Profile
Dynamic and versatile professional with expertise in penetration testing,
web/mobile development, cyber security and DevSecOps. Passionate about
navigating the intricate landscapes of technology while fostering innovative
solutions and leading teams towards excellence.
Experience
Application Security Engineer
11/2022-Present
imc learning AG
Saarbrücken, Germany 🇩🇪
- Maintained the security posture of LMS web application
- Fixed web vulnerabilities (XSS, SQLi, IDOR....)
- Managed dependencies and licenses
- Automated deployment and updates
- Reviewed pentest reports and bug bounty findings
- Tested Proof of Concepts and patched the vulnerabilities
- Prepared and updated docker images
- Analyzed security scanner reports and prioritized the findings
- Documented issues and procedures
- Integrated security in SDLC
- Created security courses for developers
Software Developer
02/2022-10/2022
Reportix GmbH
Mannheim, Germany 🇩🇪
- Conceived and executed the development of a dynamic web application employing React and Java. This platform assesses companies' environmental, social, and governance standings (ESG), yielding comprehensive scores to gauge their performance in these crucial areas.
- Established a robust data pipeline to handle the processing of publicly released ESG reports from various companies. This pipeline efficiently generates scores derived from their ESG performance, contributing to a comprehensive evaluation of their sustainability efforts.
- Engineered specialized plugins for Knime, a data science software, facilitating the seamless incorporation of company API outputs into the customers data pipeline.
DevSecOps Engineer (Short Contract)
07/2021-09/2021
Diginov Inc
Sousse, Tunisia 🇹🇳
- Constructed a continuous integration and continuous deployment (CI/CD) pipeline for a pair of distinct Node.js applications utilizing Jenkins, Gitlab CI, and Docker.
- Enhanced the pipeline's security by integrating automated Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools like Snyk, Trivy, and OWASP ZAP.
Full Stack Developer (Short Contract)
07/2020-09/2020
ECOCloud Inc
Sfax, Tunisia 🇹🇳
- Conceptualized and developed a web-based videoconferencing application, seamlessly integrating Keycloak—an authentication server enabling single sign-on with robust Identity and Access Management capabilities.
Education
Higher Institute of Applied Sciences and Technology of Sousse
2016-2022
National Diploma in Software Engineering
Sousse, Tunisia 🇹🇳
- Took up classes in programming, operating systems, networking, computer architecture, cryptography, network security...
- Took up specialization courses in software engineering.
Spokane Falls Community College
2018-2019
Network Security Certificate Program
Washington, USA 🇺🇸
- Selected to be an exchange student in a very competitive program funded by the U.S. government
- Took classes in network security and digital forensics (GPA: 4.0 - Top of the program)
Leadership Positions & Organizations
President
09/2020-09/2021
Cyber-Trace Club
Sousse, Tunisia 🇹🇳
With a visionary team I managed to:
- Write the club's internal policies
- Establish committees dedicated to cybersecurity training, marketing, and human resources
- Create a full training path where we taught the members about the web vulnerabilities (SQLi, XSS, CSRF...), how to exploit them and defend against them
- Organize an event where we introduced our own CTF (Capture The Flag) competition
Member
09/2017-11/2018
IEEE ISSATSO Student Branch
Sousse, Tunisia 🇹🇳
- Played twice the IEEEXtreme, a problem solving competition
Professional Skills
- Scripting
- Web/mobile development
- Secure Software Development
- Version Control Systems
- Debugging
- Containerization
- Virtualization
- CI/CD Pipelines
- Dependency Management
- Linux Adminstration
- Cloud Services
- Ethical Hacking
- Pentesting
- Vulnerability Management
- OWASP TOP 10
- Reporting and Documentation
Languages
- Arabic Bilingual Profeciency
- English Full Professional Profeciency
- French Professional Profeciency
- German Elementary Level (A1)