Ismail Özer
Cyber Security Engineer
Experience
Security Engineer
HOLON GmbH
- Main contact for product cyber security within the product domain (vehicle) across the full product lifecycle
- Consulting and implementation of ISO 21434 Cybersecurity – Road Vehicles and UNECE R155 CSMS, building an internal security process, OT security/production processes and security, setting up an ISMS, providing expert support for TARAs
- Active support in system or software development at system level, security by design, off-board subsystems (microcontroller/embedded systems, infotainment, cloud, telematics, key management, HSM, etc.), vulnerability management, attack vectors and exploits in cross-functional agile teams and systems engineering (PreeVision), cyber resilience
- Technical support in functional safety (ISO 26262), Polarion, JIRA easeRequirements (addon)
Security Manager/Engineer
MOIA GmbH
- Responsible for product cyber security / Team lead for cybersecurity / main contact within the product domain (vehicle) across the full product lifecycle
- Creating a security plan for projects in compliance with regulations (UN R155/R156, ISO 21434), building an internal security process, security case for the product
- Active support in system or software development at system level, off-board subsystems (microcontroller/embedded systems, V2C, MaaS, telematics, KMS, authentication/AAA, etc.) in cross-functional agile teams
- Planning and conducting security testing activities/TARA creation, pentests/penetration tests at backend/ECU level (including external and internal interfaces, gateway/network communication, telematics infrastructure, Linux server environment, risk management, etc.)
- Performing and orchestrating secure coding reviews in line with security coding guidelines (MISRA, SEI CERT C++, AUTOSAR C++, Polarion, Codebeamer, Yocto, etc.)
- Technical support in the cross-functional area of functional safety (ISO 26262, SOTIF)
SOC-Engineer
BDK Bank GmbH
- Cyber security operations lead – vulnerability and patch management, data loss prevention (DLP), network traffic analysis at packet level, risk management, penetration testing, AWS security services (Inspector, Security Hub, GuardDuty, CloudTrail), CERT notifications, EDR alerts
- Operation, maintenance and optimization of SIEM security solutions in the corporate network/systems
- Infrastructure and cyber resilience in data centers and cloud environments, including TCP/IP networks and network security, operating systems, virtualization, middleware and databases, on-premise and cloud operations
- SOC team support, monitoring security events in deployed solutions (antivirus, EDR, DLP, IPS/IDS, open source, etc.)
- Detection, qualification and categorization of security incidents, setting up incident management
- Monitoring compliance with security policies, compliance guidelines and KPIs
Security Engineer
Pininfarina GmbH
- Process consulting and analysis in the area of cybersecurity regarding documentation, quality and compliance with legal requirements, TARA documentation
- Reviewing and evaluating security concepts (focus on OT security) within ISO 27001/ISO/SAE 21434 standards
- Security analysis of external and internal interfaces, defining attack probabilities and risk assessment
- Designing and re-evaluating the ISMS/CSMS in coordination with Tier-1 stakeholders, interface communication
- Evaluating technical security considering pentest results, deriving and adjusting security activities based on best practices (e.g. OWASP)
Security Owner
Porsche AG
- Central contact / cybersecurity manager & lead in the developing department for product security under UNECE regulations R155, R156 (WP29), ISO/SAE 21434, close coordination with departments, suppliers and stakeholders
- Further development of security relevance assessment, risk analysis/TARA, security concepts for control units/ECUs and translating them into security requirement specifications
- Security engineering processes and analysis of control units/ECUs at CAN/LIN/Ethernet/FlexRay level, JTAG, UART, OT security, embedded systems, microcontrollers, evaluating risk scenarios, threat analysis of attack vectors/CVEs, project management
- Planned execution and documentation of risk and threat analyses (TARA), cyber resilience, ensuring compliance with guidelines and standards
- Aligning security requirements (SOK/SecOC, SFD, FDS, RFS, etc.) with suppliers and stakeholders, approval of security requirement specs and test concepts
- Conducting and planning functional security tests/pentests (fuzz testing), change management, reporting
- Review planning and control, security sample tests with suppliers, verification for functionality confirmation, Polarion requirements, security approvals
Security Consultant/Penetration Tester
PwC GmbH
Technical risk analysis and assessment of mobile health applications within the Gematik project for the electronic patient record (ePA) to ensure GDPR compliance
Analysis of data protection risks/DPIA and technical measures (TOMs), evaluation of cryptographic procedures, authentication and API security
Support in implementing Privacy by Design through code reviews (C++/Java) to ensure secure implementations (Secure Coding)
Investigation of security vulnerabilities in mobile development (OWASP Top 10, BSI Basic Protection, WSTG, open source libraries), API hacking, bypass techniques, authentication methods, analysis of cryptographic methods, risk management, threat modeling
SOC-Engineer
Machinery Company
Administration, monitoring, analysis and customization of the company-wide SIEM application in the Security Operation Center (L1/L2 support) for MS Azure Sentinel, MS Cloud App Security, MS Defender 365, ATP, threat modeling
