Freelancer profile translated to English.

Description

Hello, I am Zakaria – an IT Security Consultant.

With 10 years of experience in offensive cybersecurity, I am involved in both technical execution and the management and coordination of large-scale offensive security initiatives.

Certified GXPN (SANS Institute), CRTP (Pentester Academy), and CRTO (ZeroPointSecurity/Fortra), I have conducted hundreds of penetration tests on various environments — web and mobile applications, internal/external networks, Active Directory, thick clients — for clients in banking, insurance, energy, and the public sector.

What I can do for your organization:

- Web, mobile (Android/iOS), internal/external network, Active Directory penetration tests

- Phishing and social engineering campaign simulations

- CVE validation and Proof of Concepts (PoC) to prioritize your remediations

- Source code review and configuration audits

- Attack Surface Management (ASM) and coordination

- Implementation of a recurrent penetration testing program, with governance and monitoring

- Deployment of a custom Attack Surface Management (ASM) framework using open-source tools (reNgine, Shodan, Hunter…) — I have implemented this for 46 entities within an international banking group

- Coordination of remediations with your infrastructure and application teams

- Production of executive reports and dashboards for your CISOs and management committees

- Training & skill development

- Awareness and technical training on offensive methodologies (OWASP, MITRE ATT&CK, OSSTMM)

- Support for internalizing a vulnerability management team

I am a profile capable of moving from technical execution to strategic reporting within the same mission — I test, I contextualize business risk, and I help your teams prioritize and track fixes until closure.

Available for one-off or long-term assignments. Do not hesitate to contact me to discuss your needs.

Languages

French
Native or bilingual
English
Fluent
Arabic
Native or bilingual
Spanish
Conversational

Workplace preferences

Can work on-site

Paris (up to 50km), Paris (up to 100km), Bordeaux (up to 10km)

CreditAgricole Group Infrastructure Platform - CAGIP
CYBERSECURITY CONSULTANT
March 2023 - Today (3 years and 3 months)
Paris, France
- Contributed to security governance initiatives aligned with ISO 27001 control framework.
- Led a compliance assessment project against a group standard for attack surface reduction. Frequency: 2 assessments per month, 46 entities.
- Participated in risk identification and risk treatment planning for internet‑exposed assets.
- Coordinated remediation activities with infrastructure teams following security assessments.
- Drafted audit reports and presented gaps to management, along with corrective action plans.
- Provided technical expertise bridging penetration testing insights with governance processes.
- Developed a tailored Attack Surface Management (ASM) framework using open‑source tools, inventorying 46 branches' online assets.
- Performed complementary penetration tests to validate CVEs and Proof of Concepts.
Cybersecurity Security Audit
Grant Thornton France
CYBERSECURITY CONSULTANT
April 2022 - March 2023 (11 months)
Paris, France
- Developed and maintained cyber risk maps for clients in finance and energy sectors.
- Translated technical vulnerabilities into business risks to support executive decision‑making.
- Conducted penetration tests and provided strategic risk treatment recommendations.
Pentest Vulnerability Management
Capgemini
PENETRATION TESTER & TECHNICAL AUDITOR
April 2019 - April 2022 (3 years)
Paris, France
- Executed penetration tests across web/mobile apps, internal/external networks, and thick clients (2–3 assignments/month).
- Automated security testing via Python/Bash scripting.
- Conducted tailored phishing campaigns to assess user awareness.
- Authored detailed technical reports with prioritized remediation plans.
Phishing OWASP