Yassine Belkhadem

Software Engineer

yassine.belkhadem@insat.ucar.tn • +216 55872362 • https://www.linkedin.com/in/yassine-belkhadem-396266204/
Yassine Belkhadem

About

Final-semester MSc Software Engineering student specializing in cybersecurity, with expertise in full-stack development, DevOps, and cloud technologies. Proficient in Golang, Python, .NET, React, and Next.js. Co-founder of a tech startup, demonstrating leadership and entrepreneurial skills. Extensive experience in offensive security as a CTF player, organizer, and bug bounty hunter. Authored and organized 15+ CTF competitions, including events at BlackHat MEA. Actively participates in bug hunting on platforms like Intigriti and Yogosha. Seeking an end-of-study internship or full-time position to apply my diverse skill set in building robust and secure software solutions.

Experience

  • -

    Tokyo, Japan - Hybrid

    Summary:

    • As a Product Security Intern at Mercari, I played a crucial role in enhancing the company's application security processes. I significantly improved the Dynamic Application Security Testing (DAST) coverage and efficiency, conducted security assessments aligned with the Secure Software Development Life Cycle, and developed automation tools for security checks. My work involved threat modeling, CodeQL analysis, and ensuring compliance with OWASP Top 10 standards, contributing to a more robust security posture for the organization.

    Responsibilities:

    • Improve and streamline the DAST improvement.
    • Triage SAST reports and conduct security assessments.
    • Developed Golang control server for Nuclei and integrate it with NextJS frontend.
    • Automated security checks using Golang and GitHub API in Serverless environment.
    • Configured and deployed applications on GCP using Terraform and GitHub Actions.
    • Burp Suite
    • OWASP Top 10
    • Web Application Security
    • Threat Modeling
    • Java
    • Golang
    • NextJS
    • Microservices
    • GitHub API
    • GCP
    • Terraform
    • GitHub Actions
  • -

    Dubai, UAE - Remote

    Summary:

    • Contributed to CTF platform development, implemented testing and CI/CD, and collaborated on website design and admin dashboard development. A significant part of my work involves organizing and developing Capture The Flag (CTF) competitions, where I create challenging and educational cybersecurity scenarios.

    Responsibilities:

    • Conducted Security Trainings and Workshops for students and professionals.
    • Created Labs and Challenges for security professionals
    • Developed and maintained CTF platform features.
    • Implemented E2E and integration tests.
    • Designed and optimized CI/CD pipelines.
    • Collaborated with design team on website development.
    • Developed real-time admin dashboard with customizable reporting.
    • C#
    • .NET
    • React
    • E2E Testing
    • Integration Testing
    • Capture the Flag
    • Web Application Security
    • Selenium
    • Github Actions
    • AWS / GCP
    • Docker
  • -

    Toulouse, France - Remote

    Summary:

    • Developed auditing tool, created unified dashboard, implemented notification systems, and collaborated with clients.

    Responsibilities:

    • Developed and maintained auditing tool in Golang.
    • Created and maintained unified dashboard using NextJS.
    • Implemented real-time notification system.
    • Collaborated with clients on tool development.
    • Golang
    • NextJS
    • GCP
    • AWS
    • Azure
    • Terraform
    • Cloud Formation
    • Clean Architecture
    • Cloud Security
    • Data Governance
    • Enterpise Cloud Compliances
    • Hexagonal Architecture
  • -

    Tunis, Tunisia - Hybrid

    Summary:

    • Led technical development, secured investor interest, established technical strategy, and drove company growth.

    Responsibilities:

    • Led technical development and strategy.
    • Developed proof of concept and secured investor interest.
    • Established and documented technical direction.
    • Led recruitment, mentorship, and team upskilling.
    • Engineered API using NestJS and Clean Architecture.
    • Technical Leadership
    • Mentorship
    • Gitlab CI/CD
    • API Development
    • Clean Architecture
    • Typescript
    • React
    • NestJS
  • -

    Tunis, Tunisia - Hybrid

    Summary:

    • Developed dynamic Red Teaming lab and created vulnerable web applications for cybersecurity training.

    Responsibilities:

    • Developed a real‐time dynamic Red Teaming lab for technical tests, generating over 130 unique scenarios from a setup of 5 machines and 15 vulnerabilities, with over 10 network configurations. The lab featured easy customization for tailored technical tests and ensured the generation of different tests for different participants
    • Created and maintained vulnerable web applications and binaries.
    • Vulnerability Research
    • Web Application Security
    • Penetration Testing
    • Red Teaming
    • Ansible
    • Docker
    • Azure
    • Bash Scripting
    • Linux Administration

Skills

  • Rust
  • Go
  • C
  • C#
  • Python
  • TypeScript
  • OWASP TOP 10
  • Burp Suite
  • Blockchain / Ethereum
  • Secure Code Audit
  • GitLab
  • HTML
  • CSS
  • Tailwind
  • Node.js
  • SQL Databases
  • Git
  • GitHub GitHub
  • Next.js
  • React
  • AWS
  • GCP
  • Bash Scripting
  • Linux Administration
  • Domain Driven Design
  • REST
  • GraphQL
  • SvelteJS
  • React Native
  • CI/CD
  • GitHub Actions
  • Docker
  • Kubernetes
  • Ansible

Education

Projects

fir3cr4ckers 🧨