IT cybersecurity professional with 3+ years in IoT and automotive security, CISSP and Security+ certified, seeking GRC and data privacy roles.
Aktualisiert am 02.03.2026
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 02.03.2026
Verfügbar zu: 100%
davon vor Ort: 100%
IT Cybersecurity
Risk Assessment
IT-Governance
English
Fluent
German
B1 (in Progress)
Japanese
JLPT N3 Certified (Intermediate level)
Hindi
Muttersprache
Marathi
Muttersprache

Einsatzorte

Einsatzorte

Deutschland
möglich

Projekte

Projekte

3 years 7 months
2021-07 - 2025-01

ISO/SAE 21434 aligned cyber risk assessments

Security & Privacy Specialist, Cybersecurity Analyst
Security & Privacy Specialist, Cybersecurity Analyst

  • Led ISO/SAE 21434 aligned cyber risk assessments (TARA) across critical vehicle systems, identifying and analyzing 40+ attack paths to evaluate technical risk exposure and control effectiveness.
  • Assessed cyber risk severity and likelihood by mapping attack paths to security weaknesses, enabling risk-informed prioritization of mitigation controls across the development lifecycle.
  • Translated complex technical risk findings into clear, actionable risk insights for engineering and supplier stakeholders, supporting data-driven security and design decisions.
  • Collaborated cross-functionally with internal teams and external suppliers to track risk treatment and remediation progress, ensuring alignment between identified risks, mitigations, and residual risk acceptance.
  • Developed and delivered structured cyber risk documentation and reports, improving risk transparency, traceability, and decision support for technical and non-technical stakeholders.

Continental Automotive Technologies GmbH
Regensburg, Germany
6 months
2020-07 - 2020-12

MASTER THESIS PROJECT

Thesis Topic: on request

  • Designed and developed a Digital-Twin-based Intrusion Detection System (IDS) using Docker for Industry 4.0 environments, improving real-time monitoring efficiency and anomaly detection accuracy by approximately 25%.
  • Simulated system behaviour to predict malicious processes, improving anomaly detection and enabling proactive threat response for connected sensor systems.
  • Automated threat detection and response workflows (IDS rule tuning) using Python, Shell scripting, and SQL for log analysis, and visualized system performance via Prometheus and Grafana dashboards; implementation available on GitHub.

Robert Bosch GmbH
Stuttgart (Renningen), Germany
3 years
2016-03 - 2019-02

Developed web-based UI platforms

Bilingual (Japanese - English) Application Developer
Bilingual (Japanese - English) Application Developer
  • Developed web-based UI platforms to improve performance and design consistency, translating Japanese specifications and implementing JavaScript modules to enhance functionality and user experience.
  • Collaborated on-site in Tokyo, Japan with cross-functional teams to align design standards and improve code quality, delivering reliable and scalable web solutions.
Fujitsu Consulting India
Pune, India
10 months
2015-06 - 2016-03

Java-based enterprise application development

Completed structured onboarding in Java-based enterprise application development, complemented by Japanese language and cultural training (JLPT N4) for effective cross-cultural collaboration.
Pune, India

Aus- und Weiterbildung

Aus- und Weiterbildung

5 months
2025-05 - 2025-09

PROFESSIONAL DEVELOPMENT & TRAINING

Cyber Security Bootcamp - Neuefische GmbH
Cyber Security Bootcamp - Neuefische GmbH
  • Completed an intensive cybersecurity training program to strengthen practical IT security and cyber risk assessment capabilities, applying hands-on offensive and defensive security assessment techniques across infrastructure security, vulnerability assessment, incident analysis, and security controls, and earning CompTIA A+, Security+ & CySA+ certifications.
  • Executed structured attack surface and vulnerability assessments in simulated enterprise environments, analyzing technical weaknesses, evaluating risk impact and likelihood, and delivering clear, decision-ready risk reports to support mitigation prioritization and security improvements.

Kompetenzen

Kompetenzen

Top-Skills

IT Cybersecurity Risk Assessment IT-Governance

Produkte / Standards / Erfahrungen / Methoden

Profile

Cybersecurity Analyst with 3+ years of experience assessing cyber risk across automotive and enterprise IT environments and translating security findings into clear risk insights for decision makers. Specializes in cyber risk assessment, attack surface analysis, and control effectiveness evaluation, with a strong focus on risk informed mitigation prioritization. Enables consistent security decision making by articulating risk clearly to technical and non-technical stakeholders in regulated environments through structured threat analysis. Brings international professional experience across Germany, Japan, and India, supporting strong security posture and risk-based digital transformation.


