Go to Website
  • en
  • de

Seyed (Farhad) M.

Senior Product Security Engineer

Berlin, Germany

Experience

Nov 2022 - Present
3 years
Berlin, Germany

Senior Product Security Engineer

Delivery Hero

  • Developed a custom tool using the Mistral 7B LLM to scan, validate and report security vulnerabilities
  • Performed security testing of AI agents, bots, and other LLMs focusing on prompt injection, model inversion, data poisoning, EDR/AV bypass and evasion techniques, membership inference, model evasion, overfitting to malicious inputs, and contextual manipulation
  • Onboarded repositories to SAST solutions for security scanning, implemented secrets scanning, and utilized ZAP for DAST in CI/CD pipelines
  • Engaged in security awareness trainings, developed CTF challenges and training materials to enhance developer security knowledge
  • Planned and executed bi-annual red teaming operations based on the MITRE ATT&CK framework and led all internal and external pentests based on OWASP Top 10, resulting in detection, reporting, and remediation of hundreds of security vulnerabilities across 70+ applications worldwide
Nov 2021 - Nov 2022
1 year 1 month

Senior Offensive Security Engineer - RedTeam

Ernyka Holding

  • Executed red team exercises on a six-month basis
  • Conducted web, API, network, and mobile pentesting of assets
  • Audited and implemented hardenings on services using CIS benchmarks
  • Performed blockchain security assessments for smart contract security
  • Delivered secure code trainings and capture the flag events
  • Implemented cloud security solutions on Microsoft Azure domestic cloud
  • Integrated DevSecOps tools including Snyk, SonarQube, and GitLab
Jun 2015 - Jul 2016
1 year 2 months

Penetration Testing / Vulnerability Development Projects Assessment / Hardening

Rightel

  • Developed a security scanner with a local LLM to analyze, validate, correlate, and report results
  • Created an AI-driven triage bot to assess, analyze, and prioritize security issues and tickets
  • Built an anti-ransomware framework to detect and alarm ransomware activities
  • Designed automated web vulnerability and firewall rule assessment tools for bug bounty hunting
  • Conducted vulnerability assessments and penetration testing including OWASP Top 10 exploitation and CIS hardening implementation
Dec 2011 - Nov 2021
10 years

Senior Penetration Tester/Red Teamer

Telecommunication Company

  • Simulated advanced persistent threats using tools such as Cobalt Strike, Empire, and BloodHound based on MITRE ATT&CK TTPs
  • Performed targeted penetration testing and security assessments following OWASP Top 10 guidelines, delivering actionable remediation guidance
  • Used Burp Suite Enterprise, Metasploit, Nmap, and Kali Linux for security testing
  • Secured GitLab CI/CD pipelines using GitLab SAST, GitGuardian for secrets scanning, and OWASP Dependency-Check
  • Conducted vulnerability management by identifying, prioritizing, and remediating vulnerabilities using Jira for tracking

Summary

I have been working in security industry since 2010 (15+ years).

I started as penetration tester(4+ years), continued as a red teamer(6+ years), I've also been involved in Shift Left Security initiatives such as DevSecOps, Security Awareness programs, Secure Code Training, and Capture the Flag (CTF) events.

Leading and operating 2 squads to execute red teaming and penetration testing projects.

Recently, I have made it my primary focus to utilize LLM-powered AI agents in various security activities and services.

I write code in many languages but have Strong preference for Python and also do Bug Bounties myself and triage HackerOne reports too.

I have over 200,000 students with 4 security focused courses on Udemy and achieved Guru rank on Hackthebox CTF platform.

I am passionate about solving problems.

Languages

English
Native
German
Intermediate

Education

QIAU

Software Engineering · Qazvin, Iran, Islamic Republic of

Certifications & licenses

MCI RPT CRTP - Certified Red Team Professional

Altered Security

ACRTP - AWS Certified Red Team Professional

PwnedLabs

AWS Security Specialty

AWS

CEH V8: Certified Ethical Hacker

EC Council

GCRP - GCP Certified Red Team Professional

PwnedLabs

MCRTA - Multi Cloud Red Teaming Analyst

cyberwarfare.live

MCRTP - Microsoft Azure Red Team Professional

PwnedLabs

Python Certified Programmer (60 hours)

Udemy

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Henryk O.

Security Consultant

View Profile
Alexander N.

Security Expert

View Profile
Nils K.

Vulnerability Management and Secure SDLC

View Profile
Ali Y.

Principal Product Security Engineer

View Profile
Sascha L.

CEO

View Profile
Rick G.

Penetration Tester

View Profile
Markus W.

IT security consultant

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
Dirk M.

Project Lead

View Profile
Kevin E.

Lecturer on AI in Cybersecurity

View Profile
Stanislaus S.

Security Consultant

View Profile
Christian D.

Managing Director and Senior Consultant

View Profile
Sergey K.

Director, Head of Group Cyber Security

View Profile
Martin W.

Security Auditor

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.