Security Researcher
Synack Red Team
مجموع سنوات الخبرة :13 years, 10 أشهر
Freelancer Security researcher and bug bounty hunter for Synack Clients
• Research in the areas of Mobile, Web applications and Host security assessments
• Provide solid reports and exploits to prove the existence of the vulnerabilities, steps for reproduction and possible ways of exploitations.
Hold responsibility for managing a variety of information security projects for a diverse range of corporations.Utilize strong business and technology acumen to effectively do penetration testing for complex systems and troubleshoot complex problems.
• Client Services:
1. Conduct continuous penetration testing, targeting technology vulnerabilities utilizing web, mobile, desktop applications, source code, architecture review and Network penetration testing to achieve successful problem resolution. Providing recommended methods for vulnerability remediation and best practise controls.
2. Hold Secure Coding trainings.
3. Hold Web and mobile application penetrating testing trainings.
• Project Management: Research and review high profile client security needs, assisting with e-banking, mobile banking, e-trade applications, electronic payments applications, and online banking needs for commercial banks, telecom corporations and international services.
• Security Assessment: Achieved cost savings for commercial banking locations, and multi-national telecom companies, reducing data breaches and preventing fraud, resulting in operational growth.
-Penetration testing and Application Security Consultation for In-house SW Development -Integrate Security during SDLC (Threat modelling - Security goals -Risk assessment -Security requirements - Secure Design review - Secure coding based on best practice implementation - Penetration testing - Secure deployment) for Core banking applications and next generation of mobile payment and invisible payment solutions (mobile banking, E-Wallet, Soft token.etc)
-Network/Infrastructure vulnerability assessment and penetration testing
-Providing recommended methods for vulnerability remediation and best practice controls.
-Incident handling
-Forensic investigation
-SIEM administration/configuration and fine tuning
-Security Awareness/Training for information security and potential threats
-evaluate third party solutions
-Implement ISMS based on ISO 27001(gab analysis - SOA -Threads/vulnerabilities definition - Risk assessment-Mitigation plan)
-Working in R&D department -Mobile banking unit
-integrating information security into The SDLC
-implement applications requirements -perform code auditing and security penetration testing
-Penetration testing for the core banking applications/Mobile banking solutions
I’m leading the Mobile development team to deliver secure Mobile based systems, participating in R&D activates related to defense technologies and payments, Design and implement new projects and requirements.
-Integrate Security in SDLC
-Implement /deliver sensitive and high profile solutions
for Banking, Military and crisis management, government sectors
like (mPOS, E-Voucher, C4i, Boarder control ...and many more)
I worked with a team to generate a new concepts in smaris, and also I was responsible for designing and implementing the Software arch. And help junior developers in technical issues, analysis application requirements, divide it into tasks and determined deadlines for each
-Focus on securing information and systems.
-Work with a team to implement very sophisticated solutions for the military field.
-Addressing information security during SDLC .
-Perform Vulnerability assessments and penetration testing for web applications.
Participating in Android framework customization and custom ROMs for a well-known vendors like HTC and Samsung, By Framework mirroring and Arabic keyboards development
Studying Info. sec diploma (CCSU-ECSS-CEH-ENSA-ECSA-CHFI)