KEY SKILLS

  • Cyber Risk Assessment & Scenario-Based Risk Identification 
  • Impact Analysis & Evaluation 
  • Cyber Risk Quantification & Risk Exposure Modeling Support 
  • Control Effectiveness Assessment & Control Maturity Evaluation 
  • Residual Risk Analysis & Risk Treatment Planning 
  • Stakeholder Interviewing & Risk Communication 
  • ISO/IEC 27001 ISMS Implementation & NIST CSF Risk Framework Alignment 
  • Risk-Based Mitigation Prioritization & Enterprise Risk Reduction Strategy


TECHNICAL SKILLS

Information Security & Risk Management Cyber Risk Assessment 

  • Cyber Risk Scenario Identification 
  • Business Impact Analysis (BIA) 
  • Risk Quantification Support 
  • Risk Exposure Evaluation 
  • Risk Treatment Planning 
  • Risk-Based Mitigation Prioritization 
  • Security Control Effectiveness Assessment 
  • Control Maturity Evaluation 
  • Residual Risk Analysis 
  • Identity & Access Risk Analysis 
  • Risk Ownership & Escalation 
  • Security Policy & Control Documentation
  •  Incident Governance Documentation


Security Frameworks, Standards & Compliance

  • ISO/IEC 27001 ISMS Implementation 
  • NIST CSF Risk Alignment 
  • ISO/SAE 21434 
  • UNECE R155 
  • GDPR Compliance 
  • Control Framework Mapping 
  • OWASP Top 10 
  • Threat Modeling (STRIDE, TARA) 
  • MITRE ATT&CK Mapping


Security Operations & Incident Response

  • Incident Response Lifecycle Management 
  • Incident Governance 
  • Risk Impact Assessment 
  • Business Impact Evaluation 
  • Recovery Coordination 
  • Digital Forensics 
  • Evidence Handling 
  • Control Effectiveness Validation


Threat & Vulnerability Management

  • Vulnerability Risk Assessment (VAPT) 
  • CVSS Risk Scoring 
  • Risk-Based Prioritization 
  • Exploitability Analysis 
  • Asset-Centric Risk Analysis 
  • Remediation Validation 
  • Risk Reduction Tracking 
  • Control Gap Identification


Network, System & Platform Security

  • Access Control Governance 
  • Network Security Controls (TCP/IP, Firewalls, IDS/IPS, VPNs) 
  • Security Baseline Implementation 
  • Linux & Server Hardening 
  • Asset Monitoring 
  • Container Security (Docker)


Automation, Monitoring & Tooling

  • Security Automation (Python, PowerShell, Bash) 
  • Control Monitoring Automation 
  • Risk Alerting 
  • Log Analysis 
  • Continuous Control Monitoring 
  • Prometheus 
  • Grafana 
  • Nmap 
  • OpenVAS 
  • Autopsy 
  • Docker 
  • Kali Linux


Consulting and Collaboration 

  • Cyber Risk Advisory 
  • Stakeholder Interviewing 
  • Risk Workshop Facilitation 
  • Executive-Level Risk Communication 
  • Project Scoping & Delivery 
  • Stakeholder Management 
  • Cross-Functional Collaboration 
  • Cross-Cultural Collaboration 
  • Knowledge Transfer & Training Support 
  • Governance Documentation 
  • Control & Process Documentation 
  • Advisory Support 
  • Jira 
  • Git 
  • GitLab


SECURITY ENGAGEMENTS & LAB EXPERIENCE

  • Zero-Day Incident Response & Ransomware Recovery - Drove incident response for critical vulnerabilities (Log4Shell), determining business-impact risks and remediation priorities, including Python-driven ransomware recovery.
  • Vulnerability Assessment, Penetration Testing & Digital Forensics - Evaluated and validated high-risk security weaknesses (SQLi, XSS, weak credentials, SMB misconfigurations), prioritizing remediation through security and forensic findings.
  • Cybersecurity Governance, Risk & Compliance (GRC) Audit - Built ISO/IEC 27001 and NIST CSF-aligned control assessments and gap analyses, enabling audit readiness and enterprise compliance assurance.
  • Zero Trust Security Architecture Case Study - Designed an enterprise-scale Zero Trust architecture addressing identity-driven threats across cloud and on-premises environments, integrating data protection, OT constraints, and centralized detection and response.

