Recommended expert
Seyed farhad (Farhad) Miri
Senior Product Security Engineer
Experience
Nov 2022 - Present
3 years 3 monthsBerlin, Germany
Senior Product Security Engineer
Delivery Hero
- Developed a custom tool using the Mistral 7B LLM to scan, validate and report security vulnerabilities.
- Security tested AI agents, bots, and other LLMs with a focus on prompt injection, model inversion, data poisoning, EDR/AV bypass and evasion techniques, membership inference, model evasion, overfitting to malicious inputs and contextual manipulation.
- Onboarded repositories to SAST solutions for security scanning, implemented secrets scanning, DAST, SCA, and utilized ZAP for DAST in CI/CD pipelines.
- Engaged in security awareness trainings, developed CTF challenges and training materials to enhance developer security knowledge.
- Planned and executed bi-annual red teaming operations based on the MITRE ATT&CK framework and led internal and external pentests based on the OWASP Top 10 framework for 70+ applications worldwide, resulting in detection, reporting, and remediation of hundreds of vulnerabilities.
- Triaged HackerOne reports.
Nov 2021 - Nov 2022
1 year 1 monthSenior Offensive Security Engineer - RedTeam
Ernyka Holding
- Executed red team exercises on a six-month basis.
- Conducted web, API, network, and mobile pentesting of assets.
- Audited and implemented hardenings on services and performed vulnerability scanning using CIS standards.
- Delivered blockchain security assessments including smart contract security.
- Provided secure code trainings and capture the flag events.
- Implemented cloud security for Microsoft Azure domestic cloud solutions.
- Integrated DevSecOps processes using Snyk, SonarQube, and GitLab.
Jun 2015 - Jul 2016
1 year 2 monthsPenetration Testing / Vulnerability Development Projects Assessment / Hardening
Rightel
- Developed a security scanner with a local LLM to analyze, validate, correlate, and report results.
- Created an AI-driven triage bot to assess, analyze, and prioritize security issues and tickets.
- Developed an anti-ransomware framework to detect and alarm ransomware activities.
- Built a firewall rule assessment tool for network devices.
- Automated a web vulnerability scanner designed for bug bounty hunting.
- Conducted vulnerability assessments and penetration testing across Windows and *nix environments, identifying and remediating OWASP Top 10 vulnerabilities.
- Implemented and automated CIS hardening best practices on OS, web server, and database services.
- Strengthened defenses against social engineering and client-side attacks via simulated assessments and security awareness courses.
Dec 2011 - Nov 2021
10 yearsSenior Penetration Tester/Red Teamer
MCI
- Simulated advanced persistent threats (APTs) and post-exploitation activities using CobaltStrike, Empire, and BloodHound aligned with MITRE ATT&CK TTPs.
- Performed targeted penetration testing and security assessments using OWASP Top 10 guidelines with tools including Burp Suite Enterprise, Metasploit, and Nmap.
- Secured DevSecOps pipelines with Jenkins, Kubernetes, Terraform, AWS, GitLab SAST, GitGuardian for secrets scanning, and OWASP Dependency-Check for dependency analysis.
- Conducted comprehensive vulnerability management, identifying, prioritizing, and remediating vulnerabilities across systems using Jira for tracking remediation efforts.
Summary
I have been working in security industry since 2010 (15+ years). I started as penetration tester(4+ years), continued as a red teamer(6+ years), I've also been involved in Shift Left Security initiatives such as DevSecOps, Security Awareness programs, Secure Code Training, and Capture the Flag (CTF) events.
Leading and operating 2 squads to execute red teaming and penetration testing projects. Recently, I have made it my primary focus to utilize LLM-powered AI agents in various security activities and services. I write code in many languages but have Strong preference for Python and also do Bug Bounties myself and triage HackerOne reports too. I have over 200,000 students with 4 security focused courses on Udemy and achieved Guru rank on Hackthebox CTF platform. I am passionate about solving problems.
