Freelancer profile translated to English.
Back to original languageAbout Bastian
Cloud & Security Solutions Architect with over 10 years of experience in building, securing, and governing hybrid cloud infrastructures – specializing in regulated industries such as banking, critical infrastructure (KRITIS), and public sector clients.
I combine strategic architectural understanding with technical implementation – from secure concepts to operational integration. My focus is on sustainable, auditable solutions that meet regulatory requirements, function reliably, and can be carried forward across teams – supported by enablement, knowledge sharing, and sustainable decisions.
Certified as, among others, **Cloud Security Professional (CCSP)**, **Azure Solutions Architect**, **Azure Security Engineer**, **Kubernetes Application Developer (CKAD)**, and **TOGAF Enterprise Architecture Practitioner**.
German
Native or bilingual
English
Fluent
Can work on-site
Berlin (up to 50km), Hamburg (up to 50km), Frankfurt am Main (up to 50km), München (up to 50km), Stuttgart (up to 50km)
Experience
- ING DeutschlandPlatform Architecture for Regulated Hybrid Cloud Environments in the Banking SectorBANKING AND INSURANCEMay 2024 - Today (2 years and 1 month)Frankfurt am Main, GermanyAs part of a company-wide cloud transformation program, I was part of the platform architecture unit within Enterprise Architecture. The focus was on building secure, scalable hybrid cloud architectures, considering cloud sovereignty, DORA compliance, and banking-specific security requirements.
- Design and implementation of an Azure API Management solution for mTLS-secured communication across platform boundaries (incl. AKS, Ingress Controller, and Azure Key Vault)
- Development of an Entra ID-based workload identity model for secure authentication of applications within AKS clusters
- Establishment of a scalable secret management approach based on Managed Identities and multiple Azure Key Vaults
- Contribution to the cloud placement strategy for structured workload distribution and the refactoring roadmap for legacy applications
- Support in building regulatorily compliant cloud components in line with ISO/IEC 27001, DORA, and internal governance guidelines
- spendenfinanzierte NGODesign of a Hybrid Cloud and IAM Architecture with Global PKI for a Critical Infrastructure OrganizationCIVIC AND SOCIAL ORGANIZATIONSOctober 2024 - April 2025 (6 months)Baar, SwitzerlandAs part of this architecture project for an internationally active NGO responsible for critical infrastructure, I designed a holistic Identity & Access Management (IAM) concept for a globally distributed, hybrid IT environment with over 3,500 user accounts. The goal was to build a secure, scalable, and auditable structure for access control across cloud and on-premises boundaries – in line with ISO/IEC 27001, the Swiss Data Protection Act (DSG), and the information security requirements according to the Swiss Federal Act on Information Security (ISG) and recommendations from NCSC.
- Development of a hybrid IAM model with Microsoft Entra ID, Active Directory, and Azure AD Connect
- Conception of a globally scalable PKI infrastructure for secure system-to-system communication and authentication
- Definition of a granular role and authorization concept to minimize attack surfaces
- Evaluation of Azure Stack HCI as a sovereign edge cloud component for decentralized data centers
- Architecture designed for cloud sovereignty, operational security, and regulatory traceability in a multi-regulatory environment
Focus Areas: Azure, Entra ID, Active Directory, LDAP, Azure Stack HCI, Azure Local, PKI, Certificate Services, Hybrid Identity, IAM Concepts, ISO/IEC 27001, DSG (CH), ISG, NCSC, Microsoft Exchange, Microsoft 365, Azure Load Balancer (global & regional), Zero Trust, Least Privilege, Identity Federation / Federation Trusts, Windows Server 2025, RBAC Concept, NTP - ING DeutschlandModernization and Securing of the Cloud Infrastructure for Corporate Customer BankingBANKING AND INSURANCEDecember 2022 - April 2024 (1 year and 4 months)Berlin, GermanyAs part of the integration of a former FinTech into the IT landscape of ING Germany, I was co-responsible for the technical reorientation of the cloud security and governance architecture. The goal was to build a compliant, resilient, and scalable platform structure – with a particular focus on cloud sovereignty, automation, and transparency.The implementation was carried out in accordance with regulatory requirements such as BAIT, DORA, NIS2, and the ISO/IEC 27001 standard series.
- Migration of containerized core applications into globally scalable cloud landing zones on Microsoft Azure
- Development of security reporting pipelines to comply with regulatory requirements (e.g., DORA, BAIT)
- Automation of security-relevant processes along the DevSecOps principle (Shift Left)
- Close collaboration with compliance, security, and infrastructure teams to enforce governance guidelines in the cloud context
- Ensuring 24/7 operation of containerized business applications on AKS, including observability & incident response
- Training and continuous professional development of junior platform engineers in cloud security and platform operations
Recommendations
Be the first to recommend Bastian
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Specialist in IT Systems IntegrationIHK Berlin2018Fachinformatiker für Systemintegration