Anas Bin Izhar

€120

Anas Bin Izhar

Information Security Engineer and Developer

Lahore, Punjab, Pakistan

Bio

Anas is an IT security engineer with five years of experience helping organizations secure their SaaS platforms from threat actors. He is an expert in application security, cloud security, penetration testing, and information system compliance, including ISO 27001 and SOC 2. With keen attention to detail and the ability to adapt to a fast-paced environment, Anas outperforms clients' expectations and provides agile and secure solutions to meet their business needs.

Forecasted Finance LLCSecurity Audits, IT Security, Penetration Testing, Application SecurityThinking LSAT LLCSecurity, Amazon Web Services (AWS), OWASP, NIST, Vulnerability Management…

Experience

• Penetration Testing – 7 years
• Cloud Security – 5 years
• Vulnerability Management – 5 years
• Incident Response – 4 years
• Application Security – 4 years
• ISO 27001 – 4 years
• Python 3 – 3 years
• DevSecOps – 1 year

Work Experience

IT Security Engineer

2025 – 2025

Distributed Coders Inc.

• Conducted a penetration test on their infrastructure and assets.
• Documented all the findings along with proof of concepts to help them understand the risks.
• Helped the team patch the issues and conducted retesting to make sure the patches are applied effectively and cannot be bypassed.

Technologies: IT Security, Vulnerability Assessment, Vulnerability Identification, Penetration Testing, Security Audits, Website Audits, Application Security, Cybersecurity, OWASP

Security Auditor

2025 – 2025

Forecasted Finance LLC

• Conducted a security assessment of their infrastructure and application, resulting in multiple critical severity findings.
• Tracked and worked with the team to apply appropriate fixes to mitigate these vulnerabilities.
• Mentored the team to implement security controls like SCA, SAST, and DAST to ensure that the code going into production is secure.

Technologies: Security Audits, IT Security, Penetration Testing, Application Security

Application Security Developer

2024 – 2024

Thinking LSAT LLC

• Conducted a full security assessment of AWS infrastructure and web application.
• Strengthened their AWS infrastructure as per best practices to enhance their security.
• Enabled security monitoring in AWS via GuardDuty, CloudWatch, and CloudTrail to make sure it detects any security threats.
• Developed playbooks for the security alerts to make sure the team can respond promptly to the security incidents.
• Guided them to implement SAST and SCA tools to make sure they are developing applications securely.

Technologies: Security, Amazon Web Services (AWS), OWASP, NIST, Vulnerability Management, JavaScript, React, Node.js

AWS and Mobile Security Expert

2023 – 2023

EX3 Labs

• Conducted a penetration test and security audit on the Carent web, mobile, and cloud infrastructure.
• Provided support in remedying the identified issues in the application and cloud.
• Implemented static application security scanning via Snyk in the application build process to remediate vulnerabilities in the earlier phase of the software development lifecycle (SDLC).
• Provided general consultancy for secure SDLC during the product development process of Carent.

Technologies: DevSecOps, IT Security, Web Security, Amazon Web Services (AWS), Security Audits, Security, Mobile Security, SOC 2, Amazon S3 (AWS S3), Certified Information Systems Security Professional, HIPAA Compliance, HIPAA Electronic Data Interchange (EDI), React Native, Amazon DocumentDB, DocumentDB, Amazon DynamoDB, Amazon EC2, Threat Intelligence, GRC, Documentation, OWASP, NIST, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Vulnerability Scanning, ELK (Elastic Stack), Logging, SQL, Anomaly Detection, Incident Handling, Penetration Testing, OSCP, Ethical Hacking

Senior PHP and AWS Developer

2023 – 2023

Shared Flight

• Conducted compromise assessment to detect the root cause of a security incident.
• Performed a penetration test (pentest) on the application and AWS cloud infrastructure.
• Assisted the team in applying mitigation to ensure flaws were patched successfully.

