Conducting penetration tests on web/mobile apps, APIs, cloud environments, enterprise systems, and embedded devices for medium to large clients in the mobility sector. Involved throughout the entire process, including customer consultation, proposal preparation, project planning, assessment execution, detailed technical reporting, and providing remediation advice on both strategic and technical levels.
Performed manual source code audits in C, C++, Java/Kotlin, and JavaScript, with a focus on identifying vulnerabilities in security-critical components and recommending improvements. Expertise ranges from low-level authentication mechanisms in resource-constrained embedded systems to validation and quality-of-service (QoS) checks in protocol-rich application-layer systems with fundamentally different architectures and use cases.
Managed penetration testing and security consulting projects for medium-sized and large clients. Led multi-member project teams, coordinated subcontractors, ensured quality assurance, and maintained effective communication with stakeholders throughout the project lifecycle.
Topic lead for an internally developed automotive security Capture-the-Flag (CTF) workshop. Responsible for both strategic and technical development, including customer acquisition, planning, and hands-on delivery of workshops.
Provided consulting and training services for security testing in accordance with ISO/SAE 21434 and UNECE R155/R156 standards.
Enhanced a password-cracking platform based on Hydra and John the Ripper with features like automatic hash identification, optimized configurations, intelligent wordlist/rule selection, result visualization, and performance improvements.
Red teaming campaign for a critical infrastructure client, including the execution of a spear phishing operation to achieve initial compromise.
For my bachelor's thesis, I worked on a device to simplify the forensic process of disk imaging. The goal was to convert an inexpensive and portable single-board computer into a performant and reliable forensic duplicator.
Creating risk assessments and security concepts as Security Manager in Process (SMP) in the automotive context. Working as Software Developer mainly on Java backend components.