$ whoami
Software Security Engineer
I design and build secure distributed systems from Zero Trust architectures and k8s hardening to developer-facing security tooling. I care deeply about making security a first-class engineering concern, not an afterthought.
$ cat about.md
I'm a Software Security Engineer with roots in SRE and software engineering. My work sits at the intersection of distributed systems and security where reliability, trust, and resilience aren't trade-offs but design goals.
I've architected Zero Trust network models, hardened Kubernetes clusters, and built developer-facing security tooling that doesn't slow teams down. I've led IAM and OAuth2/OIDC integrations at scale, using Keycloak and custom authorization policies to enforce least-privilege access across microservice meshes.
I believe security belongs in the delivery pipeline not bolted on at the end. That means threat modeling early, shifting left with SAST/DAST, and treating every deployment as an opportunity to reduce attack surface. I enjoy helping engineering teams build that instinct from the ground up.
Focus Areas
Security · Cloud
Primary Stack
Go · Kotlin · Java
Expertise
Zero Trust · IAM · K8s
Background
SRE · Software Eng.
$ cat skills.json | jq
Threat modeling, Secure Development Lifecycle, Secure Coding, Security Awareness.
Kubernetes-native security, cloud hardening, IaC, observability.
Shift-left security, CI/CD hardening, policy-as-code.
Distributed systems design, microservices, resilience patterns.
$ grep -R projects/
Development and operation of different applications for advertising campaign and stock data management across an international e-commerce build on GCP and StackIT.
Operation, scaling, and automation of central university IT platforms with full DevSecOps focus and cloud-native IAM integration. Enforced Privacy & Secure by Design principles mandated by university policy.
Fullstack development across multiple clients: legally-admissible incident log for DRK, SPAs for a major automotive OEM, cloud migrations, and a shareholder identification platform.
Security research on identity and authentication in academic environments within the scientific group SecLab. Evaluated Zero Trust approaches and built proof-of-concept secure software architectures.
Corporate website for a DEKRA-certified workplace safety consulting firm based near Munich. Covers occupational safety supervision, a training academy, equipment testing services, fire safety consulting, and personal protective equipment.
Website for a first aid training provider offering DGUV-compliant occupational first aid courses, refresher training, driver's license first aid, and AED/emergency scenario instruction across Germany.
Regional platform for the Youth Fire Department of Starnberg district, coordinating 43 youth brigades and 9 children's brigades with over 600 members. Features a password-protected member area, secure PDF downloads, a contact form, and event management.
$ grep -R talks/
Article on securely integrating Identity & Access Management into microservice architectures using Keycloak as the central IAM component within a Zero Trust model.
Talk on combining Zero Trust Architecture with Passkeys as an effective strategy for preventing lateral movement in modern IT environments.
Conference contribution on integrating Passkeys as a modern authentication method into Shibboleth-based university infrastructure using privacyIDEA.
Talk on using Tailscale to simplify and secure admin access in university data centers - without compromising on security or usability.
Article exploring lesser-known but powerful Keycloak capabilities beyond the standard OAuth 2.0 and OpenID Connect protocols - from Token Exchange to Fine-Grained Authorization.
Practical meetup talk on incrementally embedding security practices into everyday development: from a first SAST scan to a fully integrated DevSecOps pipeline.
$ chmod +x contact.sh && ./contact.sh
Whether you want to talk security architecture, explore collaboration, or just have a technical conversation. I'm happy to connect.