Kamal H.
Security Engineer
Experience
Sep 2025 - Present
3 monthsSecurity Engineer
AXA XL
- Conducting security testing of web services, APIs, and enterprise applications, identifying critical vulnerabilities to ensure compliance with industry security standards.
- Delivering actionable findings and collaborating with cross-functional teams to strengthen AXA XL's global security posture.
Apr 2023 - Sep 2025
2 years 6 monthsSecurity Engineer
Applause
- Conduct black-box and gray-box penetration tests on web applications, APIs, and Android apps, identifying critical vulnerabilities during both development and production phases.
- Secure digital platforms for global clients across USA, Europe, and Asia, covering industries such as tech, security, retail, healthcare, and financial services.
- Perform AI red teaming, simulating adversarial attacks and exploring misuse scenarios to uncover vulnerabilities in AI systems.
- Report 250+ vulnerabilities ranging from injection to security misconfiguration and recognized by customers as a top-performing security tester for high-quality work.
- Deliver detailed security reports with clear PoCs and mitigation strategies, enabling engineering teams to efficiently reproduce and remediate issues.
Feb 2021 - Apr 2023
2 years 3 monthsSecurity Engineer
Fawry
- Utilized advanced SIEM solutions to monitor over 3 million daily transactions, analyzing logs from firewalls, IDS/IPS, WAF, antivirus, and EDR systems to detect and mitigate threats within Fawry's financial network.
- Led incident response for high-severity threats, including DDoS attacks, malware infections, and unauthorized access attempts, ensuring swift containment, recovery, and 99.9% system uptime.
- Integrated real-time threat intelligence to identify and neutralize fintech-specific attack vectors, enhancing proactive defense against fraud and emerging cyber threats.
- Leveraged brand protection tools to detect phishing websites, malware mobile apps, impersonation, and abuse attempts, reducing reputational risks and securing customer trust.
- Automated critical SOC workflows using Python scripts and SOAR tools, significantly reducing incident response times by 30% and improving operational efficiency.
- Collaborated with the DevOps team to implement and optimize ELK Stack and Logstash agents, enhancing log ingestion and detection coverage beyond commercial tools.
- Produced comprehensive reports on incident trends, false-positive rates, and security recommendations, delivering actionable insights to executive stakeholders.
May 2018 - Present
7 years 7 monthsSecurity Researcher
Bugcrowd
- Conducted vulnerability research across public and private bug bounty programs, identifying security flaws and providing detailed Proof of Concept (PoC) and remediation guidance.
- Discovered CVE-2024-23173, an XSS vulnerability in MediaWiki's Cargo extension that could lead to admin account takeover.
- Awarded the Bugcrowd "Bounty Slayer" recognition for reporting 10+ valid security vulnerabilities within a single quarter.
- Successfully achieved remote code execution (RCE) in Cisco, Nokia, and Oracle due to weak configurations, demonstrating real-world exploitation risks.
- Reported 300+ vulnerabilities in high-profile companies, including Intel, Juniper, Dell, AMEX, Twilio, Okta, and others, maintaining a high Hall of Fame ranking among security researchers.
Languages
Arabic
NativeEnglish
IntermediateEducation
Oct 2017 - Jun 2021
University of the People
B.Sc. Computer Science · Computer Science · United States · 3.7
Certifications & licenses
AWS Cloud Security Essentials
Application Security Foundations
Certified API Security Analyst
Certified AppSec Practitioner
Fundamentals Of Securing Elasticsearch
IBM Cybersecurity Analyst Professional
Principles Of Secure Coding
Red Teaming LLM Applications
Web Application Security Testing
Need a freelancer? Find your match in seconds.
Try FRATCH GPT More actions
Similar Freelancers
Discover other experts with similar qualifications and experience
- English
- Deutsch
2025 © FRATCH.IO GmbH. All rights reserved.