Experience

Ada Health

• Germany
• Hospitals and Health Care
• 200 - 300 Employee

• Senior Software Security Engineer

  • Feb 2021 - Present

  - Integrating open-source (mostly) and/or commercial DevSecOps tools (e.g. vulnerability dependency, software composition analysis, secret scanning, SAST, DAST, IaC compliance check, container security) - Implementing OWASP framework controls company-wide to ensure software meets security standards - Performing internal web, network, and mobile penetration tests - Managing and supporting external pentest projects - Conducting Threat Modelling sessions in shaping a secure… Show more - Integrating open-source (mostly) and/or commercial DevSecOps tools (e.g. vulnerability dependency, software composition analysis, secret scanning, SAST, DAST, IaC compliance check, container security) - Implementing OWASP framework controls company-wide to ensure software meets security standards - Performing internal web, network, and mobile penetration tests - Managing and supporting external pentest projects - Conducting Threat Modelling sessions in shaping a secure architecture through the software development life cycle plan/design phase - Administering the Bug Bounty and Vulnerability Disclosure Programs - Developing tools to enable teams to find issues during development and in CI/CD and supporting module teams to adopt - Supporting the GRC team in documenting policies and procedures to comply with ISO 27001, NIST CSF, HIPAA etc. - Supporting technical analysis (basically reverse engineering, log correlation, forensic analysis) on security incidents - Researching new attack methods and security countermeasures, to take proactive prevention - Helping shape processes and guidelines for secure code development, and carrying out code review through a security perspective - Extending security in the cloud environment - Developing automation to detect possible security misconfigurations Show less - Integrating open-source (mostly) and/or commercial DevSecOps tools (e.g. vulnerability dependency, software composition analysis, secret scanning, SAST, DAST, IaC compliance check, container security) - Implementing OWASP framework controls company-wide to ensure software meets security standards - Performing internal web, network, and mobile penetration tests - Managing and supporting external pentest projects - Conducting Threat Modelling sessions in shaping a secure… Show more - Integrating open-source (mostly) and/or commercial DevSecOps tools (e.g. vulnerability dependency, software composition analysis, secret scanning, SAST, DAST, IaC compliance check, container security) - Implementing OWASP framework controls company-wide to ensure software meets security standards - Performing internal web, network, and mobile penetration tests - Managing and supporting external pentest projects - Conducting Threat Modelling sessions in shaping a secure architecture through the software development life cycle plan/design phase - Administering the Bug Bounty and Vulnerability Disclosure Programs - Developing tools to enable teams to find issues during development and in CI/CD and supporting module teams to adopt - Supporting the GRC team in documenting policies and procedures to comply with ISO 27001, NIST CSF, HIPAA etc. - Supporting technical analysis (basically reverse engineering, log correlation, forensic analysis) on security incidents - Researching new attack methods and security countermeasures, to take proactive prevention - Helping shape processes and guidelines for secure code development, and carrying out code review through a security perspective - Extending security in the cloud environment - Developing automation to detect possible security misconfigurations Show less



PerZukunft

• Germany
• Staffing and Recruiting
• 1 - 100 Employee

• Information Technology Security Manager (IT-Sicherheitsmanager)

  • Dec 2019 - Feb 2021

  - Web application security assessments - Leading of product management team - SSDLC and Threat Modelling, contributing Software Development Team - Hands on securing Azure resources and virtual networks based on Zero-Trust approach. - Hands on DDoS mitigation, WAF policy/rule optimisation and monitoring - Research and solution providing for regulation/standard compliance for both developed products and internal ISMS process - Project Management for the development and… Show more - Web application security assessments - Leading of product management team - SSDLC and Threat Modelling, contributing Software Development Team - Hands on securing Azure resources and virtual networks based on Zero-Trust approach. - Hands on DDoS mitigation, WAF policy/rule optimisation and monitoring - Research and solution providing for regulation/standard compliance for both developed products and internal ISMS process - Project Management for the development and implementation of penetration tests - Protective measures, safety improvements for corporate network and web application Show less - Web application security assessments - Leading of product management team - SSDLC and Threat Modelling, contributing Software Development Team - Hands on securing Azure resources and virtual networks based on Zero-Trust approach. - Hands on DDoS mitigation, WAF policy/rule optimisation and monitoring - Research and solution providing for regulation/standard compliance for both developed products and internal ISMS process - Project Management for the development and… Show more - Web application security assessments - Leading of product management team - SSDLC and Threat Modelling, contributing Software Development Team - Hands on securing Azure resources and virtual networks based on Zero-Trust approach. - Hands on DDoS mitigation, WAF policy/rule optimisation and monitoring - Research and solution providing for regulation/standard compliance for both developed products and internal ISMS process - Project Management for the development and implementation of penetration tests - Protective measures, safety improvements for corporate network and web application Show less



