Nils Klawitter

Vulnerability Management and Secure SDLC

Lübeck, Germany
Experience
Oct 2023 - Present
1 year 10 months

Vulnerability Management and Secure SDLC

DB InfraGO AG

  • Successfully implemented vulnerability management with DefectDojo

  • Consulting and implementing technical and process aspects of vulnerability management with DefectDojo

  • Advising on implementation for a secure software development lifecycle

  • Skills:** Gitlab, DefectDojo, Vulnerability Management, SCA, SAST, DAST, Python, Kubernetes, ArgoCD, Docker, AWS, Azure, Whitesource/Mend, Greenbone

Aug 2023 - Present
2 years

Threat Modeling with STRIDE

Festo SE & Co. KG

  • Conducting threat and risk analyses (TARA) on industrial products

  • Advising customers in the threat modeling process

  • Performing STRIDE-based threat modeling using Microsoft Threat Modeling Tool

  • Skills:** STRIDE, TARA, MS Threat Modelling Tool

Aug 2023 - Apr 2024
9 months

Application Security Specialist

ITZBund

  • Consulting and reviewing developer teams on application security and secure coding in a large federal project

  • Promoting awareness of a DevSecOps culture, shift-left, and security-by-design principles

  • Implementing tools for a secure software development lifecycle

  • Skills:** AppSec, DevSecOps, SCA, OWASP ZAP, Tekton, Azure DevOps, OpenShift Advanced Cluster Security, OWASP Dependency-Track, Sonarqube

Feb 2023 - Present
2 years 6 months
Lübeck, Germany

Freelancer

SecuredBytes

  • Application security (AppSec) and DevSecOps
  • Secure software development lifecycle (Secure SDLC)
  • Security and cryptographic concepts
  • Cryptography engineering, PKI, and cryptographic protocols
Apr 2020 - Mar 2024
4 years
Lübeck, Germany

Lab for Secure Hardware and Software Development

Technische Hochschule Lübeck

  • Setting up a secure software development lifecycle using GitLab for students for hands-on testing and learning in software engineering

  • Implementing CI/CD pipelines with various security tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and dependency scanners

  • Teaching threat modeling, risk assessments, and incident management in a hands-on course

  • Skills:** Gitlab, SCA, SAST, DAST, TARA, Incident Mangement

Apr 2020 - Mar 2024
4 years
Lübeck, Germany

Research Associate

Technische Hochschule Lübeck

  • Establishing and supporting a lab for secure hardware and software development
  • Teaching in cryptography, secure software development, IT security
  • Research and support for professors in IT security
Jan 2020 - Mar 2020
3 months
Lübeck, Germany

Developing a Proof of Concept for a Security Application Gateway for Industrial Machines

TRIOVEGA GmbH

  • Conceptualizing, defining requirements, and creating a proof of concept for a security application interface for industrial machines

  • Creating a security concept, developing the software and related tools, and organizing a penetration test for the proof of concept

  • Assessing feasibility and presenting results from the proof-of-concept case study

  • Skills:** Docker, Podman, embedded Systems, Bash, Rust, Python, Threat Modelling, Secure SDLC

Jan 2019 - Mar 2020
1 year 3 months
Lübeck, Germany

Introducing DevSecOps/AppSec Processes

TRIOVEGA GmbH

  • Setting up the IT security team in software development

  • Developing guidelines for internal and external software projects regarding the secure software development lifecycle (SSDLC)

  • Training and raising awareness for secure software development

  • Assessing and implementing a DevSecOps process and tools like SCA, SAST, DAST, threat modeling, etc.

  • Skills:** Gitlab, Secure SDLC, Project Management, Threat Modelling, SCA, Dependency-Track

Mar 2017 - Mar 2020
3 years 1 month
Lübeck, Germany

Application Security Engineer

TRIOVEGA GmbH

  • Setting up the IT security team in software development
  • Managing and planning projects in security-relevant system development
  • Assessing and introducing a DevSecOps process and tools
  • External consulting and assessment of system/software architectures for IT security
Oct 2015 - Dec 2018
3 years 3 months
Lübeck, Germany

Master of Science in Computer Science — IT Security and Reliability

Universität zu Lübeck

Oct 2012 - Nov 2015
3 years 2 months
Lübeck, Germany

Bachelor of Science in Computer Science — IT Security and Reliability

Universität zu Lübeck

Summary

I'm Nils, a dedicated freelancer specializing in AppSec and DevSecOps. My focus is on securing software and implementing robust security practices in software development.

Languages
German
Native
English
Advanced
Education
Oct 2015 - Dec 2018

Universität zu Lübeck

Master of Science · Computer Science, IT Security and Reliability · Lübeck, Germany

Oct 2012 - Nov 2015

Universität zu Lübeck

Bachelor of Science · Computer Science, IT Security and Reliability · Lübeck, Germany

Certifications & licenses

Teletrust Professional for Secure Software Engineering (T.P.S.S.E.)

TeleTrust e.V.

Teletrust Information Security Professional (T.I.S.P.)

TeleTrust e.V.

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions