// resume_preview · Ahmed_Mahmoud.pdf

Ahmed Mahmoud

AI-Driven Cybersecurity Engineer · Penetration Tester · AI Security Researcher

ahmedmahmoudhud@gmail.com linkedin.com/in/ahm-mahmoud github.com/ahme-mahmoud Egypt

Professional Summary

AI-Driven Cybersecurity Engineer with hands-on experience in offensive security, web and network penetration testing, vulnerability research security tooling threat detection, and ML-powered threat detection. Active bug bounty hunter on HackerOne. Passionate about building intelligent systems that detect and stop cyber threats in real time.

Experience

Bug Hunter — HackerOne

Dec 2024 – Present · Freelance · Remote

Information Security Intern

Cyberthos

Oct 2025 – Present · Remote

Machine Learning Engineer Intern

Digital Egypt Pioneers Initiative (DEPI)

Nov 2025 – Present · Giza · Hybrid

Microsoft Summer Camp × Sprints

Sprints

Sep – Nov 2025 · Remote

Cybersecurity Training

National Telecommunication Institute (NTI)

Aug – Sep 2025 · Smart Village · Hybrid

NessusOpenVASBurp SuiteSplunkELK StackOWASP ZAP

Education

Elsewedy University of Technology

B.Eng. · Network & Cybersecurity

Oct 2023 – 2027 (Expected)

Certifications

eJPT — eLearnSecurity

eWPT — eLearnSecurity

Security+ — CompTIA

CCNA — Cisco

Core Technical Skills

PythonWeb App PentestingNetwork PentestingICS/OT SecurityBug BountyTensorFlowMachine LearningBurp SuiteMetasploitSuricataSplunk/SIEMDockerFlaskSHAP

Key Projects

ICS/OT NDR

ML-based anomaly detection for Industrial Control Systems using TensorFlow autoencoder + attack classifier for real-time OT threat classification.

Botnet Detection System

Hybrid ensemble (LightGBM + XGBoost + BiLSTM + Attention) with SHAP explainability. Built for Furssah AI Competition.

Network Traffic Forensics IDS

Real-time IDS combining Suricata + XGBoost traffic classification trained on CIC-IDS datasets with live Streamlit dashboard.

01 — About

Who I Am

I'm Ahmed Mahmoud, a Penetration Tester and AI-Driven Cybersecurity Engineer focused on offensive security, vulnerability research, and intelligent threat detection systems.

My work combines artificial intelligence with cybersecurity — designing ML-powered security tools that analyse network behaviour, detect anomalies, and assist analysts in identifying threats in real time.

Currently pursuing my B.Eng. in Network & Cybersecurity at Elsewedy University while actively hunting vulnerabilities on HackerOne and building research-grade security tooling.

Web Pentesting Network Forensics AI Threat Detection Mobile App Security Bug Bounty Security Tooling

LinkedIn GitHub Medium

identity.json

name"Ahmed Mahmoud"

role"AI-Driven Cybersecurity Engineer"

location"Egypt 🇪🇬"

focus"Offensive Security + AI"

platform"HackerOne"

status"open_to_work"

02 — Experience

Where I've Worked

Bug Hunter

HackerOne

InfoSec Intern

Cyberthos

ML Engineer Intern

DEPI

Microsoft Camp

Sprints

Cyber Training

NTI

Bug Hunter

HackerOne

Dec 2024 – Present Freelance Remote Active

Actively hunting vulnerabilities across public and private bug bounty programs on HackerOne. Focusing on web application vulnerabilities including IDOR, XSS, SSRF, authentication bypass, and business logic flaws.

Information Security Intern

Cyberthos

Oct 2025 – Present Internship Remote Active

Working on information security assessments, vulnerability research, and security tooling within a cybersecurity-focused environment.

Machine Learning Engineer Intern

Digital Egypt Pioneers Initiative (DEPI)

Nov 2025 – Present Internship Giza · Hybrid Active

Developing and training ML models for cybersecurity applications. Working with classification, anomaly detection, and sequence models applied to network traffic and threat analysis.

TensorFlowPyTorchscikit-learnPythonPandas

Microsoft Summer Camp × Sprints

Sprints

Sep – Nov 2025 Internship Remote

Participated in a Microsoft-backed summer camp focused on cloud and security technologies, delivered through Sprints' intensive program structure.

