rd-party security providers.
Headed penetration testing for applications and their supporting technology stack, leading to the detection of approximately $3 million in internal fraud.
Performed a source code review to identify security vulnerabilities, critical hotspots, and bugs and provided remediation strategies, saving 15% on the annual security budget.

Technologies: VAPT, DevSecOps, Information Security Management Systems (ISMS), Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), GRC, PCI DSS, Cybersecurity, Security Architecture, Threat Modeling, Security, Design Reviews, Cloud Security, Source Code Review, Penetration Testing, Dynamic Analysis, OWASP, Vulnerability Management, NIST, AWS Cloud Security, GCP Security, Security Information and Event Management (SIEM), Identity & Access Management (IAM), Azure, Single Sign-on (SSO), SAML, Incident Management, Amazon Web Services (AWS), Java, SOC 2, Web Security, Google Cloud Platform (GCP), Blockchain, Crypto, Security Architecture Assessment, Google Kubernetes Engine (GKE), Google Cloud Storage, Google Compute Engine (GCE), Logging, VPC, Monitoring, CI/CD Pipelines, Infrastructure as Code (IaC), Digital Forensics, Cybersecurity Operations, Ethical Hacking, Go, Architecture, Information Security, Vulnerability Assessment, Virtual Cloud Network (VCN), C#, Kubernetes, C#.NET, Security Software Development, Vulnerability Identification, Website Audits, SecOps, ISO Compliance, Incident Response, Security Assessment, SOC Compliance, Open-source Intelligence (OSINT), Networking, Vulnerability Scanning, BitLocker, NMap, Snort, Splunk, Metasploit, QualysGuard, Web App Security, Audits, Security Compliance, Networks, Endpoint Protection, Encryption, Android, Cybersecurity Automation, Database Security, Scanning, Security Engineering, Software Composition Analysis (SCA), Data Protection, Secure Software Development Lifecycle (SSDLC), Technical Documentation, Security Policy Analysis, Mobile App Security, Fraud Detection

IT Security Engineering and Architecture Consultant

2019 - 2021

Bitso

Collaborated with engineering, SRE, and product teams to integrate cybersecurity requirements into the development lifecycle, cutting the company's attack surface by 10%.
Developed and executed a robust application security strategy within AWS and GCP environment to protect applications and systems from security threats, improving the application security risk score by 25 units annually.
Assisted in managing security incidents and events to safeguard application assets, such as intellectual property, regulated data, and the company's reputation, thereby saving 10% of the annual security budget dedicated to incident response.

Technologies: Incident Management, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), ISO 27001, PCI DSS, VAPT, Cybersecurity, Security Architecture, Threat Modeling, Security, Python, Design Reviews, Cloud Security, Source Code Review, Penetration Testing, Dynamic Analysis, OWASP, Vulnerability Management, NIST, AWS Cloud Security, GCP Security, DevSecOps, Security Information and Event Management (SIEM), Identity & Access Management (IAM), SIEM, Azure, Single Sign-on (SSO), SAML, Amazon Web Services (AWS), Cisco, Java, SOC 2, Web Security, Google Cloud Platform (GCP), Blockchain, Crypto, Security Architecture Assessment, Google Kubernetes Engine (GKE), Google Cloud Storage, Google Compute Engine (GCE), Logging, VPC, Monitoring, CI/CD Pipelines, Infrastructure as Code (IaC), Digital Forensics, CISSP, Cybersecurity Operations, Ethical Hacking, Go, Architecture, PCI, Information Security, Security Audits, Risk Assessment, Vulnerability Assessment, Virtual Cloud Network (VCN), C#, CISM, Certified Information Systems Auditor (CISA), Kubernetes, CISO, C#.NET, On-premise, Security Software Development, Vulnerability Identification, SecOps, ISO Compliance, Incident Response, Security Assessment, SOC Compliance, Open-source Intelligence (OSINT), Networking, Vulnerability Scanning, IDS/IPS, BitLocker, NMap, Snort, Metasploit, QualysGuard, Web App Security, Audits, Security Compliance, Networks, Endpoint Protection, Compliance, Encryption, Cybersecurity Automation, Database Security, Risk Management, Scanning, Risk Analysis, Security Engineering, Software Composition Analysis (SCA), Data Protection, Secure Software Development Lifecycle (SSDLC), Technical Documentation, Security Policy Analysis, Mobile App Security

IT Security and GRC Lead Consultant

2016 - 2019

Digital Jewels

Headed the implementation of network, technology, and application vulnerability assessments and penetration testing across various sectors.
Oversaw security assessments and audits for cloud technologies and migrations for clients in multiple sectors.
Managed the audit process and the subsequent ISO 27001 and PCI DSS certification process across various industries.
Maintained effective communication with internal and external stakeholders within the client portfolio, ensuring a clear understanding of information security capabilities in a technical support capacity.

