Cyber Security Consultant

1/2022 – offen

As a Consultant I am improving the SOC matuarity level of the second largest bank in Germany. In order to monitor suspicious actvities inside the network I am focusing on connecting new Log-Sources to the Security Information and Event Management Solution (SIEM) IBM QRadar. The integration includes cloud services, applications, network devices and endpoints (Windows and Linux). Based on the incoming events from various systems and the MITRE ATT&CK matrix I am defining and implementing new rules to identify attackers movements in early stages. With the help of Incident Response (IR) threat reports and Cyber Threat Intelligence (CTI) we are analyzing the attackers capabilities and emulate the attack campaign in order to strengthen the defense.

Incident Management, Cyber Security Practitioner (CSP), Cyber Security, Microsoft Azure

9/2021 – 3/2022

In my position as a Frontend Lead Developer I am designing and implementing the frontend architecture of a Quality Management Tool for a car manufacturer. I’m continously evaluating the code quality for a sustainable development without any vulnerabilities.

Amazon Web Services (AWS), Angular, Docker, Git, Jenkins, NginX, SCRUM, Spring

8/2018 – offen

My responsibilities within AIRNET are primarily to lead the development of an Intelligence-driven Threat Hunting Platform prototype. This includes the consolidation of various Cyber Security frameworks like MITRE ATT&CK, Structured Threat Intelligence Expression Language (STIX 2.1) and The Diamond Model for Intrusion Analysis into common Web-Frameworks and technologies. Build best practices, Microservice architecture plans, scalable and generic code components are my daily tasks.
In addition to the above I’m working with following frameworks and technologies:
• Integration with SOAR, SIEM and EDR platforms
• Incident Response and Detection Use Case development with IBM Qradar and Resilient
• Logsource connections with PCAP and Sysmon (Firewall, Linux, Windows)
• Development of Named Entity Recognition (NER) with Tensorflow (AI)
• Flask (Python)
• Angular (6,7,8,10,12)
• Javascript, d3.js, HTML 5 Boilerplate Framework
• Kafka
• ELK-Stack
• PostgreSQL
• NGINX
• Docker
• DevOps (CI/CD)
• Deployment of NEXUS and Gitlab with CI/CD pipelines

As cloud adoption is expected to be the main deployment model in future, my expertise covers all around containerization and Microservices architecture development.
During the development of the prototype I have gained a lot of knowledge about Cyber Threat Intelligence (CTI). This includes commercial CTI from vendors like Recorded Future and Open-Source CTI from platforms like MISP, which is a well-established platform in the open source CTI community.

Angular, Docker, elasticSearch, Git, JavaScript, Kafka, Projektleitung / Teamleitung (IT), Projektmanagement (IT), Python, SCRUM, SQL