About
Hi, I'm Yusuf. I am a software and security engineer with practical experience in software development and enterprise security. Throughout my career, I've worked as a SOC/MDR analyst, systems and network administrator, and full-stack developer. Right now, I mainly focus on secure software development (DevSecOps), AI agent security, and software supply chain risks.
I believe security should be built into systems from the start, not added as a quick fix later. Because of this, I spend my time setting up secure virtualization environments using Proxmox and Docker, automating IT workflows, and building log analysis pipelines to make infrastructure more resilient.
I also love contributing to the open-source community and sharing security research. Projects I built, like Vantage and ApiGoat, help analyze NPM supply chain risks and automate everyday security tasks. From low-level systems like C and x86 Assembly to modern tools like Go, Node.js, and Python, I enjoy building tools that both run systems and keep them secure.
Experience
IT & Security Engineer
@ Arma Bilişim- I strengthen corporate infrastructure security and business continuity using SIEM, XDR, EPP, and DLP solutions.
- I deploy and maintain scalable virtualized environments with Proxmox VE and containerize services via Docker.
- I conduct proactive threat hunting on networks and systems using open-source tools and custom scripts.
- I manage end-to-end incident response and infrastructure optimization processes through automation and digital forensics.
SOC Analyst
@ Garanti BBVA Technology- I monitored enterprise-wide system events 24/7 via SIEM and XDR platforms to ensure the security of critical financial infrastructures.
- I performed threat detection and response across endpoints and networks, leading system hardening initiatives.
- I managed incident response workflows, digital forensic investigations, and security reporting.
- I collaborated with infrastructure teams to implement security-by-design policies and patch vulnerabilities.
MDR Analyst
@ ADEO Cyber Security- I managed network security operations and log management using Wazuh, Sentinel, and Defender XDR.
- I set up end-to-end DLP, EDR, and EPP solutions in enterprise environments to prevent data leakage.
- I performed log analysis, vulnerability scanning, and system management to minimize attack surfaces.
IT Services & Security Intern
@ Consulta- I supported IT infrastructure management, user support, and server-side security operations.
- I assisted in Linux server hardening and Microsoft Exchange server maintenance.
- I contributed to security awareness training and managed technical security documentation.
Volunteering
President of Community & OWASP Student Representative
@ BTU Informatics Community & OWASP BTU- Led the largest tech-focused student community at Bursa Technical University, reaching over 500 active members.
- Organized large-scale technical training sessions and "Security Day" events to raise cybersecurity awareness across the campus as an OWASP Student Representative.
- Networked with industry leaders to coordinate professional webinars, hands-on workshops, and technical site visits for student career development.
- Represented the community in university administrative processes, managing budget allocation and administrative collaborations.
Core Member
@ PwnLab.Me- Published technical blog posts and CTF (Capture The Flag) walkthroughs for PwnLab.Me, one of Turkey's leading cybersecurity communities.
- Supported community growth strategies and provided technical mentorship through Discord and other social channels.
- Contributed to the security ecosystem by conducting in-depth analyses of modern attack vectors and network security implementations.
Scout Leader & Search and Rescue Volunteer
@ TİFAKE (Scouting and Guiding Federation of Turkey)- Actively participated in rescue and humanitarian aid operations within TİFAKE in coordination with AFAD.
- Deployed for search and rescue during the February 6th Antakya earthquake and the Bozkurt flood disaster.
- Conducted forest fire response in Ovacik and managed humanitarian logistics in various disaster zones.
- Maintained leadership roles in scouting, focusing on youth physical and social development.
Technical Expertise & Skills
Offensive Security
- Vulnerability Assessment Vulnerability scanning and management with OpenVAS and Nuclei.
- Network Discovery Network discovery and topology mapping with Nmap and Masscan.
- Web App Security Testing Web/API penetration tests with Burp Suite and OWASP ZAP.
- Exploitation Frameworks Vulnerability exploitation and validation with Metasploit Framework.
- Security Research Supply chain (NPM) and LLM (Agentic AI) security research.
Defensive Security
- Autonomous EDR & XDR Management of SentinelOne, Microsoft Defender XDR, and CrowdStrike Falcon.
- SIEM & Log Management Anomaly detection with Wazuh, Splunk, and Elastic Stack (ELK).
- Network Traffic Analysis Deep packet inspection (DPI) and network forensics with Wireshark.
- Email & Gateway Security Phishing protection with Libraesva and Proxmox Mail Gateway.
- Incident Response Threat hunting and proactive cyber incident response.
Systems & Network Infrastructure
- Virtualization & Private Cloud Deployment of enterprise virtualization architectures with Proxmox VE.
- Enterprise Network Configuration Management of Ruijie & Reyee hardware, VLAN, TCP/IP, and DNS/DHCP.
- Identity & Directory Services Identity management with Windows Server (Active Directory), Samba, and LiderAhenk.
- Linux Server Administration Installation and hardening of Ubuntu, Debian, and Pardus systems.
- Self-Hosted Enterprise Solutions Open-source data sovereignty projects like Nextcloud and Mailcow.
Software & Automation Engineering
- Containerization Microservice architectures and isolated test environments with Docker.
- Configuration Management Infrastructure as Code (IaC) and server automation with Ansible.
- Backend & API Development Node.js, Express, and RESTful architecture design (ApiGoat project).
- Full-Stack Architecture End-to-end application development with PERN Stack (Postgres, Express, React, Node).
- Scripting & Task Automation Security tool development and system automation with Python, PowerShell, and Bash.
Education
- M.Sc. in Software Engineering | Karabük University (2025 – 2027)
- Focus: Scalable systems architecture and supply chain (NPM) security research.
- B.Sc. in Computer Engineering | Bursa Technical University (2019 – 2024)
- English preparatory year: 2019 – 2020.
- Focus: Software development and application security.
Continuous Training
- TryHackMe: Top 1% Rank in offensive security simulations.
- LetsDefend: Specialized in IT operations and SOC incident response.