Ahmad Jamal Sonji
Cybersecurity Consultant - Audit and penetration testing
About Me
Cybersecurity engineer passionate about offensive security and system protection. I specialize in penetration testing, vulnerability exploitation, and secure software development. My experience at Wavestone and work on CTF challenges (Root-Me, Hack The Box) have sharpened my skills in network audits, web exploitation, and automation tool creation.
Fluent in Python, Java, and ReactJS, with a strong foundation in DevOps, Terraform, and cloud security. I am currently pursuing the CPTS certification on Hack The Box, continuously pushing my technical boundaries.
I enjoy exchanging ideas about cybersecurity, new attack vectors, and automation in security testing. Feel free to connect with me here or reach out at ahmad.sonji01@gmail.com.
Profesional Experience
Wavestone - Cybersecurity Consultant in Audit and Penetration Testing
From 6th of March 2023 - current
Security Audits:
• Performed more than 25 web application security audits and code reviews, including vulnerability exploitation (XSS, CSRF, SQLi, file injection, etc.) and the evaluation of authentication modules (SAML, OAuth 2.0, OIDC).• Conducted more than 5 network configuration reviews (SMTP, FTP, DNS) to identify configuration weaknesses and strengthen system resilience.
• Performed over 5 architectural and organizational security reviews aimed at assessing compliance and maturity of security controls.
• Conducted system and network configuration reviews:
• Around 5 configuration reviews for Linux, Windows, and VMware NSX.
• Around 15 configuration reviews for Cisco and Fortinet.
• 3 SAP configuration reviews.
• 1 Azure configuration review.
• Conducted an OSINT mission on 8 different targets (Maltego, SpiderFoot, Shodan, theHarvester).
Research & Development:
• Designed a firewall review automation tool (rule classification and analysis).• Developed a Python/Terraform framework for password cracking and analysis (NTDS, AWS, Hashcat).
• Authored multi-technology audit guides and training materials on secure development.
• Designed an internal staffing optimization tool for mission resource management.
• Developed a CTF and cybersecurity challenges platform – Internship Topic:
• Created a Terraform script for automated deployment of the CTF platform and selected challenges.
• Designed and developed custom CTF challenges.
Rakuten France E-commerce - NextJS/Java FullStack Intern
From 11th of April 2022 - current
• For myself, i worked on rebuilding the cart on Rakuten E-commerce website which was my first project along side the team.
• After that, i was handed the project of redisigning the Club R and Sponsorship pages which was done using NextJS, and i adapted the existing webservice created using java and added it to be called from the Gateway and not directly from the frontEnd service layer
Front-End
• Worked on creating essential reusable components (in NextJS) for the plateform.
• Used multiple NextJS functionalities like Server side rendering, static site props, ISR ...
• Other multiple tools used alongside NextJS like Mockoon, Redux, GraphQL.
Back-End
• Learned about Java Springboot framework and Java Spring cloud Gateway
• Used Presentation - Business - Data Access Layers Architecture
JEECE - Information Systems Manager
From 1st of july 2022 - current
- I take care of managing the association's tools, setting up useful automations between the applications used.
- I recently started working on projects like setting up a recruitment platform, which I have to code in JS using ReactJS and NodeJS
SendWave - Student Part-time Job
From September to November
VINTOB - PHP Back-end Developper Intern
Discovery of professional web development principles, i worked on the iVoipe platform ( Bug fixing, Googel captcha integration, replacing the mail server with a external service )
Fnac Darty - Sales
From January to february
-Sales, customer assistance, inventory management, preparations for commercial operations, competitir prices surveillance.
My Latest Work
See more of my work
Programming Skills
General skills and knowledge
My studies and diploma
