Penetration Tester / IT-Security Expert

1/2021 – 12/2023

- Tracking the current penetration test status of all applications
- Tracking and expanding the scope of the applications according to requirements (regulatory and internal)
- Creating a plan for carrying out the tests with external service providers
- Coordination of the penetration test service providers
- Creation of all relevant penetration test documents:
o Standard (Tier 3) and Guideline (Tier 4)
o Scoping, deviation sheet and documentation
- Design and implementation of the workflow tool for conducting the tests with all stakeholders
- Design of the reporting standard (PDF & CSV) with interface definition
- Design of the remediation architecture and responsibilities
- Regular status calls with all stakeholders
- High risk finding handling & coordination

IT-Strategieberatung, IT Sicherheit (allg.)

1/2019 – 12/2020

- Vulnerability analysis & root cause analysis
- Tool design & development (C#) for automated processing of vulnerability data (e.g. Nessus)
o Removal of false positives
o Enrichment of report data with identified applications, servers and responsible parties
o Identifying vulnerabilities and adjusting the risk assessment
o Summary of duplication
o Setting up the interface for the internal ticket system
- SME for vulnerability analysis and problem cases for penetration test findings

IT-Strategieberatung, IT Sicherheit (allg.)

3/2015 – 12/2018

- Coordination of penetration test service providers
- Planning and monitoring the implementation of approx. 100 penetration tests p.a.
- Regular status calls with all stakeholders
- Report processing
- High risk finding handling & coordination

It-Beratung, IT Sicherheit (allg.)