Cyber Security Analyst, Penetration Tests, Source Code Audits, Cloud Security, Hardening Reviews, Vulnerability Assessments
Aktualisiert am 01.07.2025
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 01.07.2025
Verfügbar zu: 100%
davon vor Ort: 0%
Penetrationstest
Code-Analyse
IT-Security
Linux
Windows
AWS
Azure
PHP
Java
C#
C
Node.js
TypeScript
Windows Server
Python
Shell-Script
Unix
Go
Kubernetes
Cyber Security
German
Muttersprache
English
spoken and written

Einsatzorte

Einsatzorte

Plauen, Vogtland (+500km)
Deutschland
möglich

Projekte

Projekte

3 years 10 months
2021-09 - now

Performing of penetration tests and vulnerability assessments

Cyber Security Analyst
Cyber Security Analyst
  • Performing of penetration tests and vulnerability assessments
  • Source code audits
  • Verification of hardening measures
  • Review of security concepts and documentation
  • Verification of security measures in cloud environments
  • Scenario-based tests
2 years 5 months
2023-08 - 2025-12

Performing penetration tests

Cyber Security Analyst
Cyber Security Analyst
  • Performing penetration tests
  • Source code audits
  • Preparation of reports based on the identified vulnerabilities
  • General consultation on the topic of IT security
Remote
3 years 4 months
2022-09 - 2025-12

Configuration reviews of software and network services

Cyber Security Analyst
Cyber Security Analyst
  • Performing penetration tests
  • Source code audits
  • Verification of hardening measures
  • Configuration reviews of software and network services
  • Review of security concepts and documentation
  • Preparation of reports based on the identified vulnerabilities
  • General consultation on the topic of IT security
Remote
3 years 9 months
2019-04 - 2022-12

Planning, preparation, implementation, and documentation of penetration tests

Penetration Tester
Penetration Tester
  • Planning, preparation, implementation, and documentation of penetration tests, source code audits, forensic analyses, dynamic process, and static binary analyses
  • Development of automated security tests for Linux servers, written in Bourne Shell (incorrect ACLs, plaintext passwords in files, outdated software, incorrect privileges, configuration errors, etc.)
  • Analysis of processes, in-house and third-party software, on the servers (dynamic process analyses, configuration errors, etc.)
  • Source code analyses of Java, JavaScript, Python and PHP programs
  • Web application tests of Java, NodeJS, PHP, and static websites, as well as their APIs
  • Verifications and tests of newly developed or used software
  • Support other departments to ensure the general security standard of the software, and on the servers (Threat Modeling)
  • Reporting of security vulnerabilities
  • Automated creation of statistics on internal security vulnerabilities in a monthly and annual view using LATEXand Bourne Shell
  • Point of contact for server and software security, and general questions about IT security
  • Study support of a student for the practical and bachelor?s theses (Topic: Rowhammer attacks on Linux systems)
  • Development of strategies and processes (Risk Management, Workflows, etc.)
  • Development of tools to assist the team in day-to-day operations, e.g. tool for filtering the current and existing security vulnerabilities, etc
GK Software SE
5 months
2018-11 - 2019-03

Leading the Linux team

Product Manager ? Linux Kubernetes Cri-O Cilium
Product Manager ? Linux
  • Leading the Linux team
  • Development and planning of a container-based IT infrastructure with Kubernetes, Cri-O, Cilium, etc.
  • Hardening of container images
  • Maintenance of existing Linux systems
  • Creation of documentation
Kubernetes Cri-O Cilium
Helios IT Service GmbH
1 year 7 months
2016-08 - 2018-02