Skills
- Red Teaming
- Adversary Emulation
- Post-exploitation
- Privilege Escalation (Windows/linux)
- Ai Agents/llm Security
- Social Engineering & Phishing Campaigns
- Shift-left Security
- Exploit Development
- Edr/av Bypass & Evasion Techniques
- Mitre Att&ck
- Cobaltstrike
- Kali Linux
- Devsecops
- Sast, Dast, Sca
- Owasp Top 10
- Zerotrust Architectures
- Webapp Security
- Api Security
- Mcp
- Ci/cd Security
- Mobile App Security
- Secure Code Review
- Terraform
- Cloud Security (Aws, Gcp, Azure)
- Kubernetes Security
- Container Security (Docker, Podman)
- Llm Vulnerabilities
- Infrastructure As Code (Iac) Security
- Threat Modeling
- Identity And Access Management (Iam)
- Vulnerability Mgmt
- Active Directory Security
- Atomic Redteam
- Cis Hardenings
- Vulnerability Scanning
- Blockchain Security
- Smart Contract Security
- Secure Code Trainings
- Capture The Flags (Ctf)
Languages
English
NativeGerman
IntermediateEducation
QIAU
Software Engineering · Qazvin, Iran, Islamic Republic of
Certifications & licenses
Mci Rpt Crtp - Certified Red Team Professional
Acrtp - Aws Certified Red Team Professional
Aws Security Specialty
Ceh V8: Certified Ethical Hacker
EC Council
Gcrp - Gcp Certified Red Team Professional
Mcrta - Multi Cloud Red Teaming Analyst
Mcrtp - Microsoft Azure Red Team Professional
Python Certified Programmer
Udemy
Need a freelancer? Find your match in seconds.
Try FRATCH GPT More actions
Similar Freelancers
Discover other experts with similar qualifications and experience
Maryam Mouzarani
AI Red Team Engineer
View Profile
Alexander Nagy
Security Expert
View Profile
Niels Aerts
Azure Architect
View Profile
Markus Willems
KRITIS Consultant
View Profile
Erlijn Van genuchten
Science communicator and change manager
View Profile
Henryk Orantek
Security Consultant
View Profile
Matthias Steinmann
Senior Consultant Security (freelance)
View Profile
Martin Wilhelmi
Security Auditor
View Profile
Valeri Milke
Associate Partner - Information Security Consulting
View Profile
Pierre Gronau
Ansible Automation, Windows Third Level Support
View Profile
Mike Barthel
System and Endpoint Hardening
View Profile
Nils Klawitter
Vulnerability Management and Secure SDLC
View Profile
Bernhard Bowitz
Senior Security Architect
View Profile
Stefan Radushev
ISO27001 Certification
View Profile
André Görst
IT Consulting Project Management / Engineering Subproject Management
View Profile
Kevin Engelhardt
CISO as a Service
View Profile
Christian Decker
Managing Director and Senior Consultant
View Profile
Chitrung Nguyen
Staff Software Engineer - Infrastructure
View Profile
Ilayda Dede
Cybersecurity & Ethical Hacking Program
View Profile
Monika Müller
Cybersecurity Engineer
View Profile
Alexander Sänn
Owner and Managing Director
View Profile
Tan Pham
DevOps Engineer in the DevOps Team
View Profile
Stanislaus Stelle
Security Consultant at Rohde & Schwarz AG
View Profile
Martin Grambauer
SAP Test Data Management Consultant
View Profile
Erald Kerciku
AWS Cloud Solutions Architect
View Profile
Ali Yazdani
Principal Product Security Engineer
View Profile
Christian Gebhardt
Deputy Chief Information Security Officer
View Profile
Arne Hendricks
Embedded Fullstack Developer
View Profile
Maxim Anikeev
External Lecturer (Privatdozent)
View Profile
Mevlüt Yıldırım
Project
View Profile
