// security engineer
0xTT
Omar Fattouh
Security Engineer focused on Detection Engineering, Malware Analysis, and Offensive Research. I build things that find threats — and understand the threats themselves.
Work Experience
- Delivering DevSecOps solutions across automation, infrastructure, and application security for multiple ongoing projects.
- Designing secure, scalable architectures combining workflow automation, backend services, and containerized environments.
- Building and deploying production systems using Docker Compose with strong isolation and reproducibility.
- Implementing automation pipelines to reduce manual operations and improve system efficiency.
- Hardening Linux-based VPS infrastructure (access control, firewalling, service isolation).
- Developing internal dashboards (Flask/MySQL) to improve observability, monitoring, and operational insight.
- Integrating APIs and AI services using fault-tolerant design patterns (fallbacks, retries, error handling).
- Continuously improving system reliability, performance, and security through iterative development.
Completed an intensive 8-week SOC Analyst program with hands-on experience across the full analyst workflow — from log management and SIEM analysis to incident categorization and threat intelligence integration. Worked with the ELK stack and Wazuh for security monitoring, conducted vulnerability scanning and compliance reporting, and delivered a Capstone Project on comprehensive incident response and threat detection in a real-world SOC environment.
Portfolio
Dockerized ELK stack on Fedora Linux simulating Linux credential access (MITRE T1003). Endpoint logs flow Wazuh → Logstash pipeline → Elasticsearch → Kibana dashboard. Sigma rule compiled to Lucene query — detection rule confirmed firing.
Hands-on lab applying CIS Kubernetes benchmarks, auditing RBAC misconfigurations, and deploying Falco for runtime threat detection across a local cluster.
Static + behavioral analysis tool targeting shellcode patterns: API hashing, process injection, and AMSI/ETW patching indicators.
Public malware analysis reports covering real-world samples — static analysis, dynamic behavior, IOCs, and YARA signatures.
End-to-end automation pipeline for Nesma Airlines' Chief Pilot Office. Classifies incoming email across 17 airline departments using Gemini 2.0 Flash, deployed as an n8n workflow on a Hetzner VPS (Docker Compose). Live Flask/MySQL dashboard at nesma.limatrix.net with daily Telegram reports — zero manual triage required.
Scans codebases and git histories for hardcoded credentials — API keys, tokens, connection strings, and private keys — using regex pattern libraries combined with entropy analysis to surface high-confidence findings. Designed for both pre-commit hooks and CI/CD pipeline integration.