Development of automated security tests for Linux servers

Penetration Tester
Penetration Tester
  • Planning, preparation, implementation, and documentation of penetration tests, source code audits, forensic analyses, dynamic process, and static binary analyses
  • Development of automated security tests for Linux servers with automated reporting to the ticket system, written in Bourne Shell (incorrect ACLs, plaintext passwords in files, outdated software, incorrect privileges, configuration errors, etc.)
  • Analysis of processes, in-house and third-party software, on the servers (dynamic process analyses, configuration errors, etc.)
  • Source code analyses of Java, C, Python, and PHP programs
  • Web application tests of Java, PHP, and static websites, as well as their APIs
  • Verifications and tests of newly developed or used software
  • Support other departments to ensure the general security standard of the software, and on the servers (Threat Modeling)
  • Reporting of security vulnerabilities
  • Automated creation of statistics on internal security vulnerabilities in a monthly and annual view using LATEXand Bourne Shell
  • Implementation of a Nessus enterprise solution into the server landscape
  • Point of contact for server and software security, and general questions about IT security
Deutsche Post - E-Post Development GmbH
1 year 1 month
2015-02 - 2016-02

Administration of the department?s internal server structure

Penetration Tester C C# PHP ...
Penetration Tester
  • Planning, preparation, implementation, documentation, and presentation of penetration tests / source code analyses for a large customer base; e.g. banks, insurance companies, governments and SMEs
  • Regular customer contact in scope of projects
  • Penetration tests of external and internal network structures, websites, SCADA and wireless systems
  • Source code analyses of programs written in C, C#, PHP, Java, Perl, Python
  • Conducting awareness and programming trainings for ?Secure Programming? at customers
  • Building and planning of a SCADA project with a Siemens S7-1200 to simulate a hacker attack on railway track systems
  • Three-week professional assignment in the Middle East (Kuwait) with responsibility for a major project
  • Automation and creation of penetration test frameworks / tools for use at customers, written in Bourne Shell, C and Python
  • Administration of the department?s internal server structure
C C# PHP Java Perl Python
InfoGuard AG
1 year
2013-08 - 2014-07

Planning, preparation, implementation and documentation of penetration tests

Penetration Tester
Penetration Tester
  • Planning, preparation, implementation and documentation of penetration tests, source code, and forensic analyses
  • Blackbox/Whitebox tests of company-owned data centers, office networks, and web applications
  • Project accompanying the programming of company-owned Puppet modules with the help of threat modeling, source code analysis, security tests and general support
  • Project accompanying the company?s own Linux server images with the help of threat modeling, security tests and general support
  • Source code analysis of company-owned web application modules for the software OXID eShop Enterprise Edition
  • Creation of security policies for security relevant topics in IT security in LATEXwith the additional consideration of ISO-27001 and the BSI basic protection
  • Preparation and implementation of security workshops and training on the topic of ?Secure Server Systems?
  • Reporting of security vulnerabilities
SysEleven GmbH
1 year 3 months
2012-05 - 2013-07

Automation of security tests on Unix server systems

Penetration Tester Linux Solaris
Penetration Tester
  • Planning, preparation, implementation and documentation of penetration tests, source code, and forensic analyses
  • Blackbox/Whitebox tests of company-owned data centers, office networks, web applications, and kernel modules (Linux)
  • Automation of long-term security and stability tests against companyowned Linux kernel modules based on TCP/IP, UDP and ICMP
  • Automation of security tests on Unix server systems (Linux, Solaris, *BSD) using a self-developed Bourne Shell script
  • Project accompanying the self-programmed website of the company with the help of threat modeling, general support, source code analyses, and security tests
  • Creation of security policies for security relevant topics in IT security in LATEX
  • Preparation and implementation of security workshops and training with the topic ?Secure Programming?
  • Reporting of security vulnerabilities
Linux Solaris
Profitbricks GmbH

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2013-12 - 2013-12

FORENSICS - Computer Forensics for Companies

HACKATTACK
HACKATTACK
  • Forensic examination of Windows and Linux systems
  • Processing of information for law enforcement agencies

Position

Position

Cyber Security Analyst, Penetration Tester

Kompetenzen

Kompetenzen

Top-Skills

Penetrationstest Code-Analyse IT-Security Linux Windows AWS Azure PHP Java C# C Node.js TypeScript Windows Server Python Shell-Script Unix Go Kubernetes Cyber Security

