Snoop-It — Runtime analysis and black-box security assessment tool for iOS apps, built at NESO Security Labs. I designed and implemented the runtime core, which hooked into running apps to execute the analysis. The implementation relied on Objective-C runtime manipulation (overriding objc_msgSend) and method swizzling, including custom assembler for low-level hooks. The tool enabled security researchers to debug, trace, and dynamically analyze iOS apps without source code access. Published at GI Sicherheit 2014 and featured in c't magazine.

iOS CVE Discoveries — Four vulnerabilities in Apple's iOS, discovered during research at NESO Security Labs. Apple fixed them in iOS 8.0 ( CVE-2014-4361 , CVE-2014-4362 ) and iOS 8.3 ( CVE-2015-1113 , CVE-2015-1115 ), with public acknowledgment in the security release notes. Findings ranged from lock-screen and messaging privacy issues to more serious sandbox and access control flaws. The iOS 8.3 findings in particular allowed third-party apps to access recent contacts and reach restricted telephony functions from within the sandbox.

Master's Thesis: App Store Review Evasion — Designed and implemented a concept for iOS malware that could systematically bypass Apple's App Store Review process. The work questioned the security narrative around curated app stores at a time when Apple's review was widely assumed to be robust. Heidelberg University / Heilbronn University, 2014. Under academic embargo; not publicly available.

Bachelor's Thesis: iOS System Security and Gorilla 2 — Focused on improving system security on iOS 5. Resulted in Gorilla 2, a security app that let users control which data apps could access and prevented automatic parsing of PDF and office documents. Heidelberg University / Heilbronn University, 2012. Under academic embargo; not publicly available.

Establishing Mobile Development — Joined Kaufland as one of three developers forming the first dedicated mobile team, after two colleagues had already been working on mobile topics without an organizational home. There was no mobile strategy yet, no infrastructure, no precedent. Together we built the foundation for mobile development at Kaufland across both iOS and Android: build servers, release and testing processes, and the initial library and service choices for crash reporting, analytics, and databases. The patterns we established shaped how the Schwarz Group approached mobile for years to come.

Internal Apps and Proof-of-Concepts — Redesigned Kaufland's mobile maintenance app for warehouses and production, and built apps for internal test customers in stores. On our own initiative, we also developed proof-of-concept apps to show what mobile could do at retail scale — including a mobile self-checkout with Braintree payment integration connected to Kaufland's inventory system. The checkout POC drew attention at the management level.

Kaufland App — Co-architected and co-built the Kaufland App, the company's first customer-facing mobile application. I owned the iOS implementation end-to-end and was responsible for the real-time shopping list synchronization, the backend database, and the interfaces to the enterprise service bus. Through OpenID Connect and Keycloak, customers got actual accounts for the first time at Kaufland, enabling shopping list sharing between them. I also did much of the early UI/UX work myself, initially with a private Sketch license I brought in. It became the company's design tool and triggered the first serious mobile UX/UI design process at Kaufland, where our internal junior team held its own against external agencies. Beyond the iOS work, I set up Kaufland's first cloud account on Microsoft Azure. Cloud procurement didn't exist at Kaufland yet, so we ran the subscriptions on our manager's private credit card to get the infrastructure going. I also set up the App Store account and the direct relationship with Apple, including WWDC attendance as the first Schwarz Group company.

Kaufland Delivery (Berlin) — Lead iOS developer for Kaufland's delivery service pilot in Berlin, Kaufland's second customer-facing app. This was also the first project by Schwarz Group's newly established tech hub in Sofia, Bulgaria, and an early test of international distributed engineering at Schwarz, with additional engineers from Switzerland and Egypt. The pilot was technically successful but was discontinued after about a year.

First Cloud-Native Application at Kaufland — After Kaufland Delivery was discontinued, I returned to the Kaufland App, which was facing high latency and repeated backend outages under load from push notification campaigns. As part of diagnosing the problem, I introduced systematic monitoring using Prometheus, Grafana, and Azure Log Analytics, the first real live observability stack in this area. This included a live Grafana dashboard showing the real-time state of backend and client distribution.

With the root cause understood, I rewrote the backend in Go on Kubernetes, Kaufland's first productive deployment of the platform. The complete rewrite was delivered in under two weeks, with significantly improved performance on fewer resources and no outages under load. Further optimization eventually scaled the system to tens of thousands of requests per second, backed by the first serious distributed load tests at Kaufland. We demonstrated this at an internal developer conference with a live load test: 40 VMs driving Locust traffic against production, which kept serving real users throughout. This was the first productive cloud-native application in the company.

More than a technical win, the project shifted how engineering happened at Kaufland. It changed how teams thought about threading, language choice, and cloud-native principles, and Go and Kubernetes have since become widely used across Schwarz Digits.

Solution Architecture Across Products — As the Go/Kubernetes work became visible, I was pulled into more and more products as an advisor, a role formalized as Solution Architect, though in practice it worked like an on-call technical consultant. I advised teams on how to build applications, how to design interfaces between systems, and how to make them secure. Security work included secret management, certificate pinning, threat modeling, penetration tests, and client-side security for mobile payment. The setup became a template for how deep technical expertise could flow across organizational boundaries at Schwarz.

