A senior engineering and security team, available for contract.
Qasten is a two-person consulting team combining deep engineering expertise (ex-AWS, ex-Uber) and offensive security (ex-OpenAI). We work remotely with technical teams on problems that require genuine seniority. We take on missions independently or together, depending on what the problem requires.
Meet the team
Engineering
Farouk Faiz
Senior Software Engineer · ex-AWS · ex-Uber · Backend & cloud
I spent 3+ years at Amazon (AWS) building internal developer tooling with hard performance constraints, cutting graph loading times by 25x, pipeline execution times by 60x. During that time I also worked on AI-powered agents for large-scale mainframe modernization, automating code transformation and testing across COBOL-to-Java migrations.
Before that, I worked on reliability infrastructure at Uber, where I led failover monitoring and reduced failover time from 15 minutes to 2 minutes.
I work best on hard, ambiguous problems, slow systems, infrastructure that hasn't kept up with growth, codebases with years of technical debt. I'm autonomous, I communicate directly with stakeholders, and I don't need oversight on the engineering or infrastructure side.
- Amazon (AWS) - Software Engineer - 2022-2026
- Uber - Software Engineer - 2021
- Rank 2 - Raise Your Hack 2025
What I work on
-
Backend Engineering & Performance
Distributed services, high-throughput APIs, latency investigations, profiling. I've optimized systems processing millions of nodes and built reliability infrastructure at Uber's scale.
-
AWS & Cloud Infrastructure
Architecture reviews, infrastructure as code, security, observability and monitoring. I'm comfortable owning the full infrastructure layer, from design to production.
-
Agentic AI
Design and implementation of AI agents and multi-agent systems, task automation, LLM orchestration, tool use, and human-in-the-loop workflows. Built AI agents in production at AWS scale for large modernization programs.
-
Developer Tooling & Platform
Internal tooling, build systems, CI/CD pipelines at scale, developer experience. At AWS, the CI/CD system I built was used 10,000+ times by 50+ developers across teams.
-
End-to-End Ownership
I can own features end-to-end when the mission calls for it, from infrastructure to UI, without creating handoff bottlenecks.
Security
What I work on
-
Red Teaming & Adversarial Testing
Adversarial simulation, prompt injection, policy bypass, including AI system red teaming. Acknowledged in OpenAI's Operator System Card (2025).
-
Penetration Testing
Web applications, network infrastructure, Active Directory, banking and government-grade environments. 140+ pentests conducted.
-
Security Architecture
Secure-by-design architecture reviews, DevSecOps pipeline integration (SAST, dependency scanning), security posture assessment.
-
AI Security Evaluation
Safety evaluation of LLMs and AI systems pre-release. Identifying vulnerabilities in model APIs, image generation, and operator systems.
- Red Teaming
- Penetration Testing
- Active Directory
- OSINT
- Prompt Injection
- AI Safety
- DevSecOps
- SAST
- Bug Bounty
- Network Security
- Web App Security
- Python
- Golang
- Reverse Engineering
Achraf El Masdouri
Cybersecurity Expert · Red Teamer · ex-OpenAI
I'm a security engineer with a focus on offensive security, red teaming, penetration testing, and adversarial evaluation. I've conducted 140+ pentests across banking systems, government infrastructure (including 911 emergency services), and enterprise networks.
As a contractor for OpenAI, I contributed to the safety evaluation of 20+ pre-release frontier models and was acknowledged in their Operator System Card (2025). I currently also serve as Security Engineer at Accor, managing their bug bounty program and securing critical payment and reservation infrastructure.
- OpenAI - Red Teamer (contractor) - 2024-2026
- Accor SA - Security Engineer - 2022-2026
- Rank 2 - Raise Your Hack 2025
- Top 600 worldwide - Hack The Box