LinkedIn: https://www.linkedin.com/in/muhammed-muhammed-bassem-80bb3115/
Blog: http://hackerzoneh.blogspot.com/
GitHub: muhammedabdelkader, muhammedmbassem, Mr0xr3d
Skype: muhammed61107
Schibsted Sverige AB, Stockholm (Sweden)
27/01/2023 – Present
- Manage, triage, and investigate Bug Bounty submissions and external pentest findings.
- Develop and maintain secure and scalable web applications using technologies such as Go, Python, Java, Node Js, and PHP.
- Implement and enforce secure coding principles, following industry best practices and OWASP TOP 10 guidelines.
Tink AB, Stockholm (Sweden)
07/02/2022 – 27/01/2023
- Proactively monitored, investigated, and mitigated security incidents, ensuring the timely resolution of identified issues.
- Managed, triaged, and investigated Bug Bounty submissions and external penetration testing findings, facilitating the identification and remediation of potential vulnerabilities.
- Actively participated in Agile development processes, including sprint planning, daily stand-ups, and retrospectives, to deliver high-quality software within tight deadlines, while considering security implications.
Klarna AB Bank, Stockholm (Sweden)
25/08/2019 – 07/02/2022
- Collaborated with product management and engineering teams to prioritize and address security risks, ensuring the overall risk level was reduced.
- Strategically planned and optimized resource utilization to ensure efficient operations.
- Conducted comprehensive white-box and black-box penetration testing on both internal and public-facing applications and assets to identify and mitigate security vulnerabilities.
- Managed, triaged, and investigated Bug Bounty submissions and findings from external penetration tests, taking prompt actions to address identified vulnerabilities.
- Performed variant analysis on identified security issues across all channels, ensuring a thorough understanding of their impact and potential mitigations.
- Regularly conducted security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), threat modeling, and code reviews to proactively detect and remediate vulnerabilities in application code.
Secure Misr, Cairo (Egypt)
27/01/2019 – 01/08/2019
- Perform thorough penetration tests on various systems, networks, and applications to identify vulnerabilities and potential security risks.
- Conduct comprehensive vulnerability assessments to identify weaknesses in infrastructure, applications, and other digital assets.
- Utilize ethical hacking techniques to exploit vulnerabilities and assess the impact on systems and data integrity.
- Respond to customer questionnaires and audits, providing detailed information on security practices, policies, and processes, ensuring transparency, and meeting compliance obligations.
Deloitte SBA, Cairo (Egypt)
01/01/2018 – 01/09/2018
- Assisted in providing strategic guidance and recommendations to clients on cybersecurity initiatives, risk management, and compliance.
- Conducted comprehensive security assessments, including vulnerability assessments, penetration testing, and security audits, to identify weaknesses and potential risks.
- Assisted in designing and implementing security controls and measures to mitigate identified risks and vulnerabilities.
- Conducted security incident response investigations, and provided timely and effective recommendations for incident mitigation and recovery.
Deloitte SBA, Cairo (Egypt)
01/07/2015 – 01/01/2018
- Perform thorough penetration tests on various systems, networks, and applications to identify vulnerabilities and potential security risks.
- Conduct comprehensive vulnerability assessments to identify weaknesses in infrastructure, applications, and other digital assets.
- Utilize ethical hacking techniques to exploit vulnerabilities and assess the impact on systems and data integrity.
- Prepare detailed reports outlining findings, including vulnerability assessments, exploitation techniques used, and recommended remediation steps.
Raya [DC/IT], Cairo (Egypt)
01/07/2014 – 01/07/2015
- Perform thorough penetration tests on various systems, networks, and applications to identify vulnerabilities and potential security risks.
- Conduct comprehensive vulnerability assessments to identify weaknesses in infrastructure, applications, and other digital assets.
- Utilize ethical hacking techniques to exploit vulnerabilities and assess the impact on systems and data integrity.
National Bank of Egypt (NBE), Cairo (Egypt)
01/01/2012 – 01/07/2014
- Manage and maintain the bank's security infrastructure, including firewalls, intrusion detection/prevention systems, antivirus systems, and other security tools, ensuring their effectiveness and adherence to industry standards.
- Monitor the bank's network and systems for potential security breaches or suspicious activities. Respond promptly to security incidents, investigate root causes, and implement appropriate remediation measures to minimize impact and prevent future occurrences.
- Conduct regular vulnerability assessments and penetration tests to identify weaknesses in the bank's systems and applications. Collaborate with relevant stakeholders to prioritize and address identified vulnerabilities, ensuring timely patching and mitigation.
- Develop and enforce information security policies and procedures in compliance with regulatory requirements and industry best practices.
- Conduct regular reviews to ensure policy adherence across the bank and provide necessary training and awareness programs to employees.
- Participate in internal and external security audits and assessments, ensuring compliance with applicable regulatory frameworks (e.g., ISO 27001, PCI-DSS, NIST). Coordinate with auditors, provide the necessary documentation, and address any identified gaps or non-compliance issues.
National Bank of Egypt (NBE), Cairo (Egypt)
01/10/2010 – 01/01/2012
- Provide technical support and troubleshooting for bank applications, including identifying and resolving software defects, configuration issues, and performance bottlenecks.
- Create and maintain scripts in Bash and PowerShell to automate routine tasks, improve efficiency, and streamline processes in the bank's infrastructure and application environments.
- Analyze code and system logs to diagnose and resolve complex technical issues related to software functionality, data integrity, and system integration.
- Respond to and resolve technical incidents reported by bank users, including triaging, prioritizing, and escalating issues as necessary to minimize downtime and ensure timely resolution.
- Create and maintain technical documentation, including troubleshooting guides, standard operating procedures, and knowledge base articles, to facilitate effective issue resolution and knowledge transfer.
- Ensure compliance with security policies, standards, and regulatory requirements, such as data protection, access controls, and information security protocols, throughout software development and support activities.
BSc in Computer Science
Faculty of Science - Cairo University, Cairo (Egypt)
01/01/2006 – 01/01/2010
Arabic (Mother tongue)
English (B2)
- Excellent interpersonal and communication skills to share knowledge and to communicate effectively with different backgrounds.
- Strong oral and written communication, organization, and interpersonal skills. Ability to translate complex findings into interpretable and simple output.
- Strong people management and leadership skills.
- Operational control and experience leading both a services organization and product development function.
- Developing business strategy and providing technical thought leadership.
- Managing customer engagements and escalations to ensure customer satisfaction.
- Expert understanding of technology and security principles and knowledge of the cyber threat landscape.
- Expert in leading penetration testing and vulnerability assessment engagements for large enterprise firms.
- Expert in tailored reconnaissance, exploitation, and lateral movement.
- Strong knowledge of attack surfaces for common enterprise systems and services.
- Ability to independently apply testing methods against a wide variety of targets including Web Applications, Mobile Applications, Web APIs, databases, wireless networks, conducting social engineering attacks against customer user base, routing infrastructure, VOIP, and VPN.
- Perform secure code review. Writing fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection.
- Strong knowledge in scripting. Good experience with SIEMs (Splunk).
- Excellent experience with AWS & GCP. Writing security tools (Golang, Python, Java, and PHP).
- Offensive Security Certified Expert (OSCE)
- Offensive Security Certified Professional (OSCP)
- ISO 27001:2013 Lead Auditor Certification (BSI 2013)
- GSEC (General Security Essentials Certificate) SANS License 32754
- Certified Red Team Professional (CRTP)