Anas B.

Anas B.

Senior DevSecOps Engineer

Lahore, Pakistan
Hire Anas B. Hire Anas B. Hire Anas B.

About Me

Anas is a seasoned IT security engineer with five years of extensive expertise in safeguarding organizations' SaaS platforms against potential threats. His area of specialization encompasses application security, cloud security, penetration testing, as well as information system compliance, including ISO 27001 and SOC 2. Demonstrating remarkable attention to detail and a remarkable ability to thrive in fast-paced environments, Anas consistently surpasses clients' expectations by delivering agile and secure solutions that precisely cater to their unique business requirements.

Python 3 Bash Python JavaScript PHP Git Apache CircleCI SonarQube AWS CloudFormation Ansible Penetration Testing DevSecOps Web Architecture DevOps DDoS Object-oriented Programming (OOP) HIPAA Compliance Continuous Deployment Kali Linux Burp Suite Amazon Web Services (AWS) Linux WordPress Amazon EC2 Ubuntu Docker Kubernetes AWS IoT MacOS Windows CyberSecurity Database Security MySQL Amazon S3 (AWS S3) Amazon DynamoDB Inspec Information Security Management Systems (ISMS) Information Security Security Operations Centers (SOC) Cloud Security Incident Response Vulnerability Assessment Web Security Application Security Computer Networking Scripting Security Audits Security Vulnerability Management OWASP Top 10 OWASP Website Audits APIs Source Code Review Task Analysis IT Security OSCP Certified Ethical Hacker (CEH) Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Security Management Vulnerability Identification Architecture Data Protection Data-level Security GDPR Data Security NIST Security Analysis Threat Modeling SIEM System-on-a-Chip (SoC) Ethical Hacking Hacking AWS Marketplace Cloud Services SecOps Security Policies & Procedures Endpoint Security Monitoring Intrusion Detection Systems (IDS) Disaster Recovery Plans (DRP) CloudFlare ISO 27002 Single Sign-on (SSO) Threat Intelligence SOC 2 ISO 27001 PCI DSS Incident Management Mobile Security Compliance SOC Compliance CI/CD Pipelines Interviewing Technical Hiring IoT Security Risk Assessment Risk Management Security Testing Certified Information Systems Security Professional Identity & Access Management (IAM) Okta System Administration Infrastructure as Code (IaC) Internet of Things (IoT) Algorithms Cryptography Infrastructure Networking HIPAA Electronic Data Interchange (EDI) Amazon DocumentDB DocumentDB Strapi Compliance as Code (CaC) Laravel React Native Symfony TWIG

Work history

Gelato
Information Security Analyst
2021 - Present (3 years)
    Freelance
    Information Security Consultant
    2020 - 2022 (2 years)
      ibex
      Information Security Analyst
      2019 - 2021 (2 years)
        EX3 Labs
        AWS and Mobile Security Expert
        Present (2024 years)
          Shared Flight
          Senior PHP and AWS Developer
          Present (2024 years)
            Silo
            Information Security Specialist
            Present (2024 years)
              Sendoso
              Security Engineer L2
              Present (2024 years)

                Portfolio

                Third-party Supplier Audit Automation

                I implemented an automated vulnerability detection system for evaluating the risk associated with third-party production partners, resulting in a reduction of 540 hours of manual labor for the company. The aforementioned tool successfully detected multiple vulnerabilities including weak passwords, insecure connections, vulnerable software, and compliance checks.

                Creation of Application Security Exercises

                I have developed a set of application security screening questions exclusively for HackerRank, the globally recognized technical assessment platform. These questions incorporate a blend of scenario-based multiple-choice formats and practical exercises, specifically designed to evaluate a candidate's analytical and technical proficiencies while identifying bugs within code snippets. The questions I have curated are currently implemented by HackerRank's esteemed clientele for screening potential application security candidates.

                Cybersecurity Mentoring

                I have provided mentorship to numerous students and professionals, cultivating their cybersecurity career paths through guidance and instruction on course content, as well as sharing practical insights derived from my own professional experiences. Furthermore, my network connections facilitated successful job placements for mentees venturing into the field of cybersecurity.

                Pentest of Silo's Web Application

                Silo is a cryptocurrency trading platform that facilitates trading of cryptocurrencies. I was engaged to conduct a comprehensive penetration test on their web assets adhering to the stringent standards set forth by the Open Web Application Security Project (OWASP). The outcome of this undertaking was a meticulously compiled professional report, meticulously outlining all the vulnerabilities identified during the engagement, as well as providing highly effective recommendations for mitigation. The penetration test was executed with utmost success, and subsequently, robust mitigation strategies were implemented in close collaboration with the team.

                Education

                Education
                Bachelor's Degree in Electrical Engineering
                National University of Sciences and Technology
                2014 - 2018 (4 years)