Einsatzorte

Einsatzorte

Deutschland
möglich

Projekte

Projekte

3 years 7 months
2021-07 - 2025-01

ISO/SAE 21434 aligned cyber risk assessments

Security & Privacy Specialist, Cybersecurity Analyst
Security & Privacy Specialist, Cybersecurity Analyst

  • Led ISO/SAE 21434 aligned cyber risk assessments (TARA) across critical vehicle systems, identifying and analyzing 40+ attack paths to evaluate technical risk exposure and control effectiveness.
  • Assessed cyber risk severity and likelihood by mapping attack paths to security weaknesses, enabling risk-informed prioritization of mitigation controls across the development lifecycle.
  • Translated complex technical risk findings into clear, actionable risk insights for engineering and supplier stakeholders, supporting data-driven security and design decisions.
  • Collaborated cross-functionally with internal teams and external suppliers to track risk treatment and remediation progress, ensuring alignment between identified risks, mitigations, and residual risk acceptance.
  • Developed and delivered structured cyber risk documentation and reports, improving risk transparency, traceability, and decision support for technical and non-technical stakeholders.

Continental Automotive Technologies GmbH
Regensburg, Germany
6 months
2020-07 - 2020-12

MASTER THESIS PROJECT

Thesis Topic: on request

  • Designed and developed a Digital-Twin-based Intrusion Detection System (IDS) using Docker for Industry 4.0 environments, improving real-time monitoring efficiency and anomaly detection accuracy by approximately 25%.
  • Simulated system behaviour to predict malicious processes, improving anomaly detection and enabling proactive threat response for connected sensor systems.
  • Automated threat detection and response workflows (IDS rule tuning) using Python, Shell scripting, and SQL for log analysis, and visualized system performance via Prometheus and Grafana dashboards; implementation available on GitHub.

Robert Bosch GmbH
Stuttgart (Renningen), Germany
3 years
2016-03 - 2019-02

Developed web-based UI platforms

Bilingual (Japanese - English) Application Developer
Bilingual (Japanese - English) Application Developer
  • Developed web-based UI platforms to improve performance and design consistency, translating Japanese specifications and implementing JavaScript modules to enhance functionality and user experience.
  • Collaborated on-site in Tokyo, Japan with cross-functional teams to align design standards and improve code quality, delivering reliable and scalable web solutions.
Fujitsu Consulting India
Pune, India
10 months
2015-06 - 2016-03

Java-based enterprise application development

Completed structured onboarding in Java-based enterprise application development, complemented by Japanese language and cultural training (JLPT N4) for effective cross-cultural collaboration.
Pune, India

Aus- und Weiterbildung

Aus- und Weiterbildung

5 months
2025-05 - 2025-09

PROFESSIONAL DEVELOPMENT & TRAINING

Cyber Security Bootcamp - Neuefische GmbH
Cyber Security Bootcamp - Neuefische GmbH
  • Completed an intensive cybersecurity training program to strengthen practical IT security and cyber risk assessment capabilities, applying hands-on offensive and defensive security assessment techniques across infrastructure security, vulnerability assessment, incident analysis, and security controls, and earning CompTIA A+, Security+ & CySA+ certifications.
  • Executed structured attack surface and vulnerability assessments in simulated enterprise environments, analyzing technical weaknesses, evaluating risk impact and likelihood, and delivering clear, decision-ready risk reports to support mitigation prioritization and security improvements.

Kompetenzen

Kompetenzen

Top-Skills

IT Cybersecurity Risk Assessment IT-Governance

Produkte / Standards / Erfahrungen / Methoden

Profile

Cybersecurity Analyst with 3+ years of experience assessing cyber risk across automotive and enterprise IT environments and translating security findings into clear risk insights for decision makers. Specializes in cyber risk assessment, attack surface analysis, and control effectiveness evaluation, with a strong focus on risk informed mitigation prioritization. Enables consistent security decision making by articulating risk clearly to technical and non-technical stakeholders in regulated environments through structured threat analysis. Brings international professional experience across Germany, Japan, and India, supporting strong security posture and risk-based digital transformation.


