Hire the Best Penetration Testers
in Germany

I am a Senior Penetration Tester (currently working at Mercedes-Benz) specializing in manual, deep-dive security assessments for web applications, APIs, and cloud infrastructure. I do not run automated scanners and hand over a 100-page PDF of false positives. I specialize in finding the complex, chained business-logic flaws, multi-tenant isolation issues, and authorization bypasses that automated tools completely miss. **Certifications:** - OSWE (Offensive Security Web Expert) - OSEP (Offensive Security Experienced Penetration Tester) - OSCP+ (Offensive Security Certified Professional) - OSWA, OSWP, KLCP **My Core Focus Areas:** - Web App & API Penetration Testing: Identifying IDORs, mass assignment, complex injection flaws, and authentication bypasses in modern SPAs and microservices. - Network Penetration Testing: Internal/External infrastructure assessments, Active Directory exploitation, and lateral movement. - Cloud Security: Exploiting access control misconfigurations in AWS, Azure, and GCP. **What you receive at the end of the engagement:** - Zero False Positives: Every vulnerability I report is manually verified and proven with exact reproduction steps. - Compliance-Ready Reporting: I deliver formal reports featuring accurate CVSS scoring, board-ready executive summaries, clear PoCs, and developer-centric remediation instructions. - Professional Discipline: I strictly adhere to established Rules of Engagement (RoE) to ensure zero business disruption during testing. Shoot me a message, and I’d be happy to share a redacted sample report so you can see the exact quality of work you will receive before we start.

Security & compliance lead for SaaS and fintech. SOC 2, ISO 27001, pentesting, and fractional vCISO — so security closes enterprise deals instead of blocking them. I'm an Information Security Lead with 10+ years securing SaaS end-to-end. By day I run AppSec and cloud security at a global B2B SaaS unicorn. On Upwork, I bring that same rigor to founders, CTOs, and security leads who need to get audit-ready — fast. OSCP · CCNSE · CDP | Top Rated | 100% JSS | 25+ five-star reviews | 100+ apps pentested What I deliver: → SOC 2 & ISO 27001 audit readiness (4–8 weeks): gap analysis, 15+ policies, risk assessment, evidence collection, vendor reviews, auditor handoff. Vanta, Drata, Sprinto, Secureframe, Thoropass. → Pentesting (1–2 weeks): OWASP-aligned web, mobile, API. Developer-friendly report with repro steps, CVSS, business impact, and remediation. Attestation letter + free retest included. → Fractional vCISO (retainer): security questionnaires, vendor reviews, board reporting, AWS/Azure/GCP posture, IR readiness, continuous compliance. Best fit if you're: prepping your first SOC 2 or ISO 27001 audit, losing enterprise deals on security questionnaires, stuck inside Vanta/Drata without knowing what to upload, or scaling on AWS and need a security baseline — without paying $250k for a full-time CISO. Frameworks: SOC 2, ISO 27001:2022, NIST CSF, NIST 800-53, PCI DSS, GDPR, HIPAA, OWASP ASVS/MASVS, CIS Benchmarks. Stack: Burp Suite Pro, Nuclei, AWS Security Hub/GuardDuty, Terraform, GitHub Actions, Snyk, SAST/DAST/SCA, Python. Next step: send your scope or just describe where you're stuck. Within 24 hours you'll get a fixed-price quote, SOW, and timeline. If I'm not the right fit, I'll tell you who is.