Technologies: Risk Management, IT Audits, Information Security Management Systems (ISMS), PCI DSS, Dynamic Application Security Testing (DAST), VAPT, IT Security, Application Security, Static Application Security Testing (SAST), Network Security, GRC, ISO 27001, Cybersecurity, Security Architecture, Threat Modeling, Security, Design Reviews, Cloud Security, Source Code Review, Penetration Testing, Dynamic Analysis, OWASP, Vulnerability Management, NIST, AWS Cloud Security, GCP Security, DevSecOps, Security Information and Event Management (SIEM), Identity & Access Management (IAM), SIEM, Azure, Single Sign-on (SSO), SAML, Incident Management, Cybersecurity Maturity Model Certification (CMMC), Amazon Web Services (AWS), SOC 2, Web Security, Google Cloud Platform (GCP), Blockchain, Logging, VPC, Digital Forensics, CISSP, Cybersecurity Operations, Ethical Hacking, Go, Architecture, PCI, Information Security, HIPAA Compliance, Security Audits, Risk Assessment, Virtual Cloud Network (VCN), CISM, Certified Information Systems Auditor (CISA), CISO, On-premise, Windows, Vulnerability Identification, ISO Compliance, Incident Response, SOC Compliance, Vulnerability Scanning, Snort, Audits, Security Compliance, Compliance, Risk Analysis

Information Security and Risk Management Head | ISP Business

2013 - 2016

eStream Networks

Ensured security of end-to-end network infrastructure.
Provided level 3 support for ISP clients' network and security incidents.
Implemented a secure, adaptive private network for banking and financial service institutions.

Technologies: Network Configuration, IP Networks, Firewalls, APNs, M2M, SD-WAN, Static Application Security Testing (SAST), Network Security, GRC, Cybersecurity, Security Architecture, Threat Modeling, Security, Design Reviews, Cloud Security, Source Code Review, Penetration Testing, Dynamic Analysis, OWASP, NIST, AWS Cloud Security, GCP Security, DevSecOps, Security Information and Event Management (SIEM), Identity & Access Management (IAM), SIEM, SAML, Incident Management, Cybersecurity Maturity Model Certification (CMMC), ISO 27001, End User Support, Amazon Web Services (AWS), Cisco, Web Security, Google Cloud Platform (GCP), Security Architecture Assessment, Google Kubernetes Engine (GKE), Google Cloud Storage, Google Compute Engine (GCE), Logging, Monitoring, CI/CD Pipelines, Cybersecurity Operations, Ethical Hacking, Architecture, PCI, Information Security, HIPAA Compliance, Security Audits, Risk Assessment, CISM, CISO, On-premise, Windows, ISO Compliance, Security Assessment, IDS/IPS, BitLocker, NMap, Snort, QualysGuard, Audits, Security Compliance, Networks, Endpoint Protection, Compliance, Risk Management, Risk Analysis

IT and Network Support Head

2010 - 2013

Communication Network Support Services

Conducted technical risk assessments for various technologies, including networks, applications, wireless systems, social engineering, code reviews, and war dialing.
Minimized network incidents by resolving issues, managed data center network setup and maintenance, and expedited problem resolutions through vendor escalation.
Spearheaded developing and testing the corporate business continuity and disaster recovery plans.

Technologies: Cisco Networking, Active Directory (AD), Linux Servers, End User Support, Network Security, Security Architecture, Threat Modeling, Java, Identity & Access Management (IAM), Cisco, Google Cloud Platform (GCP), Crypto, Google Kubernetes Engine (GKE), Google Cloud Storage, Google Compute Engine (GCE), Monitoring, CI/CD Pipelines, Infrastructure as Code (IaC), CISSP, Information Security, HIPAA Compliance, Windows, Security Assessment, IDS/IPS, NMap, QualysGuard, Networks, Endpoint Protection

Experience

Bitso Payment App Security Testing

https://bitso.com

A vulnerability assessment and penetration testing of front- and back-end web and mobile apps. I identified and categorized associated risks, provided technical and business recommendations to mitigate identified security flaws, and collaborated with the development team until the issues were fixed.

Klasha Mobile Penetration Testing

https://www.klasha.com

A static application security assessment of Klasha source code. I conducted penetration testing of the core back-end technology stack, as well as security testing of the API and microservices. Also, I exploited the network technology stack.

PCI DSS Audit of Major Commercial Banks in Africa

Performed an external audit of PCI DSS requirements for tier 1 commercial banks in Nigeria, Ghana, and Kenya. Also, I provided a statement of compliance report, as well as a compliance report as authorized by the PCI Council.

Information Security Management System Implementation

Conducted a gap analysis of the existing information security management system (ISMS) and provided suggestions for improvements. Also, I implemented the ISMSs for various clients following ISO 27001:2013 and ISO 27001:2022 requirements. Finally, I performed an external audit of ISO 27001 compliance to ensure adherence to the ISO 27001 standards for information security management.

Penetration Testing of Mouka's Technology Stack

https://mouka.com/

Conducted penetration testing on the Crown City web application. I assessed vulnerabilities in the front- and back-end technology stack and performed security assessments of the APIs and microservices as well as penetration testing of the enterprise enterprise resource planning (ERP) solution.

Zeekr S-Left

This is a massive project to integrate security and detection early enough and in the entire software development lifecycle of a commercial bank in Mexico.

