10.11.2025 aktualisiert
100 % verfügbar
Freelance Security Systems Engineer and Consultant
Berlin, Deutschland
Weltweit
M.Sc. Computer Science and MediaSkills
Security EngineeringCybersecurity ConsultantProduct SecurityEUCCCommon Criteria DokumentationSecurity by DesignAutomotive Security/Embedded Systems SecurityVehicle-to-X Security (V2X/Car2X/C2C/Car-to-Car)Cyber Resilience Act (CRA)Secure Product/Software Development
My expertise lies in security systems engineering and consulting for secure product development (including ISO/SAE 21434) and product security certification (Common Criteria, ISO/IEC 15408), with a focus on embedded systems in the automotive field. I have been working with vehicle manufacturers and their suppliers since 2019. Cyber Resilience Act (CRA) complaince and EUCC.
Sprachen
DeutschMutterspracheEnglischverhandlungssicher
Projekthistorie
- Template improvement and creation of Item Definition, TARA and CS Concept according to ISO/SAE 21434 for a pre-development project, including methodology development
- Consulting on a cybersecurity approach for a reuseable ECU hardware platform
- Consulting on the application and improvement of the secure vehicle development process according to ISO/SAE 21434, including document templates and documentation tools
- Development and introduction of methods, processes, and training materials for cybersecurity (CS) testing (CS verification and CS validation) considering ISO/SAE 21434, especially for test methods, as well as documentation workflows and documentation tools, including:
- Conducting a one-day pilot workshop with the developed training materials for knowledgeable customer employees
- Developing a guideline for defining functional CS test specifications
- Evaluating and introducing a methodology for vulnerability scanning, including process integration and tool evaluation
- Collaborating on method specifications for fuzz testing and security code reviews
- Carrying out threat analyses and risk assessments (TARAs - similar to TARA of ISO/SAE 21434) for automotive functions and components
- Security engineering for a security function (authentic onboard communication) with focus on error analysis on vehicle level, integration support on component level and requirements engineering
- Vehicle-to-X (V2X) security:
- Participation in the creation of a Security Target and a Protection Profile according to Common Criteria (CC - ISO/IEC 15408) for C-ITS stations
- Participation in the creation of the EU's C-ITS CPOC protocol (Annex 8)
- Preparing an evaluation and the certification for CC according to V2X EU policies
- IDPS (Intrusion Detection and Prevention System): Creation and review of technical concepts for the system, especially for a VSOC (vehicle security operations center), including processes
- Security methodology:
- Co-creation of a template and a manual for the efficient execution of TARAs
- Creation of method descriptions including processes for carrying out TARAs and security tests (functional testing, penetration testing and vulnerability scanning)