Istanbul, Türkiye
Technically-focused cyber security engineer with 5+ years of experience in FinTech and energy sectors, specializing in securing IT/OT infrastructures and leading cross-functional security teams. Architected NIST-compliant cloud security frameworks and conducted MITRE ATT&CK-based threat modeling across Azure and AWS environments. Directed IAM strategies, standardized SSDLC practices, and integrated SAST/DAST into DevSecOps pipelines. Supported ICS penetration testing and remediation efforts, with primary responsibility over cloud and on-premise security architecture. Led the management and lifecycle of enterprise-grade security technologies across endpoint, network, and cloud layers—including detection, prevention, access control, and asset visibility. Oversaw SIEM operations, implemented process improvements, and enhanced detection efficiency through rule tuning and automation. Delivered security baselines and PoCs for multi-entity environments, managed incident response, and built disaster recovery processes. Actively contributed to secure code reviews and awareness initiatives. Contact Me: [email protected] Best Regards
- Lead IT/OT penetration testing and vulnerability management processes. - Own and manage core security platforms including Cloudflare WAF, CyberArk PAM, phishing simulation, and security tool PoC processes. - Design and implement DevSecOps and secure code review processes. - Developed and operate a self-hosted CSPM platform for cloud and on-prem. - Define and apply cloud security best practices covering hardening, access control, and compliance monitoring in hybrid and cloud environments. - Review security risks for new enterprise projects with the Architecture team. - Member of the Operational AI Management Team, responsible for reviewing security, data protection, access control, and compliance risks of business AI use cases before deployment.
- Led day to day cyber security operations and supported coordination across infrastructure, development, and product teams. - Extended the solution to improve Azure Secure Score through configuration reviews, Conditional Access policies, and security hardening activities. - Actively supported cloud security governance by defining tagging standards, configuration baselines, and secure deployment practices. - Managed PoC, evaluation, and purchasing processes for enterprise security products, including EDR, DLP, WAF, PAM, and Attack Simulation tools. - Led rule design and configuration activities for newly onboarded holding companies, ensuring consistent security policies and controls across group entities.
- Conducted digital forensic analysis on evidence related to cybercrime cases such as credit card fraud, hacking, and organized crime, supporting expert witness reports. - Analyzed security incidents and breach artifacts (logs, systems, storage media) and documented technical findings for legal investigations.