KEY SKILLS

  • Cyber Risk Assessment & Scenario-Based Risk Identification 
  • Impact Analysis & Evaluation 
  • Cyber Risk Quantification & Risk Exposure Modeling Support 
  • Control Effectiveness Assessment & Control Maturity Evaluation 
  • Residual Risk Analysis & Risk Treatment Planning 
  • Stakeholder Interviewing & Risk Communication 
  • ISO/IEC 27001 ISMS Implementation & NIST CSF Risk Framework Alignment 
  • Risk-Based Mitigation Prioritization & Enterprise Risk Reduction Strategy


TECHNICAL SKILLS

Information Security & Risk Management Cyber Risk Assessment 

  • Cyber Risk Scenario Identification 
  • Business Impact Analysis (BIA) 
  • Risk Quantification Support 
  • Risk Exposure Evaluation 
  • Risk Treatment Planning 
  • Risk-Based Mitigation Prioritization 
  • Security Control Effectiveness Assessment 
  • Control Maturity Evaluation 
  • Residual Risk Analysis 
  • Identity & Access Risk Analysis 
  • Risk Ownership & Escalation 
  • Security Policy & Control Documentation
  •  Incident Governance Documentation


Security Frameworks, Standards & Compliance

  • ISO/IEC 27001 ISMS Implementation 
  • NIST CSF Risk Alignment 
  • ISO/SAE 21434 
  • UNECE R155 
  • GDPR Compliance 
  • Control Framework Mapping 
  • OWASP Top 10 
  • Threat Modeling (STRIDE, TARA) 
  • MITRE ATT&CK Mapping


Security Operations & Incident Response

  • Incident Response Lifecycle Management 
  • Incident Governance 
  • Risk Impact Assessment 
  • Business Impact Evaluation 
  • Recovery Coordination 
  • Digital Forensics 
  • Evidence Handling 
  • Control Effectiveness Validation


Threat & Vulnerability Management

  • Vulnerability Risk Assessment (VAPT) 
  • CVSS Risk Scoring 
  • Risk-Based Prioritization 
  • Exploitability Analysis 
  • Asset-Centric Risk Analysis 
  • Remediation Validation 
  • Risk Reduction Tracking 
  • Control Gap Identification


Network, System & Platform Security

  • Access Control Governance 
  • Network Security Controls (TCP/IP, Firewalls, IDS/IPS, VPNs) 
  • Security Baseline Implementation 
  • Linux & Server Hardening 
  • Asset Monitoring 
  • Container Security (Docker)


Automation, Monitoring & Tooling

  • Security Automation (Python, PowerShell, Bash) 
  • Control Monitoring Automation 
  • Risk Alerting 
  • Log Analysis 
  • Continuous Control Monitoring 
  • Prometheus 
  • Grafana 
  • Nmap 
  • OpenVAS 
  • Autopsy 
  • Docker 
  • Kali Linux


Consulting and Collaboration 

  • Cyber Risk Advisory 
  • Stakeholder Interviewing 
  • Risk Workshop Facilitation 
  • Executive-Level Risk Communication 
  • Project Scoping & Delivery 
  • Stakeholder Management 
  • Cross-Functional Collaboration 
  • Cross-Cultural Collaboration 
  • Knowledge Transfer & Training Support 
  • Governance Documentation 
  • Control & Process Documentation 
  • Advisory Support 
  • Jira 
  • Git 
  • GitLab


SECURITY ENGAGEMENTS & LAB EXPERIENCE

  • Zero-Day Incident Response & Ransomware Recovery - Drove incident response for critical vulnerabilities (Log4Shell), determining business-impact risks and remediation priorities, including Python-driven ransomware recovery.
  • Vulnerability Assessment, Penetration Testing & Digital Forensics - Evaluated and validated high-risk security weaknesses (SQLi, XSS, weak credentials, SMB misconfigurations), prioritizing remediation through security and forensic findings.
  • Cybersecurity Governance, Risk & Compliance (GRC) Audit - Built ISO/IEC 27001 and NIST CSF-aligned control assessments and gap analyses, enabling audit readiness and enterprise compliance assurance.
  • Zero Trust Security Architecture Case Study - Designed an enterprise-scale Zero Trust architecture addressing identity-driven threats across cloud and on-premises environments, integrating data protection, OT constraints, and centralized detection and response.

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.