Produkte / Standards / Erfahrungen / Methoden

Competencies:
  • Loyal 
  • Team-oriented 
  • Reliable 
  • Eager to learn 
  • Flexible
  • Dynamic


Skills/Experience:

IT Security

  • Source code analysis
  • Application security
  • Network security
  • System security of Windows and Linux server/client systems
  • General system, software, and network service hardening
  • Web application security following OWASP guidelines
  • In-depth penetration testing
  • Automation of security and stability tests
  • Exploit development
  • Reverse engineering
  • Malware development for penetration testing
  • Manual and automated fuzzing
  • Forensic analysis


Security Tools

  • Self-developed tools
  • Burp Suite
  • Nessus
  • Nmap
  • Metasploit
  • Ncat
  • etc.


Debuggers 

Self-developed debugger with 

  • ptrace
  • GDB
  • Strace
  • WinDBG
  • IDA
  • LLDB
  • Immunity


Other Tools 

  • Vim
  • VS Code
  • Visual Studio
  • KVM
  • VMWare
  • VirtualBox
  • Git
  • SVN
  • MS Office
  • Apache
  • Nginx
  • Tomcat
  • LATEX
  • Jenkins
  • Kubernetes
  • and more


Work experience:

2021 - today

Role: Cyber Security Analyst


2019 - 2022

Role: Penetration Tester

Customer: GK Software SE


2018 - 2019

Role: Product Manager - Linux

Customer: Helios IT Service GmbH


2016 - 2018

Role: Penetration Tester

Customer: Deutsche Post E-Post Development GmbH


2015 - 2016

Role: Security Consultant, Penetration Tester

Customer: Infoguard AG


2013 - 2014

Role:  Penetration Tester

Customer:  SysEleven GmbH


2012 - 2013

Role:  Penetration Tester

Customer: Profitbricks GmbH, today 1&1 IONOS


Internships:

05/2004 - 05/2004

Customer: Friesland College Leeuwarden


Tasks:

Activities within the scope of the project:

  • Automation of star-delta starting circuit for electric motors with a Siemens S7 PLC

Betriebssysteme

Linux
Windows
OsX
BSD
Solaris

Programmiersprachen

Go
Bourne Shell
PHP
Python
C
Rust
Java
Ruby
Perl
C#
Bash
PowerShell
Assembly Programming

Datenbanken

MySQL
PostgreSQL

Einsatzorte

Einsatzorte

Plauen, Vogtland (+500km)
Deutschland
möglich

Projekte

Projekte

3 years 10 months
2021-09 - now

Performing of penetration tests and vulnerability assessments

Cyber Security Analyst
Cyber Security Analyst
  • Performing of penetration tests and vulnerability assessments
  • Source code audits
  • Verification of hardening measures
  • Review of security concepts and documentation
  • Verification of security measures in cloud environments
  • Scenario-based tests
2 years 5 months
2023-08 - 2025-12

Performing penetration tests

Cyber Security Analyst
Cyber Security Analyst
  • Performing penetration tests
  • Source code audits
  • Preparation of reports based on the identified vulnerabilities
  • General consultation on the topic of IT security
Remote
3 years 4 months
2022-09 - 2025-12

Configuration reviews of software and network services

Cyber Security Analyst
Cyber Security Analyst
  • Performing penetration tests
  • Source code audits
  • Verification of hardening measures
  • Configuration reviews of software and network services
  • Review of security concepts and documentation
  • Preparation of reports based on the identified vulnerabilities
  • General consultation on the topic of IT security
Remote
3 years 9 months
2019-04 - 2022-12