Technologies: PHP, Web Security, Cloud Security, Symfony, Twig, Amazon Web Services (AWS), Strapi, Security, IT Security, Incident Response, Static Application Security Testing (SAST), Threat Intelligence, Documentation, OWASP, NIST, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Vulnerability Scanning, Logging, SQL, Anomaly Detection, Incident Handling, Penetration Testing, OSCP, Ethical Hacking

Information Security Specialist

2022 – 2022

Silo

• Conducted black-box penetration tests on two of Silo's production web applications.
• Provided all the test cases performed during penetration testing per OWASP recommended controls.
• Produced a professional report, including all the vulnerabilities and remediation steps.
• Consulted and provided feedback on multiple issues reported by the community.

Technologies: Vulnerability Management, Penetration Testing, Security Audits, Security, IT Security, OWASP, Website Audits, Application Security, Cybersecurity, Certified Ethical Hacker (CEH), Vulnerability Identification, Web Security, Data Security, Web Architecture, WordPress, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Security Analysis, Ethical Hacking, Hacking, Database Security, Linux, Apache, Cloudflare, DDoS, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Documentation, NIST, Node.js, React, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Vulnerability Scanning, Logging, SQL, Incident Handling, OSCP

Information Security Consultant

2020 – 2022

Freelance

• Performed penetration testing services for multiple clients, including government organizations and a SaaS startup.
• Provided cybersecurity mentoring services to one of the leading educational platforms.
• Wrote 10+ cybersecurity articles for a client in this niche.

Technologies: APIs, Application Security, Amazon Web Services (AWS), Bash, Burp Suite, Cloud Security, Compliance, Computer Networking, DevSecOps, Git, Incident Response, Interviewing, Technical Hiring, IT Security, Scripting, Incident Management, Certified Ethical Hacker (CEH), IoT Security, Python, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Web Security, Data Security, Web Architecture, WordPress, JavaScript, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, AWS Marketplace, Cloud Services, AWS CloudFormation, Internet of Things (IoT), AWS IoT, Database Security, Linux, Apache, DDoS, Laravel, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), Documentation, OWASP, NIST, React, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Security Information and Event Management (SIEM), Vulnerability Scanning, IDS/IPS, ELK (Elastic Stack), Security Orchestration, Automation, and Response (SOAR), Logging, SQL, Anomaly Detection, Incident Handling, Penetration Testing, Security, OSCP

Security Engineer L2

2021 – 2021

Sendoso

• Led the penetration testing of the Sendoso SaaS platform.
• Developed an information security management system (ISMS) for Sendoso to assist in the ISO 27001 audit.
• Investigated multiple security incidents and created playbooks for the incident response process.

Technologies: Penetration Testing, DevSecOps, Cloud Security, Incident Response, Information Security Management Systems (ISMS), ISO 27001, Python 3, Bash, Source Code Review, Task Analysis, IT Security, Risk Assessment, Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Web Security, Data Security, Web Architecture, WordPress, JavaScript, SOC 2, Amazon S3 (AWS S3), Certified Information Systems Security Professional, Amazon EC2, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, DevOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Database Security, Linux, Apache, DDoS, Ubuntu, Algorithms, ISO 27002, Single Sign-on (SSO), GRC, Documentation, Business Continuity Planning (BCP), OWASP, React, Code Auditing, REST APIs, TypeScript, Communication, Web App Security, Security Information and Event Management (SIEM), Vulnerability Scanning, Security Orchestration, Automation, and Response (SOAR), Logging, SQL, Anomaly Detection, Incident Handling, Security

Information Security Analyst

2019 – 2021

ibex

• Developed an application security testing process and completed penetration testing of 40+ applications carried out by their patching activities.
• Led quarterly vulnerability and patch management exercises for all sites in the United States, including workstations and servers.
• Assisted in multiple information security audits, including ISO 27001, PCI DSS, and SOC 2.
• Enhanced information security log monitoring and incident response processes.
• Managed and optimized the LogRhythm SIEM platform for security monitoring, incident detection, and response.
• Integrated diverse log sources (cloud services, endpoints, and network devices) to enhance threat detection and visibility.
• Created and fine-tuned correlation rules, dashboards, and alarms to minimize false positives and improve alert accuracy.

