Alexander Gellert portrait

Resume

Alexander Gellert
Contact
Alexander Gellert portrait

Available for opportunities

Alexander Gellert

Security & DevOps Engineer · Bug Bounty Researcher · KI-Enthusiast

Security-focused engineer with 5+ years building and operating platforms in finance (AML/KYC), active in bug bounty and security research since 2024. Based in Asia, I blend full-stack and DevOps with a pragmatic, KISS-first mindset to harden systems, automate deployments, reduce attack surface, and apply AI/LLM automation where it delivers real operational value.

Email me

Career

Experience

Impactful roles & highlights
  1. 07/2024 – Present

    Freelance Security Researcher & Bug Bounty Hunter · Remote (Asia)

    Freelance security research, bug bounty work, and small security-focused development projects.

    Web Security Bug Bounty Linux
    • Perform security testing of web applications in public and private programs
    • Focus on XSS, authentication issues, misconfigurations, and access control
    • Build scripts to automate recon and repeatable test workflows
    • Document findings with clear proof-of-concept steps and remediation guidance
    Active in bug bounty and security research since 2024
  2. 03/2023 – 07/2024

    IT Service Owner & Senior Consultant, ixtrac · Zug, Switzerland

    IT service owner and senior consultant for Appway Platform 10/11 with a DevOps focus.

    Appway Octopus Linux
    • Owned the lifecycle of Appway servers and application stacks across environments
    • Designed and maintained Octopus pipelines for automated, repeatable deployments
    • Provided L3 support with deep technical analysis and incident response
    • Partnered with business and compliance on KYC workflows in finance and banking
    Reduced deployment time by ~30% through pipeline automation
  3. 02/2020 – 11/2022

    Application Specialist, Julius Baer (RM IT) · Zurich, Switzerland

    Application specialist and DevOps engineer on Appway Platform 9–11 in a private banking environment.

    Appway Automation Testing
    • Improved operations with monitoring and automation
    • Increased testing throughput with automation and better tooling
    • Bridged technical analysis with business context to solve complex issues
    • Maintained two critical KYC/AML applications in banking
  4. 02/2018 – 01/2020

    IT Consultant, Syncordis (Nielsen+Partner) · Zurich, Switzerland

    IT consultant and software engineer on Appway Platform 6–8 for international banking clients.

    Appway Cloud
    • Built a reusable, cloud-ready Appway template adopted across projects
    • Delivered four KYC/AML onboarding applications for banking clients
  5. 05/2017 – 01/2018

    Student Assistant, NTNU · Trondheim, Norway

    Student assistant for COINS – Institute of Computer and Information Security.

    WordPress Plugins
    • Maintained and customized WordPress sites, developed plugins, and supported daily IT operations
  6. 03/2016 – 08/2016

    Student Assistant Software Developer, AAC Infotray AG · Winterthur, Switzerland

    Student software developer and IT consultant.

    • Designed a concept for automated GUI testing
    • Integrated external systems and applications into existing workflows
    • Implemented features for image editing, barcode recognition, and automated testing

Showreel

Projects

Selected work with stack highlights
Vault & PKI Setup for Secure Deployments thumbnail
2024 Personal

Vault & PKI Setup for Secure Deployments

Self-hosted Vault and PKI hierarchy to manage secrets, TLS certificates, and environment-specific credentials for secure deployments in homelab and small-team setups.

Vault PKI ACME Docker Linux
Rootless Podman Platform thumbnail
2024 Personal

Rootless Podman Platform

Rootless, daemonless container platform with isolated networks and DNS, per-app Unix users, and a hardened reverse proxy for multi-tenant workloads.

Podman netavark DNS Linux Nginx
Security-Hardened WordPress Template thumbnail
2023 Personal

Security-Hardened WordPress Template

Opinionated WordPress starter with security-first defaults, reduced attack surface, strict TLS, and automated updates for small business and portfolio sites.

WordPress PHP Nginx Let's Encrypt
Nextcloud Productivity Apps thumbnail
2024 Personal

Nextcloud Productivity Apps

Custom Nextcloud apps, including a dashboard that surfaces Calendar and Deck data, plus a Stocks app in development. Focused on useful UX and secure integrations for self-hosters.

Nextcloud PHP JavaScript Docker
AI Agent Workflows for Mail & Calendar thumbnail
2025 Personal

AI Agent Workflows for Mail & Calendar

LLM-based agents orchestrated via MCP and n8n to triage email, summarize threads, and sync tasks and events across calendars and productivity tools.

MCP n8n OpenAI API Gmail API Calendar API
Applied Bug Bounty & Web Security Research thumbnail
2024 Personal

Applied Bug Bounty & Web Security Research

Structured bug bounty work on platforms like HackerOne and YesWeHack, focused on modern web stacks, practical vulnerabilities, and recon/testing automation.

Burp Suite Linux Python Browser DevTools Caido

Strengths

Skills

Tools, stacks, specialties
Security & Bug Bounty
Web App Security (OWASP, XSS, IDOR, auth)
Bug Bounty (HackerOne, YesWeHack)
Burp Suite, Caido
Nuclei, httpx, ffuf, Axiom (recon)
Frida, Objection (Android testing)
DevOps & Platform
Docker
Podman (rootless, daemonless)
Linux (Ubuntu/Debian)
Octopus Deploy
CI/CD pipelines (build/test/deploy)
Nginx, Traefik
Vault & PKI (secrets, certificates)
WireGuard, IPsec VPN
firewalld, nftables
AI & Automation
LLM agents & workflows (tool use)
Model Context Protocol (MCP)
n8n (automation)
API integrations (mail, calendar, HTTP)
Frameworks
Appway Platform
Spring Boot
AngularJS
jQuery
EJS
WordPress
Nextcloud App Framework
Cloud, Databases & Monitoring
AWS
PostgreSQL, MySQL
MongoDB
Splunk
Dynatrace
Graylog
Self-Hosting & Tools
Nextcloud
Synology
Homelab & infrastructure as code
tmux, zsh, CLI tooling
Certificates
CompTIA Security+
Fit for Finance
Offensive Security Wireless Professional (OSWP)
Languages
Python
JavaScript
Java
Bash/Zsh scripting
C / C++ / C#

Learning

Education

2013 – 2017

B.Sc. in Business Informatics, HTWG Konstanz – University of Applied Sciences

Focus areas: software engineering, architecture, QA, web technologies, information security

2011 – 2013

Vocational diploma: Assistant for Information and Telecommunication Technology

Training program for IT assistants

Beyond work

Interests

Sports
Triathlon Muay Thai Ultra trail running
IT Security Research
Privacy Mobile Homelab & home networking
Reading
Finance Security research
Email Call Meet