Schlagwörter
Skills
Technical Skills and Competencies
- Programming skills: Python, PowerShell, Ruby, JavaScript, Shell script, C#, (T-)SQL.
- System administrator level in Windows and UNIX-like operating systems.
- Practical knowledge in common penetration testing, vulnerability assessment, incident response, and IT forensics tools (including but not limited to Metasploit, Burp suite Pro, Nessus, Qualys, McAfee VM, Netsparker, nmap, Nikto, sqlmap, john, aircrack-ng, Redline, Kansa, FTK, Sleuthkit, Volatility, etc.).
- Practical knowledge in network and system security technologies (switches, routers, firewalls, proxies, VPNs, NIDS, SIEM, logging, antivirus, endpoint protection solutions, etc.).
- Experience with the following products: Trend Micro Deep Security, Trend Micro OfficeScan, Sophos UTM, Palo Alto Networks, FortiGate (FortiManager, FortiAnalyzer), Splunk, Security Onion (Snort, Suricata, Bro, Squil, Squert, ELK, ElastAlert), Elastic Stack (Beats, Elasticsearch, Logstash, Kibana), CISCO Sourcefire, Thycotic Secret Server.
- Practical knowledge of OWASP, OSSTMM, PTES frameworks and in ISO 27001.
- GIAC/SANS: MGT305, GSEC (SEC401), SEC455, GCFE (FOR500), GCED (SEC501), GCIA (SEC503), GCIH (SEC504) GMON (SEC511), SEC524, DEV534, DEV540, SEC545, SEC546, GCDA (SEC555), GNFA (FOR572), GPYC (SEC573), GMOB (SEC575), SEC579.
- Offensive Security: OSCP, OSWP.
- Cloud Security Alliance: Certificate of Cloud Security Knowledge (CCSK).
- eLearnSecurity: eCPPT Gold, eMAPT, eNDP.
- EC-Council: Certified Ethical Hacker (CEH).
- SecurityTube/Pentester Academy: SecurityTube iOS Security Expert (SISE).
- Applied Network Defense: ELK for Security Analysis, Bro Scripting, Intrusion Detection with Suricata, Osquery for Security Analysis, Effective Information Security Writing.
- Sophos Certified Architect (UTM), Sophos Certified Engineer (UTM, Web Protection).
- Palo Alto Networks: Accredited Configuration Engineer (ACE).
- QualysGuard Certified Specialists (QGCS).
- Security Onion: 101 - Intro to Security Onion, 201 - Best Practices for Standalone Production Sensors, 202 - Case Studies, 301 - Best Practices for Distributed Deployments.
- CIRCL: Malware Information Sharing Platform (MISP) training, Analysis of Information Leaks (AIL) training.
- TrendMicro OfficeScan 11 training.
- Driver's license (category B), Amateur radio (level A).
Projekthistorie
Research Institute
Designed and implemented the security monitoring solution for Windows endpoints. This included the configuration of audit policies, windows event forwarding, the creation of Sysmon configurations and the configuration of Winlogbeat and ELK.
Product Assessment Company
Performed comparative security assessment of three cloud-based web application firewall products. The project also included the creation of the test environment in Amazon Web Services using Docker images.
European Union Institution
Performed security monitoring, incident response, threat intelligence and security configuration reviews.
Telecommunication Company
Started the vulnerability and patch management program, performed security monitoring and incident response, management of firewalls and validation of architectural designs from a security standpoint in a highly virtualized environment. Implemented and rolled out a password management solution.
European Union Institution
Started the vulnerability management program, performed vulnerability assessments, penetration tests and security configuration reviews.
Financial Institutions
Participated in numerous vulnerability assessments, network, web, mobile and binary application penetration tests against the client's Internet banking system. Performed social engineering exercises on physical security and configuration reviews on operating systems and database systems.
Car Manufacturer
Performed binary application testing of applications written in C/C++ and C#. Participated in the configuration reviews of Progress OpenEdge database systems, Linux and AIX servers.
Insurance Company
Designed and implemented an automated testing and reporting solution for the client to perform policy compliance checks according to the company’s security standards.
Insurance Company
Designed and implemented an automated verification and reporting solution for passwords auditing, written in Python and using free/open source tools.
Designed and implemented the security monitoring solution for Windows endpoints. This included the configuration of audit policies, windows event forwarding, the creation of Sysmon configurations and the configuration of Winlogbeat and ELK.
Product Assessment Company
Performed comparative security assessment of three cloud-based web application firewall products. The project also included the creation of the test environment in Amazon Web Services using Docker images.
European Union Institution
Performed security monitoring, incident response, threat intelligence and security configuration reviews.
Telecommunication Company
Started the vulnerability and patch management program, performed security monitoring and incident response, management of firewalls and validation of architectural designs from a security standpoint in a highly virtualized environment. Implemented and rolled out a password management solution.
European Union Institution
Started the vulnerability management program, performed vulnerability assessments, penetration tests and security configuration reviews.
Financial Institutions
Participated in numerous vulnerability assessments, network, web, mobile and binary application penetration tests against the client's Internet banking system. Performed social engineering exercises on physical security and configuration reviews on operating systems and database systems.
Car Manufacturer
Performed binary application testing of applications written in C/C++ and C#. Participated in the configuration reviews of Progress OpenEdge database systems, Linux and AIX servers.
Insurance Company
Designed and implemented an automated testing and reporting solution for the client to perform policy compliance checks according to the company’s security standards.
Insurance Company
Designed and implemented an automated verification and reporting solution for passwords auditing, written in Python and using free/open source tools.
Reisebereitschaft
Verfügbar in den Ländern
Ungarn
Greater Region of Luxembourg is preferred, but travel is possible for shorter (2 weeks max.) projects.
