Nils Klawitter - Vulnerability Management and Secure SDLC

Q: Where is Nils based?

Nils is based in Lübeck, Germany and prefers 100% remote projects.

Q: What languages does Nils speak?

Nils speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Nils have?

Nils has at least 8 years of experience. During this time, Nils has worked in at least 9 different roles and for 7 different companies . The average length of individual experience is 11 months . Note that Nils may not have shared all experience and actually has more experience.

Q: What is Nils's latest experience?

Nils's most recent position is Vulnerability Management and Secure SDLC at DB InfraGO AG .

Q: What companies has Nils worked for in recent years?

In recent years, Nils has worked for DB InfraGO AG , Festo SE & Co. KG , ITZBund , SecuredBytes , and Technische Hochschule Lübeck .

Q: Which industries is Nils most experienced in?

Nils is most experienced in industries like Information Technology (IT) , Education , and Manufacturing . Nils also has some experience in Transportation and Logistics and Government and Public Administration .

Q: Which business areas is Nils most experienced in?

Nils is most experienced in business areas like Information Technology (IT) , Product Development , and Research and Development (R&D) . Nils also has some experience in Project Management and Quality Assurance (QA) .

Q: Which industries has Nils worked in recently?

Nils has recently worked in industries like Education , Information Technology (IT) , and Manufacturing .

Q: Which business areas has Nils worked in recently?

Nils has recently worked in business areas like Information Technology (IT) , Research and Development (R&D) , and Quality Assurance (QA) .

Recommended expert

Lübeck, Germany

Experience

Oct 2023 - Present

2 years 5 months

Vulnerability Management and Secure SDLC

DB InfraGO AG

Successfully implemented vulnerability management with DefectDojo
Advised on and implemented technical and procedural aspects of vulnerability management with DefectDojo
Provided guidance on implementing a secure software development lifecycle
Skills: GitLab, DefectDojo, Vulnerability Management, SCA, SAST, DAST, Python, Kubernetes, Argo CD, Docker, AWS, Azure, WhiteSource/Mend, Greenbone

Aug 2023 - Present

2 years 7 months

Threat Modeling with STRIDE

Festo SE & Co. KG

Conducted threat and risk analyses (TARA) for industrial products
Advised clients on the threat modeling process
Performed STRIDE-based threat modeling using the Microsoft Threat Modeling Tool
Skills: STRIDE, TARA, Microsoft Threat Modeling Tool

Aug 2023 - Apr 2024

9 months

Application Security Specialist

ITZBund

Advised and reviewed development teams on application security and secure coding in a large federal project
Promoted a DevSecOps culture, shift-left approach, and security-by-design principles
Implemented tools for a secure software development lifecycle
Skills: AppSec, DevSecOps, SCA, OWASP ZAP, Tekton, Azure DevOps, OpenShift Advanced Cluster Security, OWASP Dependency-Track, SonarQube

Feb 2023 - Present

3 years 1 month

Lübeck, Germany

Freelancer in Application Security and DevSecOps

SecuredBytes

Application security (AppSec) and DevSecOps
Secure software development lifecycle (Secure SDLC)
Security and cryptographic concepts
Cryptography engineering, PKI, and cryptographic protocols

Apr 2020 - Mar 2024

4 years

Lübeck, Germany

Lab for Secure Hardware and Software Development

Technische Hochschule Lübeck

Set up a secure software development lifecycle using GitLab for students for practical testing and learning in software engineering
Implemented CI/CD pipelines with various security tools, such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and dependency scanners
Taught threat modeling, risk assessments, and incident management in a hands-on course
Skills: GitLab, SCA, SAST, DAST, TARA, Incident Management

Apr 2020 - Mar 2024

4 years

Lübeck, Germany

Research Associate

Lübeck University of Applied Sciences

Setting up and supporting a lab for secure hardware and software development
Teaching in cryptography, secure software development, and IT security
Research and supporting professors in IT security

Jan 2020 - Mar 2020

3 months

Development of a proof of concept for a security application gateway for industrial machines

TRIOVEGA GmbH

Conceptualizing, defining requirements, and building a proof of concept for a security application interface for industrial machines
Creating a security concept, developing the software and related tools, and organizing a penetration test for the proof of concept
Assessing feasibility and presenting the results from the proof of concept case study
Skills: Docker, Podman, Embedded Systems, Bash, Rust, Python, Threat Modeling, Secure SDLC

Jan 2019 - Mar 2020

1 year 3 months

Implementation of DevSecOps/AppSec Processes

TRIOVEGA GmbH

Setting up the IT security team within software development
Developing policies for internal and external software projects with regard to secure software development lifecycle (SSDLC)
Training and raising awareness on secure software development
Evaluating and implementing a DevSecOps process and tools like SCA, SAST, DAST, threat modeling, etc.
Skills: GitLab, Secure SDLC, Project Management, Threat Modeling, SCA, Dependency-Track

Mar 2017 - Mar 2020

3 years 1 month

Lübeck, Germany

Application Security Engineer

TRIOVEGA GmbH

Setting up the IT security team in software development
Project management and planning in security-relevant system development
Evaluating and introducing a DevSecOps process and tools
External consulting and assessment of system/software architectures regarding IT security

Summary

I'm Nils, a dedicated freelancer specializing in AppSec and DevSecOps. I focus on securing software and implementing robust security practices in software development.