I defined specific security requirements and worked with the Development and Technology Operations team to implement them throughout the banking software lifecycle.

This helped detect intentional fraud (by an internal developer) that could have resulted in a loss of at least $5 million.

Product Security Review of Yahoo DSP, AOL, and DNS Orchestration Tool

Achieved secured deployment of Yahoo DSP, AOL, and DNS orchestration tool by performing end-to-end security review, which involves:
• Manual code review
• Penetration testing and dynamic security testing
• Threat modeling
• Collaborating with developers to identify and resolve security vulnerabilities.

Education

2023 - 2024

Master's Degree in IT Project Management

University West - Trollathan, Sweden

2020 - 2022

Master's Degree in Information Security and Digital Forensics

University of East London - London, UK

2012 - 2016

Bachelor's Degree in Communications Technology

National Open University of Nigeria - Lagos, Nigeria

Certifications

AUGUST 2024 - PRESENT

Certified Chief Information Security Officer

EC-Council

APRIL 2024 - PRESENT

Microsoft Certified Azure Security Specialist (AZ-500)

Microsoft

SEPTEMBER 2022 - PRESENT

Certified DevOps Information Security Engineer

DevOps Institute

APRIL 2022 - PRESENT

Certified Incident Handler

EC-Council

FEBRUARY 2022 - PRESENT

Certified API Security Architect

API Academy

MARCH 2021 - APRIL 2027

Certified Information Systems Security Professional

ISC2

OCTOBER 2020 - PRESENT

Certified Network Security Specialist

International Cybersecurity Institute, UK

OCTOBER 2020 - SEPTEMBER 2021

PCI DSS – Qualified Security Assessor (QSA)

PCI Council

JUNE 2020 - PRESENT

Scrum Fundamentals Certified

Scrum.org

JANUARY 2020 - JUNE 2027

PECB Certified ISO/IEC 27001 Senior Lead Auditor

PECB

NOVEMBER 2019 - NOVEMBER 2027

PECB Certified ISO/IEC 27001 Lead Implementer

PECB

APRIL 2019 - APRIL 2022

Cisco Certified Network Associate (CyberOps)

Cisco

SEPTEMBER 2018 - PRESENT

Information Technology Infrastructure Library (ITIL)

EXIN

Skills

Tools

Google Compute Engine (GCE), GCP Security, Google Kubernetes Engine (GKE), Logging, BitLocker, NMap, Snort, Metasploit, Nessus, SonarQube, VeraCrypt, Checkmarx, Splunk

Languages

Java, Python, SAML, Go, C#, C#.NET

Paradigms

DevSecOps, Penetration Testing, HIPAA Compliance, Security Software Development, Agile, Scrum, Fuzz Testing

Platforms

Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), Linux, Windows, Blockchain, Kubernetes, QualysGuard, Android, Java EE, Kali Linux, Burp Suite

Industry Expertise

Cybersecurity

Storage

Google Cloud Storage, On-premise, Database Security, Database Management Systems (DBMS)

Other

IT Security, Information Security Management Systems (ISMS), Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), VAPT, GRC, Network Security, Incident Management, ISO 27001, PCI DSS, Risk Management, Security, Cloud Security, Security Architecture, Threat Modeling, Design Reviews, Source Code Review, OWASP, Vulnerability Management, NIST, Security Information and Event Management (SIEM), Identity & Access Management (IAM), SOC 2, Web Security, Crypto, Security Architecture Assessment, VPC, Monitoring, Digital Forensics, CISSP, Ethical Hacking, Architecture, PCI, Information Security, Security Audits, Risk Assessment, Vulnerability Assessment, CISM, Vulnerability Identification, Website Audits, ISO Compliance, Incident Response, Security Assessment, Open-source Intelligence (OSINT), Vulnerability Scanning, Web App Security, Audits, Security Compliance, Networks, Compliance, Scanning, Risk Analysis, Secure Software Development Lifecycle (SSDLC), Mobile App Security, Cybersecurity Maturity Model Certification (CMMC), End User Support, Security Engineering, Dynamic Analysis, AWS Cloud Security, SIEM, Single Sign-on (SSO), Cisco, Cryptocurrency, CI/CD Pipelines, Infrastructure as Code (IaC), Cybersecurity Operations, Virtual Cloud Network (VCN), Certified Information Systems Auditor (CISA), CISO, SecOps, SOC Compliance, Networking, IDS/IPS, Endpoint Protection, Encryption, Product Security, Firmware, Software Composition Analysis (SCA), Data Protection, Technical Documentation, Security Policy Analysis, Information Systems, Management Information Systems (MIS), IT Projects, IT Project Management, IT Audits, Network Configuration, IP Networks, Firewalls, APNs, M2M, SD-WAN, Cisco Networking, Active Directory (AD), Linux Servers, IT Governance, ISMS implementation, Security Operations Centers (SOC), Azure Cloud Security, Enterprise Cybersecurity, Cryptography, IT Service Management (ITSM), SAML-auth, Code Review, Snyk, Risk Modeling, Cybersecurity Automation, Fraud Detection

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring