~/$ whoami
soroush: IT security administrator
~/$ ./focus.sh
endpoint hardening · patch management · vulnerability triage
identity & access management · compliance · security automation
No Blind Spots.
No Unpatched Systems.
No Unauthorised Access.
About Me
I'm an IT Security Administrator based in Munich with a focus on endpoint hardening, patch management, vulnerability triage, and identity & access management across large-scale enterprise environments...
My work spans the full IT security lifecycle, from deploying and tuning endpoint protection platforms to orchestrating patch rollouts across thousands of devices, enforcing compliance baselines, and automating security operations with PowerShell and Python.
interface Engineer {
role: 'IT Security Administrator';
based: 'Munich, Germany';
focus: ['Endpoint Hardening', 'Patch Management', 'IAM'];
}
const nickname: string = "paintedman00"; // ID
const birthday: Date = new Date("1998");
const age: number = ···; // years-old// Why
Unpatched systems and misconfigured endpoints are the most common entry points. I close those gaps before attackers find them.
// How
Structured patch cycles, hardened baselines, automated triage workflows, and asset visibility across every layer of the environment.
// Connect
Open to roles in IT security administration, infrastructure security, and enterprise endpoint management.
Technologies
- Azure Security
- Endpoint Mgmt
- Defender XDR
- PowerShell
- Python
- Ansible
- CIS Benchmarks
- Tanium
Currently learning
- →Zero-trust network access (ZTNA) design and policy enforcement
- →KCSA (Kubernetes and Cloud Native Security Associate): cluster hardening, supply-chain security, and compliance
Experience
IT Security Administrator @ DocuWare
Mar 2025 – Present · Munich, Germany
- Leveraged Tanium to orchestrate patch deployment across nearly 1,000 Windows, macOS, and Linux endpoints and servers spanning multiple zones and regions, ensuring consistent compliance with minimal disruption.
- Established end-to-end infrastructure monitoring with full visibility across every layer, from physical hardware and network equipment up through hypervisors, virtual machines, and services, ensuring every asset is actively monitored with zero blind spots.
- Handle all internal scripting and automation using PowerShell and Python, covering security task automation, scheduled jobs, system health checks, alert triage workflows, and reporting pipelines.
- Participate in internal audits and help align systems with compliance standards including ISO 27001.
- Investigate and triage newly disclosed CVEs; assess impact and apply mitigations.
- Enforce endpoint protection policies and hardening baselines.
- Maintain documentation for security incidents, playbooks, and patch cycles.
- Manage IT asset inventory and lifecycle tracking using Jira Asset Management.
IT Security Administrator @ DocuWare
Mar 2025 – Present · Munich, Germany
- Leveraged Tanium to orchestrate patch deployment across nearly 1,000 Windows, macOS, and Linux endpoints and servers spanning multiple zones and regions, ensuring consistent compliance with minimal disruption.
- Established end-to-end infrastructure monitoring with full visibility across every layer, from physical hardware and network equipment up through hypervisors, virtual machines, and services, ensuring every asset is actively monitored with zero blind spots.
- Handle all internal scripting and automation using PowerShell and Python, covering security task automation, scheduled jobs, system health checks, alert triage workflows, and reporting pipelines.
- Participate in internal audits and help align systems with compliance standards including ISO 27001.
- Investigate and triage newly disclosed CVEs; assess impact and apply mitigations.
- Enforce endpoint protection policies and hardening baselines.
- Maintain documentation for security incidents, playbooks, and patch cycles.
- Manage IT asset inventory and lifecycle tracking using Jira Asset Management.
Projects
Python Projects
A collection of Python automation scripts and utilities covering scripting patterns, testing, and CLI tooling.
Linux Odyssey
Documented journey through Linux internals: kernel concepts, process management, file systems, and system hardening.
Network Odyssey
Hands-on network security notes and labs: packet analysis, protocol exploitation, and defensive configurations.
Backup System
Automated encrypted backup solution with scheduling, integrity verification, and remote storage support.
Crontab
Reference implementation and templates for cron-based task automation with logging and failure alerting.
Services
Endpoint Hardening
Securing workstations and servers across Windows and Linux through baselines, policy enforcement, and continuous compliance monitoring.
- Security baseline deployment
- Endpoint protection tuning
- Attack surface reduction
- Device compliance reporting
Patch & Vulnerability Management
Structured patch lifecycle management across large enterprise environments, from triage to deployment to compliance reporting.
- Tanium-orchestrated patch rollouts
- CVE triage & impact assessment
- Patch compliance dashboards
- Emergency patching procedures
Identity & Access Management
Designing and enforcing least-privilege access controls, MFA policies, and user lifecycle processes across enterprise environments.
- Okta administration
- Onboarding & offboarding automation
- Privileged access management
- Active Directory hardening
Security Automation
Building PowerShell and Python scripts that eliminate manual toil from security operations, reporting, and incident triage.
- Automated alert triage workflows
- Scheduled compliance reporting
- User lifecycle automation
- Infrastructure health checks
05. Got something in mind?
Ping me.
I'm always down to connect. If you have a question or just want to say what's up, feel free to shoot me a message or reach out on LinkedIn. I'll try my best to get back to you as quick as I can.