Built real-time Power BI dashboards to monitor Fortigate and IDS/IPS logs, improving detection and incident triage times.
Correlated Splunk and ELK alerts with threat intelligence to validate indicators and evidence for investigations.
Tuned detection rules and enriched logs to reduce noise and focus on attacker-aligned behaviors to support red team validation and post-exploitation analysis.
Penetration Tester Intern
El-Khawarizmi Computing Center (CCK)
Conducted black-box and authenticated application tests using Burp Suite (manual + scanner), WPScan and Nessus to find injection, authentication, and session flaws.
Performed host and network discovery (Nmap), vulnerability validation, and produced remediation-focused reports with reproduction steps and risk ratings.
Automated repetitive checks with Python scripts to reliably reproduce findings and reduce manual verification time.
Web3 Systems Engineer Intern
Smart Tunisian Technopark (S2T)
Engineered blockchain-based applications using Solidity and JavaScript, implementing secure coding with OpenZeppelin to address OWASP Top 10 vulnerabilities in decentralized systems.
Integrated authentication protocols like SAML equivalents in Web3, conducting vulnerability assessments with Remix IDE to ensure robust remediation and auditability.
Software Engineer Intern
El-Khawarizmi Computing Center (CCK)
Implemented secure web application features and hardened server configurations; participated in code reviews to spot injection and auth issues.
Identity Systems Engineer Intern
El-Khawarizmi Computing Center (CCK)
Designed federation and identity flows (SAML, LDAP) and hardened authentication paths—experience relevant to Active Directory and identity-focused red team tests.
Network Security Intern
Tunisian Civil Aviation and Airports Authority (OACA)
Applied secure access controls via Active Directory and monitored traffic with Wireshark to troubleshoot and harden systems.
Network Security Intern
Tunisian Civil Aviation and Airports Authority (OACA)
Secured network devices and implemented basic network hardening practices that later informed internal/external network pentests.
Education
Master's Level Engineering Degree in Computer Science, Networks and Multimedia
Private International Polytechnic School of Tunis
Hands-on experience with OWASP ZAP, BurpSuite, and numerous Metasploit 2 labs. Built an ethical keylogger with python as a personal project.
For my final internship, I analyzed raw, non-tabular firewall logs to detect and mitigate global threats to the Tunisian National ISP for Academia (El-Khawarizmi Computing Center).
Professional Master's Degree in Operational Cybersecurity
Tunis Higher School of Communications
Hands-on expereince in OSINT, DFIR (Autopsy, SIFT, MISP), and ELK Stack deployment.
Mastered Splunk, Suricata, and Snort. - Used Kali for social media investigations and Wireshark extensively in CTFs.
Pentested Vulnerable Plateforms such as DVWA, bWAPP and VulnHub using exploits like XSS, SQLi, CSRF, etc.
Professional Master's Degree in Open Source Software Engineering
Higher Institute of Computer Science
Secured code with SAST/DAST and SonarQube.
Practiced OWASP Top 10, including SQL/XSS injection and CSFR.
Built secure apps with React.js and Node.js.
Skills & Hobbies
Offensive Security & Pentesting
Web App Pentesting (XSS, SQLi, CSRF)
Network & Host Enumeration (Nmap, WPScan)
bugExploit Development (x86, Pwntools, GDB)
Reverse Engineering (IDA Pro, Ghidra, x64dbg)
Scripting & Automation (Python, Bash)
Defensive Security
SIEM & Threat Detection (Splunk, ELK)
IDS/IPS & Log Analysis (Suricata, Fortigate)
DFIR & Threat Intel (Autopsy, MISP, SIFT)
Secure Coding & Hardening (OWASP Top 10, SonarQube)