Senior Test Automation Engineer / Pentester / SDET - Web, API, Embedded & Security Testing

5/2024 – 5/2026

Owned and led the internal security testing and penetration testing function, establishing repeatable processes for test planning, vulnerability validation, risk-based prioritization, reporting, remediation coordination and retesting.
• Owned and led the internal penetration testing and security validation function across web applications, APIs, cloud assets and infrastructure.
• Defined pentest scope, test approach, tooling, evidence standards and reporting structure for security testing activities.
• Planned, scoped and executed penetration tests across multiple web applications, APIs, cloud assets and externally exposed services.
• Designed security test scenarios covering authentication, authorisation, input validation, exposed services, insecure configurations, outdated components and externally reachable attack paths.
• Combined automated scanning with manual pentesting techniques to validate exploitability, reduce false positives and produce actionable findings.
• Assessed close to 1,000 infrastructure components, identifying and validating vulnerabilities across servers, endpoints, services, cloud assets, network exposure and security controls.
• Used Burp Suite, OWASP ZAP, AppCheck, Pentera, Nuclei, OpenVAS/GVM, Nmap, Metasploit, Tenable and Tanium to discover, reproduce, validate and document security defects.
• Designed and built a risk scoring platform to calculate organization-specific risk scores for vulnerabilities identified through scans, penetration tests and manual validation.
• Converted raw vulnerability findings into risk-based remediation priorities using organizational context, asset criticality, exposure, exploitability and business impact.
• Managed the vulnerability lifecycle from discovery and validation through prioritization, remediation coordination, retesting and closure.
• Produced detailed pentest reports with reproduction steps, affected assets, proof-of-concept evidence, impact analysis, risk rating and remediation guidance.
• Coordinated with application, infrastructure and security teams to retest fixes, verify remediation effectiveness and reduce recurring security defects.
• Established repeatable workflows for scanning, manual validation, defect reporting, risk scoring, retesting and vulnerability closure.

Tools: AppCheck, Pentera, Burp Suite, OWASP ZAP, Nuclei, OpenVAS/GVM, Nmap, Metasploit, Amass, Tenable/Nessus, Tanium, CrowdStrike Falcon NG-SIEM/SOAR/XDR, Microsoft Defender, Azure, Entra ID, AWS, Varonis, Rubrik, BeyondTrust, Wireshark.

Cyber Security Engineer

5/2023 – 5/2024

SDET role focused on web, API, backend, device and security-aware testing for television and media platforms. Role based in London, with full remote working possible.
• Designed and executed automated tests for backend services, APIs, web applications and connected TV products.
• Automated API and backend validation using Postman, BlazeMeter and custom Python/JavaScript scripts.
• Tested REST and GraphQL services for reliability, responsiveness, regression behaviour and security weaknesses.
• Automated web application testing using Cypress, Selenium, Playwright and Puppeteer.
• Integrated automated checks into Jenkins and GCP-based workflows to support continuous validation.
• Conducted API and web application security testing using Burp Suite, OWASP ZAP, Postman and Wireshark.
• Identified vulnerabilities including authentication flaws, injection points, misconfigurations and insecure backend behaviours.
• Supported Splunk-based logging, dashboards and alerting to improve observability, troubleshooting and security monitoring.

Tools: Python, JavaScript, Postman, BlazeMeter, Jenkins, GCP, REST, GraphQL, Cypress, Selenium, Playwright, Puppeteer, Burp Suite, OWASP ZAP, Wireshark, Splunk, Jira

Test Automation, Test Management

10/2022 – 10/2023

Remote freelance engagement for end customer Continental Automotive, delivered via Valantic GmbH, focused on automated validation of embedded ECU security and flashing workflows.
• Analysed ECU security test requirements and translated them into structured, traceable test specifications.
• Authored detailed test case descriptions and maintained requirements traceability in IBM DOORS.
• Automated validation of ECU flashing and OTA update workflows using Python, Robot Framework and Lauterbach PRACTICE.
• Developed automated checks focused on secure flashing, update robustness, diagnostic behaviour and repeatable embedded validation.
• Used Vector CANoe, ODIS, Wireshark and Lauterbach Debugger to validate embedded system behaviour and diagnose defects.
• Managed test execution, defect evidence, result analysis and technical reporting.
• Supported Agile/Scrum delivery using Jira and Confluence in a distributed remote environment.

Tools: Python, Robot Framework, Lauterbach PRACTICE, Lauterbach Debugger, Vector CANoe, ODIS, Wireshark, IBM DOORS, Jira, Confluence, Agile/Scrum

Cyber Security, Test Automation