Application Management
Skills
================================================
Summary
================================================
2021 IT Consultant / Applicationsmanagement
Setup/planning/installation/management for distributed integration
production environments
2013, 2019 - 2020 IT Security Consultant
Pentests and Vulnerability Scanning
Digital Forensics / Malware Analysis
Security Analyst im CERT / SOC Team
2013–2018 IT Consultant /
2018 --> Applicationsmanagement / 3nd Level Support of Insurancesoftware
2016-2018 --> Applicationsmanagement / 3nd Level Support of "Commercial Banking Core Systems - nach ITIL"
2013-2015 --> Applicationsmanagement / 2nd Level Support of "Commercial Banking Core Systems - nach ITIL"
2008 – 2013 IT Consultant
2008-2013 --> Applicationsmanagement / 2nd Level Support of "Rating, Billing Systems - ITIL"
1996–2008 Technical Consultant
Administration, Maintenance, Migration of SAG Products for UNIX/LINUX/WINDOWS env
1985–1996 System Developer
=========================================================
CERTIFICATION - EDUCATION - SEMINAR
=========================================================
Certification - “Technical Security Analyst Penetrationstests & Security Assessments”
Certification - “IT-Forensik Specialist”
Seminar - “SIEM nach ISO 27001 Security Information and Event Management”
Formation - Business English Summer School at Manchester Metropolitan University
====================================================
IT SKILLS
====================================================
Operating Systems:
Unix (HP-UX, Sun Solaris, AIX)
Linux: Red Hat, CentOS, Debian, Red Hat OpenShift, SuSE(SLES)
MS Windows Server – Mainframe
Programming Languages:
C/C++ - Shell Script – Natural – Python – Java
Databases:
ORACLE – MS SQL Server - ADABAS – ADABAS D – MaxDB – MySQL – DB2
Standars:
SQL – XML – HTML – CSS
Web Service: RPC – SOAP – REST
ITIL Standards: Change Management und Service Operation
OWASP Testing Guide (The Open Web Application Security Project)
OWASP Top 10. Top 10 Security Risks for Web Applications.
MITRE ATT&CK - knowledge base of adversary tactics and techniques based on real-world observations
SIGMA - Generic Signature Format for SIEM Systems
Oauth2 - Open Authorization
Tools:
Eclipse – MS Visual Studio C/C++ - Oracle SQL Developer – Automic
Flare/VM – Kali/Linux
SIEM Tools:
QRadar – Splunk - ELK
Web Scanner Tools:
OWASP Zed Attack Proxy (ZAP), SQLMap
Vulnerability Detection, Penetration Testing,
Scanner for networks:
nmap, tcpdump, Wireshark
Exploitation - Wireless:
Metasploit – Aircrack
Ticketsysteme:
Jira/Confluence - HP Service Manager (HPSM)- Remedy
Testsysteme:
HP Quality Center (HPQC)
Products:
e-government (Governikus)
Abacus (BearingPoint)
Convergys IRB (ehemals Geneva)
MSG Insurance Suite v4.14
Apache, Tomcat, IIS, Jboss
SAG Produkte, ADABAS/NATURAL
Special Knowledge:
Forensic Data Analysis: Malware Analysis
Financial World: International Banking, Core Banking Systems,
Insurance Software
Telecommunication: Rating / Billing / Provisioning
Speech Processing - Information Retrieval
Document Management - Health Medicine
Experiences in the international project environment
Experience in:
Support and Administration of Unix OS, Databases, Applications
IT Security and Web Security
Planning, Setup and Maintenance of IT Environment
Integration of Heterogeneous IT Environment
Migration of Application and Databases
Application and System Development
Training, Quality Assurance, Software Testing, Pen Testing
Branches:
Information Technology & Services Companies,
Finacial Services, Banking, Telecomminication,
Pharmaceuticals, Manufacturing Industry,
Wholesale, Media, Public Administration,
Research, Church
Summary
================================================
2021 IT Consultant / Applicationsmanagement
Setup/planning/installation/management for distributed integration
production environments
2013, 2019 - 2020 IT Security Consultant
Pentests and Vulnerability Scanning
Digital Forensics / Malware Analysis
Security Analyst im CERT / SOC Team
2013–2018 IT Consultant /
2018 --> Applicationsmanagement / 3nd Level Support of Insurancesoftware
2016-2018 --> Applicationsmanagement / 3nd Level Support of "Commercial Banking Core Systems - nach ITIL"
2013-2015 --> Applicationsmanagement / 2nd Level Support of "Commercial Banking Core Systems - nach ITIL"
2008 – 2013 IT Consultant
2008-2013 --> Applicationsmanagement / 2nd Level Support of "Rating, Billing Systems - ITIL"
1996–2008 Technical Consultant
Administration, Maintenance, Migration of SAG Products for UNIX/LINUX/WINDOWS env
1985–1996 System Developer
=========================================================
CERTIFICATION - EDUCATION - SEMINAR
=========================================================
Certification - “Technical Security Analyst Penetrationstests & Security Assessments”
Certification - “IT-Forensik Specialist”
Seminar - “SIEM nach ISO 27001 Security Information and Event Management”
Formation - Business English Summer School at Manchester Metropolitan University
====================================================
IT SKILLS
====================================================
Operating Systems:
Unix (HP-UX, Sun Solaris, AIX)
Linux: Red Hat, CentOS, Debian, Red Hat OpenShift, SuSE(SLES)
MS Windows Server – Mainframe
Programming Languages:
C/C++ - Shell Script – Natural – Python – Java
Databases:
ORACLE – MS SQL Server - ADABAS – ADABAS D – MaxDB – MySQL – DB2
Standars:
SQL – XML – HTML – CSS
Web Service: RPC – SOAP – REST
ITIL Standards: Change Management und Service Operation
OWASP Testing Guide (The Open Web Application Security Project)
OWASP Top 10. Top 10 Security Risks for Web Applications.
MITRE ATT&CK - knowledge base of adversary tactics and techniques based on real-world observations
SIGMA - Generic Signature Format for SIEM Systems
Oauth2 - Open Authorization
Tools:
Eclipse – MS Visual Studio C/C++ - Oracle SQL Developer – Automic
Flare/VM – Kali/Linux
SIEM Tools:
QRadar – Splunk - ELK
Web Scanner Tools:
OWASP Zed Attack Proxy (ZAP), SQLMap
Vulnerability Detection, Penetration Testing,
Scanner for networks:
nmap, tcpdump, Wireshark
Exploitation - Wireless:
Metasploit – Aircrack
Ticketsysteme:
Jira/Confluence - HP Service Manager (HPSM)- Remedy
Testsysteme:
HP Quality Center (HPQC)
Products:
e-government (Governikus)
Abacus (BearingPoint)
Convergys IRB (ehemals Geneva)
MSG Insurance Suite v4.14
Apache, Tomcat, IIS, Jboss
SAG Produkte, ADABAS/NATURAL
Special Knowledge:
Forensic Data Analysis: Malware Analysis
Financial World: International Banking, Core Banking Systems,
Insurance Software
Telecommunication: Rating / Billing / Provisioning
Speech Processing - Information Retrieval
Document Management - Health Medicine
Experiences in the international project environment
Experience in:
Support and Administration of Unix OS, Databases, Applications
IT Security and Web Security
Planning, Setup and Maintenance of IT Environment
Integration of Heterogeneous IT Environment
Migration of Application and Databases
Application and System Development
Training, Quality Assurance, Software Testing, Pen Testing
Branches:
Information Technology & Services Companies,
Finacial Services, Banking, Telecomminication,
Pharmaceuticals, Manufacturing Industry,
Wholesale, Media, Public Administration,
Research, Church
Project history
01/2021
-
Present
Company:
-
Banking /
Tasks:
-
Installation, configuration as well as 3rd level support of various third party software products on servers, client based as well as web based:
-
-
Reporting ( a.o. Abacus/BearingPoint )
-
-
-
Creating the required application system documentation
-
Creating tickets
-
Solving technical problems
-
Tasks:
-
Design/planning/installation for distributed integration production environments including
-
Database with data transfer
-
Web- Applicationsserver
-
-
as well as 3rd level support of various third party software products on servers, client based as well as web based:
-
Reporting (Abacus von BearingPoint)
-
ISMS → IT Security Management Anwendung (Fuentis)
-
ITMS → IT Service Management Anwendung (OmniTracker)
-
