Hussein Mechara

As Team Manager at Harmonie Technologie, I led strategic initiatives within the Security Audit Business Unit, with a strong focus on team performance and client satisfaction. My key responsibilities included:

- Enhancing and implementing security strategies to address evolving cyber risks and compliance needs.

- Managing, mentoring, and supporting a team of 5 auditors consultant (senior, junior, and trainees) to ensure high-quality audit delivery and professional development.

- Overseeing the full presales process, including responding to RFPs and designing customized security audit solutions for clients.

- Coordinating and supervising a variety of information security assignments, consistently meeting project deadlines and quality standards.

- Recruiting, onboarding, and training consultants to build a skilled and cohesive team.

- Organizing team planning, monitoring project progress, and evaluating performance to achieve departmental goals.

- Collecting and analyzing business and operational data to inform strategic decisions and drive continuous improvement.

As a Cybersecurity Expert within the Digital Team, I played a pivotal role in strengthening the security posture of the organization across multiple domains. Over three years, my contributions included:

- Conducting comprehensive Web and API application penetration tests and security reviews to proactively identify and remediate vulnerabilities.

- Enhancing the Akamai security strategy and Web Application Firewall (WAF), leveraging advanced features such as WSA, API Security, API Request Restriction, PIM, and Bot Manager for optimal protection.

- Collaborating closely with the SOC, integrating with Splunk, and improving detection capabilities through refined alerting and playbook automation.

- Leading security hardening efforts for Salesforce components to ensure robust protection of critical business assets.

- Supporting the management of the organization-wide Bug Bounty program for iOS, Android, and Web applications, including triage of reports, validation of fixes, reward allocation, and coordination of private Bug Bounty initiatives.

- Advising and assisting developers to ensure the implementation of effective security fixes and secure coding practices.

- Participating in and supporting live security events such as Bug Bounty Live and private online Bug Bounty sessions.

- Maintaining the Digital Vulnerability Operational Center (VOC), overseeing a suite of vulnerability management tools (Pentest, Bug Bounty & VDP, Tenable/Nessus, Acunetix, etc.).

- Providing crisis management support and guidance to developers and administrators during security incidents.

- Assisting teams with the integration and optimization of security solutions, including Github Advanced Security, Okta, and CyberArk.

- Conducting OSINT investigations and phishing campaigns

In my role as Security Consultant at HARMONIE TECHNOLOGIE, I was specialized in various Offensive Security roles :

- Performing Infrastructure/Network penetration testing

- Performing application security Penetration Testing on a wide range of Web Application technologies (Salesforce, AWS, Wordpress, J2EE, PHP, GCP, Azure...)

- Performing Physical security penetration testing on specific devices (Mainframe, AS400, iOT, HSM, network device, Firewall, Wireless Access Point, Biometric devices...)

- Performing Intern penetration testing & Configuration audit on Active Directory infrastructure

- Configuration audit/analysis on several OS regarding CIS Benchmark & ANSSI guidelines (OS Linux & Windows, Firewall, WAF...)

- Performing OSINT tasks & Phishing

- Performing dedicated Wireless Penetration Testing

- Communicating within the business and with clients, both orally and in writing (French & English)

- Development of security challenges for events

- Assisting with the tooling development (recon tools, automatize configuration audit, security report...)

- Assisting with the development and growth of the internal lab function (Pass-cracking station, WEB servers for WEB exploit...)

- Undertaking information security assignments on hardening