en
Senior Incident Responder
Ludwigshafen Chemicals producer
Schlagwörter
Skills
Penetration Testing, Red Teaming, Threat Intelligence-based Red Teaming, NATO Cyber Red Teaming, Vulnreability Scanning, Vulnerability Management, SAST, DAST, Static Source Code Analysis, Dynamic Source Code Analysis, Exploit Development
Projekthistorie
01/2019
-
12/2020
Ludwigshafen Chemicals producer (14 months)
Analysing security incidents / breaches / hacking attempts in an international 24/7 SOC
Incident Handling for Intrusions & APT attacks, IT/OT-systems
Training of new team members, assuring knowledge distribution within a 3-Tier work environment
Analysing security incidents / breaches / hacking attempts in an international 24/7 SOC
Incident Handling for Intrusions & APT attacks, IT/OT-systems
Training of new team members, assuring knowledge distribution within a 3-Tier work environment
05/2020
-
04/2020
Lead Security Researcher
Abu Dhabi
Abu Dhabi, undisclosed consulting agency (12 months+)
Leading a team of eight security specialists discovering (unknown) security vulnerabilities in
commonly used software such as What's App or Apple & Android platforms . Responsible for program
and personal development of the business unit. Rep
Leading a team of eight security specialists discovering (unknown) security vulnerabilities in
commonly used software such as What's App or Apple & Android platforms . Responsible for program
and personal development of the business unit. Rep
01/2014
-
04/2020
Penetration Tester
CSPI GmbH
* Facilitator for penetration testing engagements, working with pre- and post-sales business units to create an
understanding for penetration testing as a revenue stream within a MSSP Company
* Performing penetration tests of different types (web, mobile, infrastructure...)
understanding for penetration testing as a revenue stream within a MSSP Company
* Performing penetration tests of different types (web, mobile, infrastructure...)
01/2017
-
12/2018
Information Security Manager
Frankfurt am Main, German Investment Bank
Frankfurt am Main, German Investment Bank (8 months)
Process, Scope, Budgeting, and execution of penetration tests concerning internet-facing IT-assets
according to ISO 27001 / NIST Cybersecurity Framework
Process, Scope, Budgeting, and execution of penetration tests concerning internet-facing IT-assets
according to ISO 27001 / NIST Cybersecurity Framework
01/2012
-
12/2018
Penetration Tester, Consumer IoT Products
Vodafone Group Services GmbH
Member of an inhouse penetration testing project
* Penetration Testing of multiple iOS and Android applications as well as hardware devices such as GPS
trackers
* Development of custom exploits to demonstrate impact of discovered security vulnerabilities
* Penetration Testing of web & mobile applications as well as infrastructure in B2C / B2B environments
* Performing Penetration Tests according to best practices such as OWASP Top10 Web / Mobile
* Penetration Testing of multiple iOS and Android applications as well as hardware devices such as GPS
trackers
* Development of custom exploits to demonstrate impact of discovered security vulnerabilities
* Penetration Testing of web & mobile applications as well as infrastructure in B2C / B2B environments
* Performing Penetration Tests according to best practices such as OWASP Top10 Web / Mobile
06/2017
-
12/2017
Interim Application Security Officer
International Insurance Company
Step-In due to maternity leave, performing regular daily duties such as:
* Risk evaluation creation of security policies within a global a major transformation project concerning e.g. Red
Hat OpenShift / Amazon AWS IaaS platform, cloud-based Public Key Infrastructures
* Overhaul of Security Guidelines for software developers
* Day-to-day guidance on security policy implementation in serval IT-projects
* Risk evaluation creation of security policies within a global a major transformation project concerning e.g. Red
Hat OpenShift / Amazon AWS IaaS platform, cloud-based Public Key Infrastructures
* Overhaul of Security Guidelines for software developers
* Day-to-day guidance on security policy implementation in serval IT-projects
01/2015
-
01/2016
Subject Matter Expert Cybersecurity
