Yassine Belkhadem
Software Engineer
About
Final-semester MSc Software Engineering student specializing in cybersecurity, with expertise in full-stack development, DevOps, and cloud technologies. Proficient in Golang, Python, .NET, React, and Next.js. Co-founder of a tech startup, demonstrating leadership and entrepreneurial skills. Extensive experience in offensive security as a CTF player, organizer, and bug bounty hunter. Authored and organized 15+ CTF competitions, including events at BlackHat MEA. Actively participates in bug hunting on platforms like Intigriti and Yogosha. Seeking an end-of-study internship or full-time position to apply my diverse skill set in building robust and secure software solutions.
Experience
-
- Product Security Intern @ MercariTokyo, Japan - HybridSummary:
- As a Product Security Intern at Mercari, I played a crucial role in enhancing the company's application security processes. I significantly improved the Dynamic Application Security Testing (DAST) coverage and efficiency, conducted security assessments aligned with the Secure Software Development Life Cycle, and developed automation tools for security checks. My work involved threat modeling, CodeQL analysis, and ensuring compliance with OWASP Top 10 standards, contributing to a more robust security posture for the organization.
Responsibilities:
- Improve and streamline the DAST improvement.
- Triage SAST reports and conduct security assessments.
- Developed Golang control server for Nuclei and integrate it with NextJS frontend.
- Automated security checks using Golang and GitHub API in Serverless environment.
- Configured and deployed applications on GCP using Terraform and GitHub Actions.
-
- Software Engineer @ CTF.aeDubai, UAE - RemoteSummary:
- Contributed to CTF platform development, implemented testing and CI/CD, and collaborated on website design and admin dashboard development. A significant part of my work involves organizing and developing Capture The Flag (CTF) competitions, where I create challenging and educational cybersecurity scenarios.
Responsibilities:
- Conducted Security Trainings and Workshops for students and professionals.
- Created Labs and Challenges for security professionals
- Developed and maintained CTF platform features.
- Implemented E2E and integration tests.
- Designed and optimized CI/CD pipelines.
- Collaborated with design team on website development.
- Developed real-time admin dashboard with customizable reporting.
-
- Cybersecurity Engineer Intern @ PCP ConsultingToulouse, France - RemoteSummary:
- Developed auditing tool, created unified dashboard, implemented notification systems, and collaborated with clients.
Responsibilities:
- Developed and maintained auditing tool in Golang.
- Created and maintained unified dashboard using NextJS.
- Implemented real-time notification system.
- Collaborated with clients on tool development.
-
- CTO & Co-Founder @ K-NoonTunis, Tunisia - HybridSummary:
- Led technical development, secured investor interest, established technical strategy, and drove company growth.
Responsibilities:
- Led technical development and strategy.
- Developed proof of concept and secured investor interest.
- Established and documented technical direction.
- Led recruitment, mentorship, and team upskilling.
- Engineered API using NestJS and Clean Architecture.
-
- Red Team Intern @ Ernst and YoungTunis, Tunisia - HybridSummary:
- Developed dynamic Red Teaming lab and created vulnerable web applications for cybersecurity training.
Responsibilities:
- Developed a real‐time dynamic Red Teaming lab for technical tests, generating over 130 unique scenarios from a setup of 5 machines and 15 vulnerabilities, with over 10 network configurations. The lab featured easy customization for tailored technical tests and ensured the generation of different tests for different participants
- Created and maintained vulnerable web applications and binaries.
Skills
Education
National Institute of Applied Sciences and Technology
Certificates
Projects
Ein revolutionizes penetration testing with its template-based declarative attack system, Go-powered engine, AI-assisted template generation, and a sleek Svelte frontend.
- Designed and implemented a template system using a custom YAML-based DSL language for DNS, HTTP, and SSH protocols.
- Engineered an agent for generating complete templates based on user prompts using AI.
- Developed a feature for chaining templates with shared context and arguments.
A flexible and extensible C2 framework built with Golang and React for managing red team operations during penetration testing missions.
- Developed a flexible C2 framework with a plugin-based architecture.
- Included a TLS gRPC connection for secure communication with victim machines.
- Implemented ping interval randomization for stealth.
A simple website to track job applications, providing a structured approach to managing and improving the application process.
- Helps track job applications and their progress.
- Facilitates analysis of application effectiveness.
- Provides insights to improve future applications.
A project that collects job posting data from various sources like LinkedIn and Twitter, providing real-time and historical insights using Hadoop and Kafka.
- Collects job posting data from LinkedIn, Twitter, and other sources.
- Provides real-time and historical insights into job market trends.
- Utilizes Hadoop and Kafka for big data processing and streaming.
A platform for a robotics event, featuring user profiles, conference booking, and a personalized space with Japanese-themed animations.
- Provides a comprehensive platform for a robotics event.
- Offers user profiles, conference booking, and a personalized space.
- Features Japanese-themed animations for a unique experience.
A lab environment for experimenting with LDAP, Kerberos, and DNS, utilizing Docker for ease of use and rapid development.
- Provides a hands-on lab for LDAP, Kerberos, and DNS.
- Utilizes Docker for containerization and ease of deployment.
- Configurations done manually for a deeper understanding.
A distributed database synchronizer using Golang, Fyne, and RabbitMQ to ensure data consistency between geographically dispersed database parts and a central database, even in case of server failures.
- Ensures data consistency across distributed databases.
- Handles server failures gracefully.
- Utilizes Golang, Fyne, and RabbitMQ.
A distributed GUI text editor allowing multiple users to edit the same document simultaneously and remotely. Built using RabbitMQ and Golang.
- Enables real-time collaborative editing.
- Supports multiple users editing concurrently.
- Utilizes RabbitMQ for messaging and Golang for development.
A collection of smart contracts designed to educate developers about common blockchain vulnerabilities.
- Crafted 10 smart contracts showcasing vulnerabilities like reentrancy attacks, underflow/overflow issues, and gas limit pitfalls.
Website to hold course material for workshops on full stack development for students, Held in the summer of 2022.
Solvers for Damn Vulnerable DeFi challenges, utilizing Hardhat.js for testing and exploiting vulnerabilities in decentralized finance applications.
- Provides solutions for Damn Vulnerable DeFi challenges.
- Helps understand and exploit vulnerabilities in DeFi applications.
- Utilizes Hardhat.js for testing and development.
A website to allow tickets buying and hotel reservations for participants in the National Congress of Cybersecurity
- Withheld a traffic of 1000 visits per hour
- Customizable by the Securinets Team
An online library management system built using .NET, providing features for managing books, members, and borrowing activities.
- Manages books, members, and borrowing activities.
- Developed using the .NET framework.
- Provides an online platform for library management.