Technologies: Python 3, Penetration Testing, Information Security Management Systems (ISMS), Information Security, SOC 2, ISO 27001, PCI DSS, Security Operations Centers (SOC), Security, Vulnerability Management, Website Audits, Source Code Review, Task Analysis, IT Security, Scripting, Incident Management, Mobile Security, SOC Compliance, OSCP, Certified Ethical Hacker (CEH), Python, Security Management, SonarQube, MySQL, PHP, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Web Security, Data Security, Web Architecture, WordPress, JavaScript, HIPAA Compliance, Identity & Access Management (IAM), NIST, Security Analysis, Okta, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, System Administration, SecOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Internet of Things (IoT), Database Security, Linux, Apache, DDoS, Laravel, Ubuntu, ISO 27002, Single Sign-on (SSO), GRC, Documentation, Business Continuity Planning (BCP), OWASP, Node.js, React, REST APIs, TypeScript, Communication, Web App Security, Security Information and Event Management (SIEM), IDS/IPS, CISSP, Security Orchestration, Automation, and Response (SOAR), Logging, SQL, Anomaly Detection, Incident Handling

Certifications

FEBRUARY 2024 – PRESENT

Certified DevSecOps Professional (CDP)

Practical DevSecOps

AUGUST 2021 – PRESENT

Offensive Security Certified Professional (OSCP)

Offensive Security

Skills

Libraries/APIs

Node.js, React, REST APIs

Tools

Git, Apache, ELK (Elastic Stack), Logging, CircleCI, SonarQube, AWS CloudFormation, Ansible

Languages

Python 3, Bash, Python, JavaScript, TypeScript, SQL, PHP

Paradigms

Penetration Testing, DevSecOps, Web Architecture, DevOps, DDoS, Security Orchestration, Automation, and Response (SOAR), Anomaly Detection, Object-oriented Programming (OOP), HIPAA Compliance, Continuous Deployment

Platforms

Kali Linux, Burp Suite, Amazon Web Services (AWS), Linux, WordPress, Amazon EC2, Ubuntu, Docker, Kubernetes, AWS IoT, MacOS, Windows

Industry Expertise

Cybersecurity

Storage

Amazon S3 (AWS S3), Database Security, MySQL, Amazon DynamoDB, Inspec

Frameworks

Laravel, React Native, Symfony, Twig

Other

Information Security Management Systems (ISMS), Information Security, ISO 27001, Security Operations Centers (SOC), Cloud Security, Incident Response, Vulnerability Assessment, Web Security, Application Security, Computer Networking, Scripting, Security Audits, Security, Vulnerability Management, OWASP Top 10, OWASP, Website Audits, APIs, Source Code Review, Task Analysis, IT Security, OSCP, Certified Ethical Hacker (CEH), Risk Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Security Management, Vulnerability Identification, Architecture, Data Protection, Data-level Security, General Data Protection Regulation (GDPR), Data Security, NIST, Security Analysis, Threat Modeling, SIEM, System-on-a-Chip (SoC), Ethical Hacking, Hacking, AWS Marketplace, Cloud Services, SecOps, Security Policies & Procedures, Endpoint Security, Monitoring, Intrusion Detection Systems (IDS), Disaster Recovery Plans (DRP), Cloudflare, ISO 27002, Single Sign-on (SSO), Threat Intelligence, GRC, Documentation, Business Continuity Planning (BCP), Code Auditing, Communication, Web App Security, Security Information and Event Management (SIEM), Vulnerability Scanning, IDS/IPS, CISSP, Incident Handling, SOC 2, PCI DSS, Incident Management, Mobile Security, Compliance, SOC Compliance, CI/CD Pipelines, Interviewing, Technical Hiring, IoT Security, Risk Assessment, Security Testing, Certified Information Systems Security Professional, Identity & Access Management (IAM), Okta, System Administration, Infrastructure as Code (IaC), Internet of Things (IoT), Algorithms, Cryptography, Infrastructure, Networking, HIPAA Electronic Data Interchange (EDI), Amazon DocumentDB, DocumentDB, Strapi, Compliance as Code (CaC)

Source