Topan Vlad Ioan, Developer in Cluj-Napoca, Romania
Topan is available for hire
Hire Topan

Topan Vlad Ioan

Verified Expert  in Engineering

Reverse Engineering Developer

Cluj-Napoca, Romania
Toptal Member Since
December 5, 2018

Since 2006, Vlad has been working in data security mainly analyzing virus samples and designing automated malware analysis systems. He's also spent several years working in the Proactive Kernel Research team building x86 and ARM Hypervisors at Bitdefender. Vlad has a thorough understanding of system programming and OS internals (Windows and Linux) and network security, and experience in programming at all levels from Assembly to Python.



Preferred Environment

Git, NeoVim Text Editor, Windows, Ubuntu

The most amazing...

...thing I've designed and created was a penetration testing training network allowing simultaneous but isolated remote access to VMs on an ESXi host.

Work Experience

Teaching Assistant

2017 - PRESENT
Babeș-Bolyai University
  • Tutored at the operating systems lab.
Technologies: Linux

Applied Research Tech Lead

2017 - 2018
Nehemiah Security
  • Designed and coordinated the development of the network sensors of the AtomicEye RQ Attack Path Engine AI (PCAP/live traffic analysis, SNMP queries, threat intelligence, vulnerability scanning, and so on).
  • Designed and developed the malware handling process and infrastructure for the AtomicEye RQ product: malware sample transfer (encryption), storage, archiving, automatic analysis, and so on.
  • Designed and developed Python libraries and Linux tool wrappers for network mapping (querying switches via SNMP, ping scanning, remote registry interrogation, network traffic analysis, and more) and web APIs.
  • Designed and coordinated a summer internship focused on reverse engineering.
  • Trained colleagues in Python.
  • Led the malware analysis/applied research team.
Technologies: OpenVAS, Nessus, Tcpdump, SNMP, Networking

Teaching Assistant

2017 - 2018
Technical University of Cluj Napoca
  • Tutored at the operating systems administration lab (undergraduate course).
  • Provided tutoring help at the the web security lab (support for students taking the information security master course).
  • Taught at the information systems vulnerability assessment lab (support for students taking the information security master course).
Technologies: Linux

Linux Kernel Developer | Lead Developer

2012 - 2017
  • Coordinated the development of a prototype ARM hypervisor (development and project management).
  • Developed components for an x86 hypervisor (sync and async guest-hypervisor communication and related Linux kernel modules; a custom/minimal Linux environment running as a guest; network packet inspection, and more).
  • Designed and created a vulnerable virtual computer network for penetration-testing training/teaching.
  • Designed and held Python training courses for other teams and trainees.
  • Led a team of four-to-five Linux/Hypervisor developers.
Technologies: VMware ESXi, Python, Xen, Mercurial, Git, C, ARM, Assembler x86, Windows, Linux

Team Lead, Antimalware

2010 - 2012
  • Designed, implemented & coordinated the development of a large (1bn+ entry DB), distributed system for processing virus samples (information extraction, classification, etc.).
  • Designed, implemented & coordinated the development of a cloud-based, fuzzy whitelisting system (US patent 8584235 B2).
  • Led a team of 3-8 virus researchers.
Technologies: Windows API, VirtualBox, PostgreSQL, C, Python, Interactive Disassembler (IDA)

Virus Researcher

2006 - 2010
  • Analyzed malware samples.
  • Created virus signatures.
  • Developed malware analysis tools.
Technologies: C, Interactive Disassembler (IDA)

Executable Program Similarity | Whitelisting System

This was a massive custom-built, in-house database of normalized executable code which allowed interactive similarity querying (1,000+ requests/second against over 200 million samples) used in whitelisting and identifying malware families with a US patent, US8584235 (2011).

ARM Hypervisor Prototype

This is an ARMv7 Hypervisor prototype which enables memory introspection.

Network Topology Sensor

This is a system which interrogates switches (via SNMP) and endpoints (via SMB/SSH) and analyzes vulnerability scan reports (Nessus, OpenVAS) to produce an annotated network topology map and exposes the information as a REST API.

Malware Sample Database

This project involved a massive automated malware sample analysis and information extraction, storage, and retrieval system used internally (with more than 1 billion files analyzed, 1.5 terabytes of metadata produced, indexed, and exposed via a web interface and API).

Penetration Testing Training Virtual Environment

This is a virtual network (on top of ESXi) with isolated environments populated with vulnerable VMs used in penetration-testing training.
2002 - 2007

Bachelor of Engineering Degree in Computer Science

Technical University of Cluj-Napoca - Cluj-Napoca, Romania


Offensive Security Certified Professional (OSCP)

Offensive Security


Windows API, POSIX


Interactive Disassembler (IDA), NMap, VirtualBox, Mercurial, Nessus, Vim Text Editor, Git, Subversion (SVN), Jira, GCC, Iptables, Wireshark, Tcpdump


Python 3, Python 2, C, Python, SQL, Assembler x86, HTML, JavaScript, Delphi 7, CSS, Markdown


Windows, Linux, Ubuntu, Xen

Industry Expertise

Network Security


Flask, OpenVAS


Agile, Object-oriented Programming (OOP), Penetration Testing


PostgreSQL, SQLite


Command-line Interface (CLI), Operating Systems, System Programming, Reverse Engineering, Malware Analysis, NeoVim Text Editor, Networking, SNMP, ARM, Networks, Virtual Machines, Linux Kernel Programming, Secure Coding, VMware ESXi

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.


Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring