About Vladimir
Who I help
Cloud-first teams (pharma/biotech, healthcare, SaaS, SME) that need pragmatic AWS/Azure security: configuration hardening, compliance readiness (GxP, ISO 27001, CIS, NIS2), and hands-on remediation—without slowing delivery.
What I do
Cloud Security Reviews (AWS/Azure): CIS baseline, IAM, network edges, logging, data protections, container/Kubernetes focus.
Vulnerability & Dependency Management: DAST/SAST program tuning, SBOM hygiene, fix-path prioritization, dev workflow integration.
CSPM/CNAPP Enablement: Policy packs, noise reduction, risk triage, “fix-it” playbooks that teams actually use.
Compliance in the Cloud: GxP validation starter (risk-based), ISO 27001/27002 control mapping, NIS2 readiness for SMEs.
Remediation Sprints: Pair with your team to close the top 10 risks and measure impact.
Productized micro-engagements (evenings/remote-first)
AWS/Azure QuickScan (8 h): 6-page findings + 30-min readout; top misconfigs + quick wins.
NIS2/ISO 27001 Lite (6 h): Traffic-light gap map + 30-day action plan (cloud focus).
GxP Cloud Validation Starter (10 h): Validation plan outline, SOP skeletons, supplier assessment notes.
How I work
Outcome-based, fixed price. Clear scope. Minimal meetings.
Security that fits engineering cadence (IaC & CI/CD friendly).
Remote by default; occasional on-site in Bavaria by arrangement.
Tech & standards
AWS, Azure, EKS/AKS, Terraform, GitHub Actions; DAST/SAST, SBOM; CSPM/CNAPP; ISO 27001:2022/27002, CIS Benchmarks, GxP/CSV, NIS2.
English
Native or bilingual
German
Native or bilingual
Remote only
Primarily works remotely
Experience
- BioNTech AGManager Cloud SecurityBIOTECHFebruary 2024 - Today (2 years and 4 months)Mainz, Germany
- Lead cloud security across AWS & Azure for regulated biotech workloads; align guardrails with ISO/IEC 27001:2022/27002, GxP/CSV, CIS and emerging NIS2 expectations.
- Strengthen Kubernetes (EKS/AKS) security: cluster hardening, secrets/image scanning, workload policies.
- Drive vulnerability & dependency management: SAST for IaC/SBOM integrated into CI/CD (secure pipelines), developer enablement and fix-path prioritization.
- Implement and tune CSPM/CNAPP programs (policy baselines, noise reduction, risk triage) with clear remediation SLAs and dashboards.
- Design and operate multi-account landing zones: IAM least privilege, network segmentation, encryption, centralized logging, backup/DR.
- Own the cloud ISMS (risk assessments, SoA, policies/procedures) and prep/support internal & external audits.
- DATEVApplication Security Lead and Software ArchitectTECHMay 2022 - January 2024 (1 year and 8 months)Nuremberg, Germany
- Security Lead & Software Architect, hands-on full-stack engineer for a payroll platform. Built a microservice- and modulith-oriented architecture using Domain-Driven Design (>45 microservices).
- Authored the DATEV Security Guideline and embedded it into the SDLC of 12 development teams.
- Led a virtual team of 4 Cloud Security Engineers; set standards, code reviews, coaching, and threat modeling.
- Implemented DevSecOps controls: SAST, DAST, dependency/SBOM hygiene, secrets management, secure coding checklists aligned to OWASP ASVS & ISO/IEC 27001.
- Drove vulnerability management and remediation SLAs; defined risk triage & risk acceptance processes.
- Partnered with architecture guild on security patterns (authn/authz, crypto, logging/monitoring).
- Results: fewer critical findings in pipelines, consistent control baselines across teams, faster audit readiness.
- DATEVSecurity Champion and hands-on Software ArchitectTECHMay 2019 - October 2020 (1 year and 5 months)Nuremberg, Germany
- Security Champion & hands-on Software Architect for a microservice-oriented payroll platform.
- Built an automated secure SDLC for 9 development teams: threat modeling, application security testing (SAST/DAST), software composition analysis (dependency & license mgmt.), and continuous optimization of analysis workflows (noise reduction, triage, SLAs).
- Chaos engineering initiatives to validate resilience and security controls in production-like environments.
- Optimized the company’s online development security guideline; co-authored the DATEV Security Guideline and embedded it into team workflows and checklists.
- Company-wide rollout of dependency/license management and dynamic application security testing integrated into CI/CD.
- Trained engineers & local security champions; created playbooks and review checklists; partnered with architecture & platform teams.
- Results: standardized security practices across teams, fewer critical findings, faster pipeline feedback, better audit readiness.
Recommendations
Be the first to recommend Vladimir
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master of Science Computer ScienceFriedrich-Alexander University Erlangen–Nuremberg2016