Creation and customization of security queries, alerts, predefined rules and use cases, vulnerability analysis, anomaly detection, incident response, malware analysis and monitoring
Cloud log management, log evaluation, risk management and increasing detection rates of successful cyber attacks
Creation of security reports, detailed incident analyses, threat hunting, system/network hardening and process improvements
SOC Security Engineer
Allianz Technology SE
Administration, monitoring and customization of the SIEM application (L1/L2 support, Azure Sentinel, ArcSight)
Threat intelligence, threat hunting and threat modeling – development and customization of queries, use cases, STRIDE, MITRE ATT&CK analyses, vulnerability analysis, anomaly detection and reporting
Integration of additional log/event sources, alignment with public cloud/DevOps teams (AWS Security, MS Azure/Sentinel), development of best practices according to ISO 27001
Creation of security reports and cloud security policies (AWS Well-Architected Framework, SANS Cloud Architecture Policies)
Security Engineer
Cymotive Technologies
Development of test specifications for test procedures, equipment, and conditions to assess the performance and safety of vehicles or vehicle components
Definition of acceptance criteria for corporate regulations and industry standards in the automotive sector (VW Group)
Creation of the acceptance test plan and test cases for the product
Support in reviewing and validating tests with internal and external teams
OT Security Engineer
Vaillant DE
Development and implementation of a security architecture/ISMS according to ISO 27001 & BSI Basic Protection for the company's product portfolio
Creation of product security test cases according to IEC 62443 and test specifications for current cyber threats for enterprise applications (web/mobile), Polarion, risk management, and embedded systems (IoT)
Development of comprehensive security controls and cloud security principles (AWS Well-Architected Framework, SANS Cloud Architecture Principles, threat modeling)
Analysis and adjustment of the IT cloud strategy (MS Azure) regarding cybersecurity architecture and product roadmap
Security Engineer
Big Dutchman International
Security review and penetration testing of a large web application including IT/cloud/production infrastructure (OT Security)
Finding vulnerabilities based on the OWASP Top 10, risky code implementations in C# and React, threat modeling, static code analysis
As-is/to-be analysis for security hardening, CIS benchmark of Kubernetes clusters/MS Azure environment, load balancer, API/IoT security, Linux security and pipeline security
Final presentation and training/awareness for the team
Security Engineer
ApoBank
AWS penetration test and vulnerability analysis of an email application and servers for a banking company
Analysis of server configuration, reducing maintenance efforts and possible attack methods, business continuity management and risk management
Threat modeling and security level analysis considering IT architecture (L1, L2)
Checking for phishing attacks and malicious email attachments
Final reporting with findings and best practices including data encryption, principle of least privilege, access restrictions, use of multi-factor authentication and TLS
Penetrationtester
ApoBank
Penetration test and analysis of the web application based on the OWASP Top 10 for web apps
Checking the network environment for misconfigurations
Vulnerability analysis of the server infrastructure
Evaluation of web technologies, update/patch management, input validation and sanitization
Separation of test and production environments, restrictive firewall traffic and API access restrictions
Data Engineer
CYKEN GmbH
Designing a detection engine to identify network anomalies using data mining and deep learning, threat modeling, machine learning techniques (Python, Keras)
Detection and analysis of malware and malicious programs, implementation of an early warning system
Front-end development of a dashboard as an incident event manager similar to a SIEM application
Data Engineer
Dentsu Aegis Network
System administration of a data warehouse service on AWS Redshift for a global media company
Design, data management and development with SQL
Creating business reports in an AWS cloud/Linux environment
Strategic realignment and process automation
Use of AWS Redshift, Visual Studio, Aginity, cloud security, dashboard development, ETL, KPI analysis and requirements engineering
Penetration Tester
Penetration testing and internal security analysis of a cloud application, threat modeling & hunting, network and system hardening
Vulnerability analysis of a web application according to OWASP Top 10
Reviewing security configurations, compliance, and access controls
Network penetration tests for Windows and Linux machines
Implementation of ACLs, authorization mechanisms, firewall rules, and IP address restrictions
Systems Engineer
Eickhoff Maschinenfabrik
Leading the administration and development of a web portal for industrial plants
Assessing IT security risks and continuously improving security processes in production
Implementing update and patch management, access management, and OT security
API development with IFS FSM and frontend development with Telerik AJAX
Web security auditing, incident management, vulnerability analysis according to OWASP Top 10 and BSI IT-Grundschutz
Using Windows Server 2016, MS SSRS, Power BI, Active Directory, and agile project methods
Summary
- Extensive experience in cyber and product security: Several years working in security-critical, industry-related environments, e.g. transport, automotive and mechanical engineering
- Expertise in secure system architecture: Planning, implementation and monitoring of security measures, especially in complex distributed infrastructures (data centers, 5G networks, vehicle telematics, etc.)
