Freelancer profile translated to English.
Back to original languageAbout Achraf
Offensive cybersecurity consultant specializing in pentesting, application security, Active Directory, and cloud security. I help companies identify, exploit, and prioritize vulnerabilities in critical environments.
I have conducted over 100 pentests on sensitive systems, particularly in the payment, booking, banking, government platform, and corporate network sectors. I perform audits on web, API, Active Directory, network segmentation, and cloud architectures, with an approach that is both technical and business-risk oriented.
In parallel, I have contributed to advanced red teaming missions on cutting-edge AI systems at OpenAI, focusing on adversarial injection techniques and security mechanism bypass. I have also participated in designing secure architectures, implementing AppSec/DevSecOps pipelines, and securing AWS and Kubernetes infrastructures.
My deliverables are clear, actionable, and prioritized: audit reports, proof-of-concepts, exploitation scenarios, remediation recommendations, and support for technical teams until correction.
If you are looking for a profile capable of intervening quickly on pentest, offensive security, or AppSec topics in critical environments, I can assist you.
English
Native or bilingual
French
Native or bilingual
Arabic
Native or bilingual
Can work on-site
Paris (up to 50km), Lyon (up to 30km), Bordeaux (up to 30km), Nice (up to 30km)
Experience
- OpenAIRed TeamerJanuary 2024 - Today (2 years and 5 months)Paris, France– Contribution, as a contractor, to the security evaluation of over 20 cutting-edge models before their production release, identifying critical vulnerabilities in Operator systems, the RFT API, and image generation systems.– Recurrently recognized as a high-impact contributor on red teaming missions, specializing in adversarial prompt injection and security policy bypass techniques.– Mentioned as a top red teamer in OpenAI's Operator System Card (2025).
- ACCOR SASecurity EngineerOctober 2022 - Today (3 years and 8 months)Paris, France– Conducted over 100 penetration tests on critical infrastructures, including payment and booking systems, and managed Accor's bug bounty program: triaging reports, assisting teams with fixes, and monitoring remediation.– Designed secure architectures for several group solutions and implemented application security pipelines (SAST + dependency analysis) across over 2,000 projects.
- IntelliSecSolutionsPentesterJuly 2024 - Today (1 year and 11 months)Paris, France– Performed over 40 penetration tests on critical infrastructures, including banking systems, government platforms in Quebec, and corporate networks.– Conducted Active Directory security assessments on sensitive environments, notably Quebec's 911 emergency services and other critical government systems.– Performed web application and network segmentation security audits, identifying security flaws in highly regulated sectors.
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master's DegreeEurecom2022Master 2 en cybersécurité
- Engineer's Degree in CybersecurityIMT Atlantique2021Diplôme d’ingénieur – spécialisation cybersécurité