Store Merchandise Management PoC — Technical lead for a proof of concept for Kaufland's store merchandise management system, competing against external vendors. I was responsible for technology choice and architecture. The chosen stack combined Couchbase and Sync Gateway for real-time synchronization with offline capability, SAP integration, and DB seed preparation for fast initial sync. Services were written in Kotlin using web micro-frameworks and coroutines, running on Azure Kubernetes Service, the same platform already in use for the Kaufland App backend redesign. The proposed approach was selected and built on in the following years.

twogo Acquisition and Migration to STACKIT — Technical lead for Schwarz Group's acquisition of twogo from SAP (2019) and its subsequent migration to STACKIT, the group's internal cloud platform. This was one of the first productive public-facing applications running on STACKIT. On the acquisition side, I handled the technical work around architecture, porting, data migration, and the forward development plan, including recommendations to evolve the system toward 12-factor principles and a more modular design. The migration itself took several weeks of preparation covering knowledge transfer, domain setup, and organizational ramp-up, and was then executed in a single night.

Lidl WAWI Modernization — Part of the core architecture team for the modernization of Lidl's global merchandise management system (WAWI), a nine-figure-budget project that followed an earlier, unsuccessful replacement attempt. The old WAWI consisted of many small two-tier .exe applications talking directly to a replicated database, a 1990s architecture running the core of one of the world's largest retailers.

The team conducted a full assessment of the existing landscape and designed a new model based on cloud-native principles: real-time, modular, and distributed, built around event-driven architecture, CQRS, DDD, and event sourcing. A significant part of the work was presenting the proposed architecture to management and building the confidence needed for such a fundamental shift. Beyond the architecture itself, we established a new way of thinking and talking about systems inside Lidl's tech organization.

One Digital Journey (ODJ) — Part of the team building Schwarz Digits' internal developer platform. Built central services including user management with SCIM synchronization, contributed to identity provider migrations, and drove architectural improvements across existing components.

Cross-Silo Alerting System — Led the engineering of a new internal alerting system together with the infrastructure team, one of the first projects spanning software engineering and infrastructure at Schwarz Digits. The project served as a pilot for new collaboration patterns and new organizational forms inside Schwarz Digits, and was the first cloud-native project delivered by the infrastructure organization. I wrote the core matching engine myself; it was later open-sourced as hypermatch .

Software Engineering Foundations — Member of a cross-group body that sets engineering principles for in-house software development at Schwarz Digits, contributing to decisions on standard programming languages and tech stacks, core architectural concepts, and shared tooling and processes like post-mortem practice. Co-authored a strategic technical paper that defines the group's direction, including cloud-first, zero trust, and platform-based development. Contributed to the group's in-house architectural modeling framework.

Digital Foundation — Concept, implementation, documentation, and governance of a group-wide engineering foundation at Schwarz Digits, initially developed by me and now increasingly driven together with the teams I lead.

At the core is a robust metamodel for engineering artifacts and their relationships. The Digital Foundation implements it in code with many concrete decisions, becoming a living digital twin of Schwarz Digits' engineering landscape. The data is collected automatically as a side effect of how teams build and operate software, rather than through manual documentation, which keeps the twin accurate over time.

Around this core, a service catalog functions as an internal marketplace where teams publish services with standardized descriptions and quality criteria. ODJ evolves into the first Journey under this model: a guided path for cloud-native development that provides automation, opinionated defaults, and processes, while feeding the central platform with real runtime data.

The explicit modeling of dependencies, including databases and other components, enables automatic provisioning for developers and derived insights across the organization: tech radar, SBOMs, enterprise architecture landscape views, and blast radius analyses.

Secure Communication Architecture — Leading architecture work on strategic secure communication initiatives at Schwarz Digits. The work spans cryptographic system architecture, distributed systems, and SDK development for high-trust communication across enterprise, critical infrastructure, and internal settings. Projects range from MLS-based work (Messaging Layer Security, the IETF standard for scalable end-to-end encrypted group messaging) to architecting end-to-end encryption systems from established primitives for specific use cases.

hypermatch — Author of hypermatch , a Go library built for high-throughput rule evaluation. Benchmarks show tens of thousands of events per second matched against 100,000 rules with minimal latency. Open-sourced through Schwarz Digits.

noah-mqtt — Author of noah-mqtt , an open-source Go tool integrating Growatt Noah 2000 home batteries with Home Assistant via MQTT. Built in spare time, with active adoption in the Home Assistant community and a growing contributor base.

Open Source Governance at Schwarz Digits — Head of Schwarz Digits' Open Source Committee. Responsible for defining the rules for the company's GitHub presence, advising projects on open-source readiness, and approving releases.

Speaking — Regular speaker at Schwarz Digits' internal developer conferences on cloud-native architecture, platform engineering, and technology strategy. Past talks have included the live load test from the stage during the first cloud-native application rollout at Kaufland, and a main-stage talk on Digital Foundation in 2025.