- Compliance & standards: Experienced with EU, UN (ECE) and national security requirements; familiar with IEC 62443-4-2 (OT Security), ISO/SAE 21434 (Vehicle Security), UNECE R155 (CSMS), ISO 27001 (ISMS), BSI, NIST, CVEs, etc.
- SOC / SIEM / risk & vulnerability management: Incident detection & response, system monitoring, threat analysis, conducting TARA, pentesting, fuzz testing, and using SIEM and SOAR solutions for early detection and defense against threats
- Interdisciplinary collaboration: Close cooperation with international teams, clients and authorities; able to integrate requirements from different domains (automotive, mechanical engineering, aerospace)
- Flexibility & commitment: Willingness for EU-SECRET security clearances, on-site presence and travel as needed
Skills
Security & Compliance
- Burp Suite, Nessus, Nmap, Metasploit, Wireshark, Splunk, Fidelis Cybersecurity, Ms Azure Sentinel / Windows Defender Suite, Cryptography (Pki, Rsa, Aes), Owasp Top 10, Iso 27001, Unece R155 / 156, Nist, Bsi It Baseline Protection, Openssl, Mitre Framework, Stride, Cis Benchmarks, Aws, Sans Cloud
Scripting & Networking
- Python, Bash, Javascript, Xml, Sql, Aws Redshift/ec2/s3/cloudtrail/cloudwatch/security Hub/guardduty, Ms Azure, Docker, Aks (Azure Kubernetes Service), Windows Server 2012/2016, Kali Linux, Tcp/ip, Ethernet, Tls, Dhcp, Dns, Lan, Ieee 802.11, Azure Active Directory, Jira, Confluence
Languages
Education
Ruhr-Universität Bochum
Master of Science · IT security – networks & systems · Bochum, Germany
Universität Duisburg-Essen
Bachelor of Science · Business informatics – e-entrepreneurship & IT management · Essen, Germany
Certifications & licenses
Certified Ethical Hacker (CEH)
EC-Council Security Analyst (ECSA)
IEC 62443
TÜV Süd
ISO/SAE 21434
TÜV Nord
Similar Freelancers
Discover other experts with similar qualifications and experience
Managing Director and Senior Consultant
ISO – Senior Consultant Quality & Information Security
Ansible Automation, Windows Third Level Support
Owner and Managing Director
Associate Partner - Information Security Consulting
Senior Security Architect
Deputy Chief Information Security Officer
KRITIS Consultant
System and Endpoint Hardening
Science communicator and change manager
Security Expert
Vulnerability Management and Secure SDLC
Information Security Consultant
ISO27001 Certification
Consultant for Information Security & Auditor
CISO as a Service
IT Security Consultant – Creation & Management of the IT Security Roadmap
IT & Cybersecurity Project Manager
Information Security Manager
Information Security Officer according to TISAX
Senior Consultant Security (freelance)
Azure Architect
AI Red Team Engineer
Datacenter Engineer, Network & Security Administrator
Security Consultant at Rohde & Schwarz AG
Senior IT Enterprise Security Architect | Project Bank Migration
Lead OT Security | Industrial Cybersecurity | Cyber Program Manager | CISO Advisor
CRISC
Interim Project Manager
