Summary
Work History
Education
Skills
Certification
Timeline
Generic
Nil Hayat Yöney

Nil Hayat Yöney

Security Engineer
Ulm

Summary

Proactive and goal-oriented professional with excellent time management and problem-solving skills. Known for reliability and adaptability, with swift capacity to learn and apply new skills. Committed to leveraging these qualities to drive team success and contribute to organizational growth.

Work History

Security Engineer

About You Holding X Zalando
04.2024 - Current
  • Improve monitoring and scanning tools to detect security threats and automate routine tasks using Python.
  • Design and implement Terraform/Terragrunt configurations for infrastructure deployments.
  • Develop and integrate custom security tools for AWS infrastructure to enhance threat detection and response.
  • Conduct internal security audits to assess vulnerabilities and ensure compliance with security best practices.
  • Administer Google Admin security policies, enforcing IAM best practices and strengthening access controls.
  • Strengthen web security by implementing Cloudflare WAF, DDoS protection.
  • Perform incident response investigations, forensic analysis, and implement remediation strategies.
  • Investigate phishing emails, analyzing email headers and payloads for malicious content.
  • Participate in employee security awareness training as a trainer for new employees.

Information Security Consultant

SabanciDx
11.2020 - 03.2024
  • Company Overview: Sabanci Holding Group Company
  • Designed, developed, and architected SOAR solutions (FortiSOAR) to enhance security operations.
  • Implemented incident response playbooks for SOC teams, integrating security products and custom connectors with various technologies.
  • Developed Python scripts to automate SOC workflows and streamline security processes.
  • Utilized HTML, CSS, and JavaScript for front-end customization within SOAR playbooks to optimize SOC operations.
  • Automated repetitive SOC processes, such as closing false-positive SIEM alerts, releasing quarantined emails, and creating automated tickets for security teams.
  • Integrated Threat Intelligence (CTI, OSINT, SMI) platforms within FortiSOAR, including AbuseIP, IP geolocation, and VirusTotal.
  • Conducted SIEM (QRadar) alert analysis, optimized detection rules, and designed playbooks to enhance SOC efficiency.
  • Provided technical consultancy on SOAR solutions for clients and sales teams.
  • Worked with Radiflow OT security tools (IDS & Risk Management) to enhance security monitoring and incident response in OT environments.
  • Led POC and demo integrations of security products for Sabancı Holding group companies.
  • Provided recommendations to improve IDS rule sets, analyzed false positives, and collaborated with R&D for rule tuning.
  • Designed and applied incident response playbooks for Radiflow within OT SIEM/SOAR platforms.
  • Led Data Classification and Data Loss Prevention (DLP) projects, ensuring security policy enforcement and compliance.
  • Managed policy creation and fine-tuning to enhance Forcepoint DLP configurations.
  • Conducted continuous monitoring of DLP systems, analyzing security incidents and refining detection rules.
  • Led Information Security Maturity Assessments, evaluating cybersecurity posture for clients.
  • Conducted risk assessments, staying ahead of emerging security threats and implementing proactive mitigation strategies.
  • Designed and integrated security best practices into clients' security product life cycles.
  • Sabanci Holding Group Company

Information Security Consultant

PwC
02.2019 - 11.2020
  • Company Overview: PricewaterhouseCoopers
  • Led and conducted Security Maturity Assessments based on industry-standard frameworks, including NIST, ISMS, and ISO 27001, developing security roadmaps for clients.
  • Assessed organizations' compliance with Turkey's Data Privacy Protection Regulation, providing security roadmaps and risk reports.
  • Performed internal audits and gap analyses for ISMS (ISO 27001) and QMS (ISO 9001) across multiple industries, including food, chemical, agriculture, energy, gas, and pharmaceuticals.
  • PricewaterhouseCoopers

Cyber Security Consultant Long Term Intern

Deloitte Touche Tohmatsu Limited
08.2017 - 06.2018
  • Worked on client's compliance with IT security standards across ISO27001 and Turkey Data Privacy Protection Regulation.
  • Defined dataflows for critical business processes with detailed diagrams.
  • Worked on DLP rules according to the client's business process and data flows.

Intern, Voluntary Internship

SVR Information Technologies
07.2016 - 12.2016
  • Worked on web-site designing projects using Python, GUI, HTML, CSS, PHP, Java, Java Socket.

Education

Master Degree - Information Technologies

Istanbul Technical University
01.2020 - 01.2021

Bachelor of Science - Mathematics

Universitat Autònoma de Barcelona
01.2016 - 01.2017

Bachelor of Science - Mathematics

Yıldız Technical University
01.2013 - 01.2019

Skills

Cloud Security & Infrastructure Protection

Certification

Fortinet NSE 6 FortiSOAR Administrator 7.0 Self-Paced, 05/01/23

Timeline

Security Engineer

About You Holding X Zalando
04.2024 - Current

Information Security Consultant

SabanciDx
11.2020 - 03.2024

Master Degree - Information Technologies

Istanbul Technical University
01.2020 - 01.2021

Information Security Consultant

PwC
02.2019 - 11.2020

Cyber Security Consultant Long Term Intern

Deloitte Touche Tohmatsu Limited
08.2017 - 06.2018

Intern, Voluntary Internship

SVR Information Technologies
07.2016 - 12.2016

Bachelor of Science - Mathematics

Universitat Autònoma de Barcelona
01.2016 - 01.2017

Bachelor of Science - Mathematics

Yıldız Technical University
01.2013 - 01.2019

Similar Profiles

CREATE PROFILE
Nil Hayat YöneySecurity Engineer