01

Cybersecurity Engineer

Ben Hammouda
Nour.

I break systems so organisations don't have to.
Offensive security · Vulnerability research · Red teaming · AI security.

Available for work PGP Key
Scroll

About

Security engineer focused on offensive operations, vulnerability research, and AI security. I work across the full attack chain — from initial recon through exploitation, post-exploitation, and responsible disclosure.

Hands-on experience securing e-commerce platforms against OWASP Top 10 threats, conducting red team engagements to domain admin, and building custom tooling for threat intelligence and C2 infrastructure. Active HackerOne/Bugcrowd researcher with a track record of responsible disclosure to major platforms.

When I'm not breaking things, I'm reverse engineering them — or writing about why they broke, for practitioners, not press releases.

Focus Offensive Security · RE · AI Sec
Education B.S. Computer Engineering
Competitions IEEEXtreme 18.0 · HTB · TryHackMe
Platforms HackerOne · Bugcrowd · HTB
GitHub github.com/hireblackout
Status ● Open to work

Experience

E-Commerce Security Specialist
Lumia — Platform Security Hardening · Nice, France (Remote)
Last Summer
  • Secured e-commerce platform against OWASP Top 10 threats; implemented WAF, TLS encryption, and secure authentication — reducing attack surface by 70%.
  • Performed penetration testing and vulnerability assessments; remediated 50+ critical security issues, eliminating high-risk exposure.
Cybersecurity Consultant
Upwork & Contract Engagements · Malware Removal & Web Application Security (Remote)
2024 — Present
  • Secured 15+ e-commerce platforms against OWASP Top 10 threats; deployed WAF, TLS encryption, and secure authentication reducing attack surface by 70%; achieved 100% client satisfaction rate.
  • Conducted penetration testing and vulnerability assessments; remediated 50+ critical issues including SQLi, XSS, and IDOR; performed red team engagements achieving domain admin access through privilege escalation chains.

Technical Arsenal

Languages
Python · Bash · C/C++ · JavaScript · TypeScript · Assembly (x86/x64) · SQL · Go · PowerShell
Offensive Security & RE
Metasploit · Burp Suite · Cobalt Strike · BloodHound · Ghidra · IDA Pro · x64dbg · Binary Ninja · Mimikatz · sqlmap
Network & Infrastructure
Nmap · Wireshark · Snort · Docker · Kubernetes · AWS · pfSense · Cisco ASA · MQTT · Aircrack-ng
Application Security
SAST (ESLint, Semgrep) · Snyk · WAF · AES-256-GCM · OAuth 2.0 · JWT · bcryptjs · OWASP ZAP
Threat Intel & AI Security
MITRE ATT&CK · Shodan · YARA · TensorFlow · Google Gemini API · OpenAI API · FastMCP · NVD feeds
Compliance & Frameworks
NIST CSF · GDPR · NDPR · PDPA · POPIA · Incident Response · Responsible Disclosure

Credentials

CCNP (In Progress)
Ethical Hacking — EC-Council
Incident Management — DHS
Reverse Engineering — DHS
Zero Trust Networks — Cybrary
International Criminal Law — Case Western Reserve
IEEEXtreme 18.0 — 2nd National
Top 10% TryHackMe
Bug Bounty — Responsible Disclosure