Jad Ghamloush

• Identified and reported security vulnerabilities in web applications through hands-on testing and analysis using tools such as Burp Suite. • Performed reconnaissance, vulnerability assessments, and exploitation of common flaws including XSS and SQL injection.

• Developed an Automated Secret Detection & Takedown System to identify and mitigate credential and sensitive data leaks across GitHub, Bitbucket, and Postman. • Integrated tools (Trufflehog, Gitleaks, detect-secrets) and custom regex for pattern-based scanning. • Automated takedown/reporting workflows using platform APIs; implemented logging, dashboards, and ensured compliance with legal and responsible disclosure practices.

• Reported valid vulnerabilities across multiple platforms (HackerOne, Bugcrowd) impacting real-world companies like NASA, DELL etc. • Specialized in web application security, focusing on practical exploitation techniques. • Ranked in the top 8% worldwide on TryHackMe