Cashlink Technologies GmbH
| Security Architect |
Jan 2023 - current |
|
|
- Design new AWS architecture from scratch
- Adopted terraform as new IaC technology
- Helped to secure the Kubernetes cluster
| Senior Security Engineer |
Oct 2021 - Dec 2022 |
- Setup infrastructure scanning using vuls.io
- Introduced Infrastructure as Code (IaC) using Python and AWS CDK
- Setup CDK stacks for multiple tenants
- Setup custom SSO infrastructure using AWS SSO
- SSO for SaaS services
- SSO for SSH access
- Yubikeys as MFA (FIDO2/U2F)
- Hold different knowledge sharing sessions on
- Infrastructure orchestration using ansible
- Penetration tests
Scout24 AG
| Senior Security Engineer |
Mar 2020 - Sep 2021 |
- Penetration tests (mainly web applications)
- Internal workshops for the Security team
- Implementation of own custom SCA solution using AWS, Serverless, GitHub and Golang
- Meanwhile focus more on monitoring, observability but also engineering of custom tools for AWS using Golang, Python, CDK
| Professional Security Engineer |
Mar 2016 - Dec 2016 |
- Penetration tests: Web applications/services, network vulnerability scanning
- Evaluate attack vectors/surfaces
- Code reviews (mainly Java, PHP, JavaScript)
- Architecture design reviews
- Create, implement and communicate security requirements
- Develop and hold inhouse security workshops
- Maintain security concepts
- Technical consultancy aimed at securing the global infrastructure of the Scout24 Group
Vodafone Kabel Deutschland GmbH
| Application Security Specialist |
Sep 2015 - Jan 2016 |
- Penetration tests
- Web applications/services
- Mobile applications (Android, iOS)
- Vulnerability scanning
- Code / architecture reviews
- Risk/threat assessments
- Definition of security requirements and application security best practices
- Automation of scanning tools (IBM Rational AppScan, Burp Suite, HP Fortify)
- Reporting and vulnerability management
- Static Code Analysis
- Technical consultancy and providing of expertise for internal departments and external partners
- Technical assistance to the incident management team and security operation center
Kabel Deutschland GmbH
| Application Security Specialist |
Dec 2012 - Sep 2015 |
- Penetration tests
- Web applications/services
- Mobile applications (Android, iOS)
- Vulnerability scanning
- Code / architecture reviews
- Risk/threat assessments
- Definition of security requirements and application security best practices
- Automation of scanning tools (IBM Rational AppScan, Burp Suite, HP Fortify)
- Reporting and vulnerability management
- Static code analysis
- Technical consultancy and providing of expertise for internal departments and external partners
- Technical assistance to the incident management team and security operation center
IBM Deutschland GmbH
| Working student |
Jun 2012 - Jun 2012 |
Research for my Bachelor final degree thesis “Technische Aspekte bei der Portierung einer Gebäudemanagement-Software“‘ (engl. “Technical aspects regarding the migration of a bulding management software”) done for IBM and a global player specialized on building management and automation.
DGI AG
| Working student |
Oct 2011 - Aug 2012 |
- Research work for seminar contents
- Penetration tests of own infrastructure
- Server hardening
- Web development using Drupal
VSP TU Berlin
| System Administrator |
Jun 2010 - Sep 2011 |
- Server / Network / RAID administration
- IT assistance / technical support for the students at the institute
- Expansion and support of internal IT infrastructure
VZnet Netzwerke Ltd.
| Full-Time Student Apprentice |
Apr 2009 - Sep 2009 |
- Worked as part of the internal IT security team
- Penetration tests
- Development of own in-house security scanner for web applications
- Code reviews
Golden Immobilo GmbH
| Full-Time Student Apprentice |
Sep 2008 - Feb 2009 |
- Resposible for the backend
- XML/XSD/XSLT/XQuery/XPath
- SQL / pgSQL / PostgreSQL / pgBash / Dynamic SQL
- DB / Server administration
