A senior engineering and security team, available for contract.
Qasten is a two-person consulting team combining deep engineering expertise (ex-AWS, ex-Uber) and offensive security (ex-OpenAI). We work remotely with technical teams on problems that require genuine seniority. We take on missions independently or together — depending on what the problem requires.
Meet the team
Engineering
Farouk Faiz
Senior Software Engineer · ex-AWS · ex-Uber · Backend & cloud
I spent 3+ years at Amazon (AWS) building internal developer tooling with hard performance constraints — cutting graph loading times by 25×, pipeline execution times by 60×. Before that, I worked on reliability infrastructure at Uber, where I led failover monitoring and reduced failover time from 15 minutes to 2 minutes.
I work best on complex backend and infrastructure problems where there is no obvious solution — performance bottlenecks, distributed systems, AWS architecture, CI/CD at scale. I can also take full ownership of full-stack features when needed.
- Amazon (AWS) — Software Engineer — 2022–2025
- Uber — Software Engineer — 2021
- Eurecom — MSc Data Science & Engineering
What I work on
-
Backend Engineering
Complex APIs, distributed services, performance optimization, Java / Python / Go / TypeScript.
-
AWS & Cloud Infrastructure
Architecture reviews, infrastructure as code (CDK, CloudFormation, Terraform), CI/CD pipelines, observability and monitoring.
-
Developer Tooling & Platform
Internal tooling, developer experience, build systems, versioning pipelines at scale.
-
Performance Debugging
Latency investigations, memory/CPU profiling, large-scale data processing optimization.
- AWS
- CDK
- CloudFormation
- Terraform
- Docker
- Kubernetes
- CI/CD
- Java
- Python
- Go
- TypeScript
- React
- PostgreSQL
- Redis
- Distributed Systems
Security
What I work on
-
Red Teaming & Adversarial Testing
Adversarial simulation, prompt injection, policy bypass — including AI system red teaming. Acknowledged in OpenAI's Operator System Card (2025).
-
Penetration Testing
Web applications, network infrastructure, Active Directory, banking and government-grade environments. 140+ pentests conducted.
-
Security Architecture
Secure-by-design architecture reviews, DevSecOps pipeline integration (SAST, dependency scanning), security posture assessment.
-
AI Security Evaluation
Safety evaluation of LLMs and AI systems pre-release. Identifying vulnerabilities in model APIs, image generation, and operator systems.
- Red Teaming
- Penetration Testing
- Active Directory
- OSINT
- Prompt Injection
- AI Safety
- DevSecOps
- SAST
- Bug Bounty
- Network Security
- Web App Security
- Python
- Golang
- Reverse Engineering
Achraf El Masdouri
Cybersecurity Expert · Red Teamer · ex-OpenAI
I'm a security engineer with a focus on offensive security — red teaming, penetration testing, and adversarial evaluation. I've conducted 140+ pentests across banking systems, government infrastructure (including 911 emergency services), and enterprise networks.
As a contractor for OpenAI, I contributed to the safety evaluation of 20+ pre-release frontier models and was acknowledged in their Operator System Card (2025). I currently also serve as Security Engineer at Accor, managing their bug bounty program and securing critical payment and reservation infrastructure.
- OpenAI — Red Teamer (contractor) — 2024–present
- Accor SA — Security Engineer — 2022–present
- IntelliSecSolutions — Penetration Tester — 2024–present
- Eurecom — MSc Cybersecurity
- Rank 2 — Raise Your Hack 2025
- Top 600 worldwide — Hack The Box