Sufijen, Security Engineering
Sufijen has been working at CHECK24 since 2013. He started as a Junior Web Developer, then became a DevOps Developer, and since 2019, Sufijen has been working as a Security Engineer in the company. Since 2023, he has been leading the Security Engineering team.
In the interview, he shares everything about his exciting daily work and the responsibilities of his team.
Hello Sufijen, please introduce yourself briefly.
Sufijen:
Hi, my name is Sufijen. I've been working at CHECK24 since 2013, with a short break in between. I started as a Junior Web Developer, then became a DevOps Developer and since 2019 I have been working as a Security Engineer in the company. Furthermore, I have been the team lead of the Security Engineering team since 2023.
Did you always know that you wanted to go into the security field or did you have other plans?
Sufijen:
I started hacking when I was about 12 years old. I was attracted to the subject early on, and I wanted to master it. Soon I realized that the key to hacking was a deep understanding of code. That is the reason why I learned programming and that is how I started my career. So my step into security is more of a step back to the beginnings - “back to the roots”.
What exactly are your tasks as a security engineer?
Sufijen:
As a security engineer in Berlin, there are several areas of responsibility. I also like to call the job a “full-stack security engineer”, even if the term is not official.
The tasks include conducting penetration tests, programming, assisting with strategy and planning and advising the internal teams.
In my team, we create solutions that benefit the whole of CHECK24. This requires an understanding of needs and an overview of the systems currently in place. We develop tools to monitor the infrastructure, we write scripts to help others test themselves and attack our systems automatically and manually.
We aim to ensure real security within the company and therefore take concrete action rather than just in theory, closely aligned to the existing technologies. Documentation is sometimes part of it, but we prefer implementation.
What is special about your job at CHECK24?
Sufijen:
We work in the technology environment and are therefore a fundamental component of CHECK24. We are deliberately located close to the CTO in order to work as broadly and effectively as possible.
Personally, I enjoy the speed of CHECK24 and the hands-on mentality. Our speed allows us to try things out without having to go through a long approval process first.
I very appreciate the fact that every IT manager can also program and lend a hand. This means that our management is not decoupled from reality, which makes our work as a security team much easier, because we're primarily addressing to IT managers.
We are also very independent and actively work on our topics. Sometimes it feels like being a detective on the trail of something big, except that the assignment comes from yourself.
What makes your team special? How do you feel about the collaboration within the team and with stakeholders?
Sufijen:
Our team is small and works very closely together. This makes us a kind of “fast reaction force” that other stakeholders can rely on. We are highly sought-after as advisors and have an overview that only a few people in the company have. Thanks to the pentests, we see more systems than almost anyone else. I enjoy getting to know everything, checking and processing all of this information. I soak it up like a sponge.
As we must identify weak points independently, openness, a sense of responsibility and creativity are particularly important in our team. We are “partners in crime”, relying on each other and having each other's backs.
And finally, tell us what jobs you used to do alongside your studies?
Sufijen:
During my studies, I already had my own small business where I programmed websites for small and medium-sized companies.