DZ BANK AG
* (30%) Responsible for designing and executing a penetration testing program for critical IT-Assets in order
comply with company-wide information security policies as well as regulatory requirements
* Briefing / education of upper Management and board members on topics such as Ransomware, Darknet,
Distributed Denial of Service, usually in context of public events (i.e. DD4BC)
* Involved in dealing with inquiries from regulatory stakeholders such as ECB, Federal Reserve or Monetary
Authority of Singapore
* Elected single point of contact against inquiries from the company-wide information security office
* (30%) First Responder concerning digital forensics and incident analysis i.e. concerning active malware
incidents. Reverse Engineering of Malware in order to extract Indicators of compromise
* (30%) Sub-project lead concerning implementation of NIST Cyber Security Framework: Endpoint/WAF
* Member of the bank-wide IT-Software Architecture board, single point of contact for Cyber Security
comply with company-wide information security policies as well as regulatory requirements
* Briefing / education of upper Management and board members on topics such as Ransomware, Darknet,
Distributed Denial of Service, usually in context of public events (i.e. DD4BC)
* Involved in dealing with inquiries from regulatory stakeholders such as ECB, Federal Reserve or Monetary
Authority of Singapore
* Elected single point of contact against inquiries from the company-wide information security office
* (30%) First Responder concerning digital forensics and incident analysis i.e. concerning active malware
incidents. Reverse Engineering of Malware in order to extract Indicators of compromise
* (30%) Sub-project lead concerning implementation of NIST Cyber Security Framework: Endpoint/WAF
* Member of the bank-wide IT-Software Architecture board, single point of contact for Cyber Security
01/2014
-
12/2015
Penetration Tester, Consumer IoT Products
Postbank AG
Member of an in-house SIEM project
* Creation of ArcSight Use Cases & Dashboards to gain SOX compliance
* Onboarding of custom and mainframe applications into the bank's Application Security Monitoring Program
* Consulting/troubleshooting of existing ArcSight content e.g. Assets Inventory Dashboards or Infrastructure
Integration e.g., matching existing Change Tickets against Host Logins with Privileged Access
* Creation of ArcSight Use Cases & Dashboards to gain SOX compliance
* Onboarding of custom and mainframe applications into the bank's Application Security Monitoring Program
* Consulting/troubleshooting of existing ArcSight content e.g. Assets Inventory Dashboards or Infrastructure
Integration e.g., matching existing Change Tickets against Host Logins with Privileged Access
01/2014
-
01/2015
Consultant for Security Information & Event Management ( SIEM)
SecuInfra GmbH
* Creation of ArcSight Use Cases & Dashboards for a national bank to gain SOX compliance
* Consulting / troubleshooting of existing ArcSight content
* Consulting / troubleshooting of existing ArcSight content
01/2013
-
01/2014
Penetration Tester
Nruns professionals GmbH
* Developed a methodology for penetration tests of mobile applications
* Deployed in 5-15 days' penetration tests and reverse engineering projects across Europe
* Deployed in 5-15 days' penetration tests and reverse engineering projects across Europe
01/2011
-
12/2012
Software Engineer
Orbit GmbH
* Tasked with design and implementation of a Mobile Enterprise Application Platform (MEAP) within a SCRUM-
Team
* Implemented selected parts of the Security Development Lifecycle (SDLC) / DevSecOps into a continuous
integration pipeline
Team
* Implemented selected parts of the Security Development Lifecycle (SDLC) / DevSecOps into a continuous
integration pipeline
01/2009
-
01/2011
Student Associate Research & Development
SoftScheck GmbH
* Collaboration on multiple papers concerning threat modelling, fuzzing and securing supply chain management
* Research concerning systematically discovery of Zero Day-Exploits via Fuzzing
* Research concerning systematically discovery of Zero Day-Exploits via Fuzzing
Reisebereitschaft
Verfügbar in den Ländern
Deutschland
