Highlights

• Application Security Engineer based in Germany, focusing on AppSec, secure SDLC, SAST and automation.
• Background as a consultant penetration tester across web, mobile, network and Active Directory.
• Reported 8 CVEs and contributed to blogs, tools and trainings in the security community.

Certifications: OSCP | eWPTX | eCPPT | Google Cloud SecOps | CRT-ID | Nessus Engineer

About Me

I’m an Application Security Engineer based in Germany, working at the intersection of offensive security and secure software development. Before moving into AppSec, I worked as a consultant penetration tester, performing web, mobile and network assessments for various organizations.

Today my focus is on integrating security into the Software Development Life Cycle (SDLC), running secure code reviews, and using SAST/SCA and other tooling to help development teams ship secure applications. I enjoy building practical security automations and translating technical findings into clear, actionable guidance.

Contributions

I contribute to the cybersecurity community through:

• Publishing technical blog posts on web, mobile and infrastructure security.
• Reporting 8 CVEs acknowledged by vendors and the security community.
• Developing and sharing open-source security tools and scripts.
• Delivering a penetration testing course at Boğaziçi University Summer Camp.

Experience

Frankfurt School of Finance & Management — Application Security Engineer (2025 - Present)

• Conducting security assessments, including penetration testing and source code reviews.
• Collaborating with development teams to embed security into the SDLC.
• Developing and enhancing security-critical components across systems to ensure robust application security.

Secure Future — Penetration Tester (06.2023 - 10.2025)

• Consultant penetration tester working with diverse clients across multiple industries.
• Performed web, mobile, internal/external network, Active Directory, wireless and social engineering assessments.
• Delivered clear, actionable penetration testing reports and supported remediation efforts.

General Electric (GE Power) — Software Engineer Intern (08.2022 - 01.2023)

• Developed backend features (Java, SQL) and frontend components (TypeScript, Angular, NgRx).
• Improved application performance and supported refactoring of legacy modules.

Cubtale — Mobile App Developer Intern (06.2021 - 09.2021)

• Developed new screens and UI components for the Cubtale mobile app using Flutter (Dart).
• Fixed bugs, improved stability and collaborated with cross-functional teams on releases.

Education

B.Sc. in Computer Science from Sabancı University, including an Erasmus program at the University of Twente.

Focus Areas

• Application Security (Secure SDLC, SAST, SCA)
• Secure Code Review
• Web & Mobile Application Penetration Testing
• Internal Network & Active Directory Security
• Wireless Security
• Social Engineering

Contact & Socials

• GitHub: github.com/kaanatmacaa
• LinkedIn: linkedin.com/in/kaanatmaca
• Medium: medium.com/@katmaca2014