e-government (Governikus MultiMessenger u. EGVP)
-
-
Implementation of software and release upgrades
-
Test support and troubleshooting, production monitoring of the applications
-
Support of the operating systems / middleware systems incl. protocols and transmission standards
-
Opening tickets / changes according to ITIL and solving technical problems for database - web server - application - operating system
IT Skills:
-
Operating Systems: MS Windows Server 2016, Red Hat, z/OS(ex OS/390 ex MVS/ESA),
-
Application Servers: WildFly(ex JBOSS) - IIS – Tomcat – Reverse Proxy
-
Datenbank Servers: Oracle, MS SQL Server
-
Ticket Systems
-
Knowledge in PKI (Public-Key-Infrastruktur)
-
Knowledge in Microsoft Active Directory
06/2020
-
12/2020
IT Security - Pen Tests and Vulnerability Scanning
Company:
-
IT Consulting
Tasks:
White/GreyBox Pen Tests and Vulnerability scanning for Network/Infracture, Webapplications ( Linux – Windows )
-
-
Information Gathering: retrievable, sensitive information from the Internet about the application
-
Automated tests: port scans of IP addresses/hosts and vulnerability/web application scans
-
Injection-based Tests o.a. HTML-Injection, XSS, SQL- und Code-Injection ( Data/Input Validation Testing )
-
Tests for secure login procedures, security & bypassing of the authentication mechanism & session management
-
Tests for security of upload and download mechanisms
-
Tests for(XSS)Reflected/Stored Cross Site Scripting
-
Summary of findings, recommendations, support to mitigate security vulnerabilities
-
IT Skills:
-
-
Kali-Linux Tools: z.B. nmap,JtR,hydra,metasploit,sqlmap,spiderfoot,linis
-
OWASP Zed Attack Proxy (ZAP)- Burp Suite – Firefox AddOn Tools - CyberChef
-
OWASP Testing Guide
-
Knowledge of operating systems, application software, databases, various programming languages and cyber security
-
01/2020
-
06/2020
IT Security - Malware Analysis with Honeypots
Company:
-
IT Consulting
Tasks:
-
Threat Analysis with Honeypot T-POT (The All In One Honeypot Platform)
-
Malware Analysis – IoT Botnet Mirai, Hajime, Xor-DDoS, Koobface
-
Malware Analysis – eMail Phishing Attack/Identify/Emotet/Banking Trojan/ Ransomware
-
Mapping Advanced Persistent Threat (APT) Profiles to MITRE ATT&CK Framework
IT Skills:
-
Installation Honeypot T-POT (The All In One Honeypot Platform)
-
SIEM - ELK (elasticsearch, logstash, kibana)
-
Digital Forensics Tools:
-
System Memory and System Storage Analyse with Volatility
-
Autopsy - FTK Imager
-
Sysinternals Suite ( Windows )
-
Eric Zimermmans'Tools
-
-
Reverse Engineering with Ghidra:C/C++
10/2019
-
12/2019
WEB Security Testing
Company:
-
Finance - International banking
Project Language:
-
English - International Project Environment
Tasks:
-
Support / Test for
-
Authorisation API for Web- and Mobile Application
-
IT Skills:
-
OAuth2(Open Authorization:standardized secure API authorization for Desktop, Web and Mobile Application )
-
Jira/Confluence – REST/Postman
01/2019
-
09/2019
IT Security SOC
Company:
-
Finance - International banking
Project Language:
-
English - International Project Environment
Tasks:
-
Security Analyst im CERT/SOC ( Computer Emergency Response Team )/ SOC ( Security Operation Center ) Team:
-
Monitoring of IT systems and analysis of the current threat situation
-
Support as part of the Security Incident and Problem Management Process
-
Forensic Data Analysis → Malware Analysis
-
IT Skills:
-
Symantec e-Mail Security Cloud
-
Symantec Web Gateway ( ex BlueCoat )
-
IBM QRadar → the SIEM Tool
-
TheHive → the Security Incident Response Plattform
-
Flare/VM → Windows Distribution for Malware Analysis and Reverse Engineering
-
Kali/Linux → Linux Distribution for PenTesting and Network Securiy Assessment
Local Availability
Only available in these countries:
Germany, Austria und Switzerland
looking for projects
Tel. : +49 6257 5056912
Mail : project@msito.eu
Tel. : +49 6257 5056912
Mail : project@msito.eu
Other
looking for projects
Tel. : +49 6257 5056912
Mail : project@msito.eu
Tel. : +49 6257 5056912
Mail : project@msito.eu
