Resume

William Ben Embarek

Offensive security engineer with unique Kubernetes/DevOps depth, enabling me to both break and build secure cloud infrastructure. World-ranked CTF player (#1 team 2024) who’s contributed tools to OWASP and secured critical infrastructure across telecommunications and finance.

Skills

Languages: Python, Bash, PowerShell, C, x86 Assembly, JavaScript, Go

Security Tools: Burp Suite, Metasploit, Wireshark, BloodHound, Mimikatz, Drozer, Frida

Exploitation: Web Exploits, Windows and Linux Privilege Escalation, Active Directory Attacks, Android security, iOS security.

Cloud/Infrastructure: Kubernetes, Docker, Linux, AWS, CI/CD, Large Language Models.

Infosec Frameworks: MITRE ATT&CK, OWASP Top 10, OWASP Cheatsheets, SAIF

Other: Reverse Engineering, Mobile Security, Telco Security, Network Protocols, Cryptography

Experience

Pentester - TDC NET 2023-Present

Protect critical infrastructure including mobile networks, Windows/Linux servers, mobile devices, and Azure cloud environments. Conduct penetration testing and red teaming assessments using MITRE ATT&CK TTPs. Serve as the team’s technical specialist for advanced technologies, collaborating closely with AI, Data, and DevOps teams, with particular expertise in Kubernetes security. Led company-wide security initiative that identified previously unknown attack surface, implementation of the company’s first bug bounty program (Q4 2025), and early security assessments of internal solutions preventing critical vulnerabilities. Organize and run the company’s external-facing CTF used for marketing and recruitment. Provide security feedback to development teams, mentor junior staff, and assist student workers with bachelor’s thesis projects.

Volunteer Security Specialist - Roskilde Festival Present

Conduct security assessments for one of Europe’s largest music festivals. Performed comprehensive asset mapping and penetration testing on critical infrastructure, identifying vulnerabilities in payment systems and festival operations. Led remediation efforts for Point-of-Sale terminal security vulnerabilities and provided technical consultancy to IT teams on security best practices and incident response. Collaborated with cross-functional teams to implement security measures that protect both infrastructure and attendee data while maintaining operational efficiency.

Pentester - WithSecure 2022-2023

Spearheaded the revitalization of the Drozer mobile security testing tool, performing most of the codebase rewrite to enable compatibility with modern systems, now featured in the OWASP MASTG. Delivered diverse security assessments across industries, specializing in Application Security, Network Security, and Red Teaming. Performed assessments on websites, mobile apps, AWS environments, Kubernetes clusters, and desktop applications, including code reviews. Contributed to sales through project scoping and led community engagement initiatives within Danish cybersecurity, including university outreach and youth educational programs. Mentored new employees and assumed onboarding responsibilities for new hires.

Application Security Engineer - Tradeshift 2020-2022

Contributed to organizational security maturity as a part-time student engineer. Responsibilities included Bug Bounty triage, security monitoring and alerting, pull request reviews, log analysis, and developer training. Assisted in developing and auditing internal tools, including custom static code analysis rules and internal portals.

Software Engineer - Tradeshift 2018-2020

Software engineer working on in house developer tooling for automating system access, team memberships and QA processes within a large engineering organisation. As well as developed infrastructure for managing internal greenfield projects on AWS. Developed solidty smart contracts for supply chain tracing, Initiated and led optimization projects on internal customer data practices, based on global ISO standards, which influenced several product developments.

Education

2019-2022
MSc, Computer Science; Denmarks Technical University
2016-2019
BSc, Cybertechnology; Denmarks Technical University

certifications

  • Offensive Security Certified Professional (OSCP) - 2024
  • Offensive Security Exploit Developer (OSED) - 2025
  • Offensive Security Web Expert (OSWE) - 2025

Other

CTF Player : Kalmarunionen

CTF player with one of worlds best CTF Teams (Nr 1. globally 2024, Nr 3. Globally 2023). Apart from competing at a world class level I have assisted with infrastructure for our own KalmarCTF event, held internal trainings for the team members, as well as organized physical meetups, trips abroad and events.

CVES:

CVE-2025-0628 - LiteLLM privilege escalation

Languages

  • English - Fluent
  • Danish - Fluent
  • French - High level