Planning, preparation, implementation, and documentation of penetration tests

Penetration Tester
Penetration Tester
  • Planning, preparation, implementation, and documentation of penetration tests, source code audits, forensic analyses, dynamic process, and static binary analyses
  • Development of automated security tests for Linux servers, written in Bourne Shell (incorrect ACLs, plaintext passwords in files, outdated software, incorrect privileges, configuration errors, etc.)
  • Analysis of processes, in-house and third-party software, on the servers (dynamic process analyses, configuration errors, etc.)
  • Source code analyses of Java, JavaScript, Python and PHP programs
  • Web application tests of Java, NodeJS, PHP, and static websites, as well as their APIs
  • Verifications and tests of newly developed or used software
  • Support other departments to ensure the general security standard of the software, and on the servers (Threat Modeling)
  • Reporting of security vulnerabilities
  • Automated creation of statistics on internal security vulnerabilities in a monthly and annual view using LATEXand Bourne Shell
  • Point of contact for server and software security, and general questions about IT security
  • Study support of a student for the practical and bachelor?s theses (Topic: Rowhammer attacks on Linux systems)
  • Development of strategies and processes (Risk Management, Workflows, etc.)
  • Development of tools to assist the team in day-to-day operations, e.g. tool for filtering the current and existing security vulnerabilities, etc
GK Software SE
5 months
2018-11 - 2019-03

Leading the Linux team

Product Manager ? Linux Kubernetes Cri-O Cilium
Product Manager ? Linux
  • Leading the Linux team
  • Development and planning of a container-based IT infrastructure with Kubernetes, Cri-O, Cilium, etc.
  • Hardening of container images
  • Maintenance of existing Linux systems
  • Creation of documentation
Kubernetes Cri-O Cilium
Helios IT Service GmbH
1 year 7 months
2016-08 - 2018-02

Development of automated security tests for Linux servers

Penetration Tester
Penetration Tester
  • Planning, preparation, implementation, and documentation of penetration tests, source code audits, forensic analyses, dynamic process, and static binary analyses
  • Development of automated security tests for Linux servers with automated reporting to the ticket system, written in Bourne Shell (incorrect ACLs, plaintext passwords in files, outdated software, incorrect privileges, configuration errors, etc.)
  • Analysis of processes, in-house and third-party software, on the servers (dynamic process analyses, configuration errors, etc.)
  • Source code analyses of Java, C, Python, and PHP programs
  • Web application tests of Java, PHP, and static websites, as well as their APIs
  • Verifications and tests of newly developed or used software
  • Support other departments to ensure the general security standard of the software, and on the servers (Threat Modeling)
  • Reporting of security vulnerabilities
  • Automated creation of statistics on internal security vulnerabilities in a monthly and annual view using LATEXand Bourne Shell
  • Implementation of a Nessus enterprise solution into the server landscape
  • Point of contact for server and software security, and general questions about IT security
Deutsche Post - E-Post Development GmbH
1 year 1 month
2015-02 - 2016-02

Administration of the department?s internal server structure

Penetration Tester C C# PHP ...
Penetration Tester
  • Planning, preparation, implementation, documentation, and presentation of penetration tests / source code analyses for a large customer base; e.g. banks, insurance companies, governments and SMEs
  • Regular customer contact in scope of projects
  • Penetration tests of external and internal network structures, websites, SCADA and wireless systems
  • Source code analyses of programs written in C, C#, PHP, Java, Perl, Python
  • Conducting awareness and programming trainings for ?Secure Programming? at customers
  • Building and planning of a SCADA project with a Siemens S7-1200 to simulate a hacker attack on railway track systems
  • Three-week professional assignment in the Middle East (Kuwait) with responsibility for a major project
  • Automation and creation of penetration test frameworks / tools for use at customers, written in Bourne Shell, C and Python
  • Administration of the department?s internal server structure
C C# PHP Java Perl Python
InfoGuard AG
1 year
2013-08 - 2014-07

Planning, preparation, implementation and documentation of penetration tests

Penetration Tester
Penetration Tester
  • Planning, preparation, implementation and documentation of penetration tests, source code, and forensic analyses
  • Blackbox/Whitebox tests of company-owned data centers, office networks, and web applications
  • Project accompanying the programming of company-owned Puppet modules with the help of threat modeling, source code analysis, security tests and general support
  • Project accompanying the company?s own Linux server images with the help of threat modeling, security tests and general support
  • Source code analysis of company-owned web application modules for the software OXID eShop Enterprise Edition
  • Creation of security policies for security relevant topics in IT security in LATEXwith the additional consideration of ISO-27001 and the BSI basic protection
  • Preparation and implementation of security workshops and training on the topic of ?Secure Server Systems?
  • Reporting of security vulnerabilities
SysEleven GmbH
1 year 3 months
2012-05 - 2013-07

