Omar Hesham Elshopky

Mid-level Offensive Security EngineerFull Time

• Job Details:- Conducted penetration testing, source code review, and configuration auditing engagements on web, API, cloud, and infrastructure (incl. AD), identifying 100+ vulnerabilities, 40+ critical, and 5+ RCEs across internal and client assets. - Acted as a subject matter expert for 20+ DevOps and development team members, supporting the secure design and implementation of products, infrastructure, and CI/CD pipelines. -Mentored a multinational team of two associate security engineers through collaborative pentesting and practical sessions. -Participated in 5+ client and third-party meetings, assessing proposals, client security guidelines, and project architectures to ensure compliance with security requirements. -Contributed to 4+ incident response cases, covering detection, containment, eradication, and reporting, including analysis of entry points and threat activity across systems, phishing campaigns, and web assets.

Penetration TesterFull Time

• Job Details:- Conducted penetration testing on web, API, POS, and infra (incl. AD) assets, identifying 40+ findings, with 10+ critical. - Achieved 100% adherence to PCI compliance procedures while collaborating with 15+ developers, IT, and DevOps to mitigate risks and address vulnerabilities. - Conducted source code reviews of an in-house .NET service with 20+ functionalities, providing actionable insights for security improvement. - Delivered interactive cybersecurity awareness sessions for 100+ employees, fostering a culture of security awareness.

Cyber Security SpecialistFull Time

• Job Details:- Formulated a comprehensive security improvement plan that strengthened software and data protection policies, enhancing client trust and retention while increasing support package profit by 35%. - Conducted pentesting activities on 10+ web and infrastructure, ensuring security measures aligned with industry best practices. - Applied monthly security evaluations, covering vulnerability assessments, code reviews, misconfiguration checks, and WAF/CDN validations for 20+ projects. - Guided cross-functional teams of 50+ members in implementing security best practices.