Description

Security Researcher with extensive experience in penetration testing, bug bounty hunting, and security research. Proven track record of identifying critical vulnerabilities in high-profile companies and contributing to the security community.

my work: medmahmoudi.com

Languages

French
Fluent
English
Native or bilingual
Arabic
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

Enigma School
Professor
January 2023 - Today (3 years and 5 months)
Lille, France
Led in-depth sessions on OWASP Top 10 vulnerabilities, explaining the technical details and defense strategies.
Designed and implemented real-world attack simulations to prepare students for incident response and crisis management.
Suricate Concept
Security Engineer
January 2023 - Today (3 years and 5 months)
Lille, France
Conducted over 100 penetration tests as the lead tester, focusing on web and cloud infrastructures.
Worked closely with clients from scoping to reporting, and providing tailored remediation guidance.
Implemented a comprehensive attack surface management solution by integrating Attackforge with DAST, SAST, and continuous monitoring tools to enhance threat detection and mitigation capabilities.
Performed customer support, incident response, and integration tasks.
Freelance
Bug Bounty Hunter & Security Researcher
January 2020 - Today (6 years and 5 months)
Identified critical vulnerabilities on high-profile companies such as Google, Mastercard, Yahoo, Tiktok, Epic Games
Ranked 5th in Google’s Security Researchers leaderboard in France.
Built and scaled a custom attack surface management infrastructure on Google Cloud and AWS, utilizing microservices architecture with Go and Python.
Experienced with building CI/CD pipelines using Terraform and Github actions
Specialized in supply chain attacks and esoteric security topics, including request smuggling and desync attacks.
Identified a critical supply chain vulnerability in the biggest bug bounty plateforme, earning the "Hack the Hackers" badge.