Automation of security tests on Unix server systems

Penetration Tester Linux Solaris
Penetration Tester
  • Planning, preparation, implementation and documentation of penetration tests, source code, and forensic analyses
  • Blackbox/Whitebox tests of company-owned data centers, office networks, web applications, and kernel modules (Linux)
  • Automation of long-term security and stability tests against companyowned Linux kernel modules based on TCP/IP, UDP and ICMP
  • Automation of security tests on Unix server systems (Linux, Solaris, *BSD) using a self-developed Bourne Shell script
  • Project accompanying the self-programmed website of the company with the help of threat modeling, general support, source code analyses, and security tests
  • Creation of security policies for security relevant topics in IT security in LATEX
  • Preparation and implementation of security workshops and training with the topic ?Secure Programming?
  • Reporting of security vulnerabilities
Linux Solaris
Profitbricks GmbH

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2013-12 - 2013-12

FORENSICS - Computer Forensics for Companies

HACKATTACK
HACKATTACK
  • Forensic examination of Windows and Linux systems
  • Processing of information for law enforcement agencies

Position

Position

Cyber Security Analyst, Penetration Tester

Kompetenzen

Kompetenzen

Top-Skills

Penetrationstest Code-Analyse IT-Security Linux Windows AWS Azure PHP Java C# C Node.js TypeScript Windows Server Python Shell-Script Unix Go Kubernetes Cyber Security

Produkte / Standards / Erfahrungen / Methoden

Competencies:
  • Loyal 
  • Team-oriented 
  • Reliable 
  • Eager to learn 
  • Flexible
  • Dynamic


Skills/Experience:

IT Security

  • Source code analysis
  • Application security
  • Network security
  • System security of Windows and Linux server/client systems
  • General system, software, and network service hardening
  • Web application security following OWASP guidelines
  • In-depth penetration testing
  • Automation of security and stability tests
  • Exploit development
  • Reverse engineering
  • Malware development for penetration testing
  • Manual and automated fuzzing
  • Forensic analysis


Security Tools

  • Self-developed tools
  • Burp Suite
  • Nessus
  • Nmap
  • Metasploit
  • Ncat
  • etc.


Debuggers 

Self-developed debugger with 

  • ptrace
  • GDB
  • Strace
  • WinDBG
  • IDA
  • LLDB
  • Immunity


Other Tools 

  • Vim
  • VS Code
  • Visual Studio
  • KVM
  • VMWare
  • VirtualBox
  • Git
  • SVN
  • MS Office
  • Apache
  • Nginx
  • Tomcat
  • LATEX
  • Jenkins
  • Kubernetes
  • and more


Work experience:

2021 - today

Role: Cyber Security Analyst


2019 - 2022

Role: Penetration Tester

Customer: GK Software SE


2018 - 2019

Role: Product Manager - Linux

Customer: Helios IT Service GmbH


2016 - 2018

Role: Penetration Tester

Customer: Deutsche Post E-Post Development GmbH


2015 - 2016

Role: Security Consultant, Penetration Tester

Customer: Infoguard AG


2013 - 2014

Role:  Penetration Tester

Customer:  SysEleven GmbH


2012 - 2013

Role:  Penetration Tester

Customer: Profitbricks GmbH, today 1&1 IONOS


Internships:

05/2004 - 05/2004

Customer: Friesland College Leeuwarden


Tasks:

Activities within the scope of the project:

  • Automation of star-delta starting circuit for electric motors with a Siemens S7 PLC

Betriebssysteme

Linux
Windows
OsX
BSD
Solaris

Programmiersprachen

Go
Bourne Shell
PHP
Python
C
Rust
Java
Ruby
Perl
C#
Bash
PowerShell
Assembly Programming

Datenbanken

MySQL
PostgreSQL

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.