CRYPTTECH - Cyber Security Intelligence

• Chief Technology Officer

  • Jun 2016 - Dec 2019

  Managing of Product Development Team. Contribution and management of SIEM (Security Information and Event Management), Log Management System, Authentication Systems, Endpoint Security, DLP/NLP, Network Security, Regulation Compliance, Malware Analysis, APT (Zero Day) Attacks Detections, Vulnerability Scanners, Availability/Security Monitoring software or modules as an on premise products. Moreover Cloud Base Logging, Cloud Base Captive Portal and Cyber Threat Intelligence software as a… Show more Managing of Product Development Team. Contribution and management of SIEM (Security Information and Event Management), Log Management System, Authentication Systems, Endpoint Security, DLP/NLP, Network Security, Regulation Compliance, Malware Analysis, APT (Zero Day) Attacks Detections, Vulnerability Scanners, Availability/Security Monitoring software or modules as an on premise products. Moreover Cloud Base Logging, Cloud Base Captive Portal and Cyber Threat Intelligence software as a service. Leading Security Team that realizes penetration tests, cyber security consultancy and security hardening for developed products. Technical Designing for newly developed modules or products. Prototype Testing with test team to collect quantitative, qualitative, and behavioral data while evaluating the user experience. Management of long-term projects (ISP, Government). Responsible for Technical Architectural Decisions, Opex/Capex calculations, Project Planning. Show less Managing of Product Development Team. Contribution and management of SIEM (Security Information and Event Management), Log Management System, Authentication Systems, Endpoint Security, DLP/NLP, Network Security, Regulation Compliance, Malware Analysis, APT (Zero Day) Attacks Detections, Vulnerability Scanners, Availability/Security Monitoring software or modules as an on premise products. Moreover Cloud Base Logging, Cloud Base Captive Portal and Cyber Threat Intelligence software as a… Show more Managing of Product Development Team. Contribution and management of SIEM (Security Information and Event Management), Log Management System, Authentication Systems, Endpoint Security, DLP/NLP, Network Security, Regulation Compliance, Malware Analysis, APT (Zero Day) Attacks Detections, Vulnerability Scanners, Availability/Security Monitoring software or modules as an on premise products. Moreover Cloud Base Logging, Cloud Base Captive Portal and Cyber Threat Intelligence software as a service. Leading Security Team that realizes penetration tests, cyber security consultancy and security hardening for developed products. Technical Designing for newly developed modules or products. Prototype Testing with test team to collect quantitative, qualitative, and behavioral data while evaluating the user experience. Management of long-term projects (ISP, Government). Responsible for Technical Architectural Decisions, Opex/Capex calculations, Project Planning. Show less



CryptTech Kripto Bilisim Teknolojileri

• Technical Solutions Manager

  • Jun 2011 - Jun 2015

  Leading Technical Support Team that provides technical meetings, Demos, PoC’s, trainings, maintenance, mail/call/ticket supports. 1000+ Enterprise, 3000+ End-user Local-Global Customers have been supported. Operations and Support Process Management for customers/partners of CRYPTTECH. Product development management for CRYPTOSIM(Security Information and Event Management), CRYPTOLOG (Log Management), UNITMON (Security Monitoring) and CRYPTOSPOT (Hotspot Management) softwares. Leading Technical Support Team that provides technical meetings, Demos, PoC’s, trainings, maintenance, mail/call/ticket supports. 1000+ Enterprise, 3000+ End-user Local-Global Customers have been supported. Operations and Support Process Management for customers/partners of CRYPTTECH. Product development management for CRYPTOSIM(Security Information and Event Management), CRYPTOLOG (Log Management), UNITMON (Security Monitoring) and CRYPTOSPOT (Hotspot Management) softwares.



Huawei

• Australia
• Renewable Energy Semiconductor Manufacturing
• 1 - 100 Employee

• Software Engineer

  • Oct 2009 - Dec 2010

  Project: Social Media Platform - Two months training and development in Nanjing/China (Java Developer; Spring, Struts, iBatis, JSP, Velocity) - Requirement Analysis and Design (Functional Reqirement Specification and API Specification Preperation) - Transcoding Technologies, Client Side Application Development and Tests (local Java, SOAP, http) - Functional and Performance Test, Client Side Development (RESTful Web Service, LoadRunner Scripting) Used Technologies, Platforms… Show more Project: Social Media Platform - Two months training and development in Nanjing/China (Java Developer; Spring, Struts, iBatis, JSP, Velocity) - Requirement Analysis and Design (Functional Reqirement Specification and API Specification Preperation) - Transcoding Technologies, Client Side Application Development and Tests (local Java, SOAP, http) - Functional and Performance Test, Client Side Development (RESTful Web Service, LoadRunner Scripting) Used Technologies, Platforms, Environments: J2EE, Eclipse, PLSQL, Glassfish, Jboss, Oracle, RHEL, SLES, Windows Show less Project: Social Media Platform - Two months training and development in Nanjing/China (Java Developer; Spring, Struts, iBatis, JSP, Velocity) - Requirement Analysis and Design (Functional Reqirement Specification and API Specification Preperation) - Transcoding Technologies, Client Side Application Development and Tests (local Java, SOAP, http) - Functional and Performance Test, Client Side Development (RESTful Web Service, LoadRunner Scripting) Used Technologies, Platforms… Show more Project: Social Media Platform - Two months training and development in Nanjing/China (Java Developer; Spring, Struts, iBatis, JSP, Velocity) - Requirement Analysis and Design (Functional Reqirement Specification and API Specification Preperation) - Transcoding Technologies, Client Side Application Development and Tests (local Java, SOAP, http) - Functional and Performance Test, Client Side Development (RESTful Web Service, LoadRunner Scripting) Used Technologies, Platforms, Environments: J2EE, Eclipse, PLSQL, Glassfish, Jboss, Oracle, RHEL, SLES, Windows Show less

• Information Security Engineer

  • Jun 2008 - Jun 2009

  Software Developer for Log Management System CryptoLOG, OSSIM Security Engineer Software Developer for Log Management System CryptoLOG, OSSIM Security Engineer