Skills

Api Security
Application Security
Cloud Security
Code Audit
Cryptography
Dast
Data Privacy
Devsecops
Identity And Access Management (Iam)
Owasp
Sast
Sca
Secure Architecture Design
Secure Coding Practices
Secure Sdlc
Threat Modeling
Vulnerability Assessment
Web Application Security

It Security

Bsi Standard 200 + Basic Security
Bsi Technical Guidelines
Iso 2700x
Owasp
Nist 800-218
Owasp (M)asvs + Standards / Samm
Cve & Cvss
Cwe & Cwss
Common Criteria
Cis Benchmarks
Stride

Methods

Secure Risk Assessments
Threat Modeling (Stride)
Code Audits
Penetration Testing
Sca
Sast
Dast
Dependency Scanning
Container Security
Secure Deployment
Sboms
Threat Monitoring
Vulnerability Management
Incident Response Management
Infrastructure Scanning & Hardening

Security Tools

Owasp Zap
Sonarqube
Synk
Checkmarx
Veracode
Gitlab Ci/cd
Burp
Trivy
Whitesource/mend
Greenbone
Gitlab Sast & Dast
Owasp Dependency-track
Cyclonedx

Programming Languages

Rust
Java
Python
C
C#
Bash

Project Management Methods

Scrum
Kanban
Agile Methods
V-model
Safe

Tools

Intellij
Eclipse
Visual Studio
Vs Code
Gitlab
Ansible
Terraform
Github
Docker
Podman
Kubernetes
Openshift
Ms Office 365
Atlassian Jira/confluence/bitbucket

Cloud

Amazon Aws
Microsoft Azure
Gcp

Operating Systems

Linux
Windows

Languages

German

Native

English

Advanced

Education

Oct 2015 - Dec 2018

Universität zu Lübeck

Master of Science in Computer Science — IT Security and Reliability · Computer Science — IT Security and Reliability · Lübeck, Germany

Oct 2012 - Nov 2015

Universität zu Lübeck

Bachelor of Science in Computer Science — IT Security and Reliability · Computer Science — IT Security and Reliability · Lübeck, Germany

Certifications & licenses

TeleTrust Professional for Secure Software Engineering (T.P.S.S.E.)

TeleTrust e.V.

TeleTrust Information Security Professional (T.I.S.P.)

TeleTrust e.V.

Profile

Created

January 2025

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Nils based?

Nils is based in Lübeck, Germany and prefers 100% remote projects.

What languages does Nils speak?

Nils speaks the following languages: German (Native), English (Advanced).

How many years of experience does Nils have?

Nils has at least 8 years of experience. During this time, Nils has worked in at least 9 different roles and for 7 different companies. The average length of individual experience is 11 months. Note that Nils may not have shared all experience and actually has more experience.

What roles would Nils be best suited for?

Based on recent experience, Nils would be well-suited for roles such as: Vulnerability Management and Secure SDLC, Threat Modeling with STRIDE, Application Security Specialist.

What is Nils's latest experience?

Nils's most recent position is Vulnerability Management and Secure SDLC at DB InfraGO AG.

What companies has Nils worked for in recent years?

In recent years, Nils has worked for DB InfraGO AG, Festo SE & Co. KG, ITZBund, SecuredBytes, and Technische Hochschule Lübeck.

Which industries is Nils most experienced in?

Nils is most experienced in industries like Information Technology (IT), Education, and Manufacturing. Nils also has some experience in Transportation and Logistics and Government and Public Administration.

Which business areas is Nils most experienced in?

Nils is most experienced in business areas like Information Technology (IT), Product Development, and Research and Development (R&D). Nils also has some experience in Project Management and Quality Assurance (QA).

Which industries has Nils worked in recently?

Nils has recently worked in industries like Education, Information Technology (IT), and Manufacturing.

Which business areas has Nils worked in recently?

Nils has recently worked in business areas like Information Technology (IT), Research and Development (R&D), and Quality Assurance (QA).

What is Nils's education?

Nils holds a Master in Computer Science — IT Security and Reliability from Universität zu Lübeck and a Bachelor in Computer Science — IT Security and Reliability from Universität zu Lübeck.

Does Nils have any certificates?

Nils has 2 certificates. These include: TeleTrust Professional for Secure Software Engineering (T.P.S.S.E.) and TeleTrust Information Security Professional (T.I.S.P.).

What is the availability of Nils?

Nils is immediately available full-time for suitable projects.

What is the rate of Nils?

Nils's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.