Microsoft AzureCloud SecurityDevSecOps

Cybersecurity Training

National Telecommunication Institute (NTI)

Aug – Sep 2025 Training Smart Village · Hybrid

Intensive hands-on cybersecurity training covering vulnerability scanning, web application security, cloud security, and SIEM operations at Egypt's National Telecom Institute.

NessusOpenVASOWASP ZAPBurp SuiteSplunkELK StackScoutSuitePrisma CloudWPScan

03 — Skills

Technical Stack

Programming Languages

PythonJava JavaScriptPHP Bash / ShellHTML5CSS3

Offensive Security

Web App PentestingOWASP · eWPT

Network PentestingeJPT · CCNA

Bug Bounty HuntingHackerOne

ICS / OT SecurityIndustrial

Mobile App SecurityAndroid/iOS

Security Tools

Burp SuiteWiresharkNmap MetasploitKali Linux SQLmapHydraJohn TR Aircrack-ngNikto NessusOpenVAS OWASP ZAPScoutSuite

Network & SIEM

Suricata IDSZeek / Bro SplunkELK Stack PCAP AnalysisProtocol Analysis Firewall MgmtVPN

AI / ML for Cybersecurity

Frameworks

TensorFlowPyTorch scikit-learnLightGBM PandasNumPyMatplotlib

Algorithms

Random ForestXGBoost BiLSTM/GRUAutoencoder DBSCANIsolation ForestSHAP

Applied Domains

Anomaly / IDS

Botnet Detection

Traffic Classification

Cloud · DevOps · Web

DockerAWSGoogle Cloud Git/GitHubCI/CDLinux Admin FlaskStreamlitREST APIs Node.jsLaravelSQLite

04 — Projects

What I've Built

ICS/OT Network Detection & Response

AI-powered NDR for Industrial Control Systems that classifies OT network traffic in real time using a TensorFlow autoencoder for anomaly detection and a secondary classifier distinguishing reconnaissance from actual attacks — enabling operators to triage threats without manual packet inspection.

PythonTensorFlowKerasSuricataFlaskStreamlitPCAP

Botnet Detection — Furssah AI Competition

Hybrid AI botnet detection combining ensemble learning (LightGBM + XGBoost + Isolation Forest + DBSCAN) with SHAP explainability and real-time BiLSTM + GRU + Attention sequential analysis.

LightGBMXGBoostBiLSTMSHAPDBSCAN

Network Traffic Forensics IDS

Real-time IDS combining network forensics and ML that detects malicious traffic using Suricata + XGBoost trained on CIC-IDS datasets, with Zeek enrichment and a live Streamlit alert dashboard.

XGBoostSuricataZeekWiresharkStreamlit

SecureMerge — M&A Cyber Risk GRC

End-to-end GRC framework for M&A cyber risk: due diligence questionnaire → quantitative risk scoring → integration decision framework → post-merger governance tracking.

GRCRisk ScoringM&A SecurityGovernance

Custom Firewall + Rules Manager

Linux iptables-based firewall with dynamic IP/port/protocol blocking, persistent SQLite logging, real-time stats, and an interactive CLI — replacing manual iptables with a structured rule lifecycle.

BashPythoniptablesSQLiteCLI

IoT Wi-Fi Honeypot — Evil Twin

ESP32 honeypot studying real IoT device behaviour under Evil Twin attacks, with a Flask logging server capturing credential attempts + RSSI and a Chart.js analytics dashboard.

ESP32Arduino/CFlaskChart.jsIoT Sec

All Repos on GitHub

05 — Education & Certifications

Credentials & Training

Elsewedy University of Technology — Polytechnic of Egypt

B.Eng. Technology · Network and Cybersecurity

Oct 2023 — 2027 (Expected) · Giza, Egypt

Network Security Cybersecurity Information Systems Engineering Tech

eJPT

eLearnSecurity · Junior Penetration Tester

eWPT

eLearnSecurity · Web App Penetration Tester

Security+

CompTIA · Security+

CCNA

Cisco · Certified Network Associate

08 — Contact

Let's Connect

Looking to collaborate on cybersecurity research, red team engagements, or AI-driven threat detection? I'm open to internships, freelance work, and research partnerships.

I typically respond within 24 hours.

Personal Email

ahmedmahmoudhud@gmail.com

linkedin.com/in/ahm-mahmoud

GitHub

github.com/ahme-mahmoud

HackerOne

Bug Bounty Profile

Medium

medium.com/@ahme-mahmoud