Author Image

Hi, I am Marco

Marco Dura

Security Engineer at Sportradar

As a certified information security professional, I have extensive experience implementing cybersecurity and compliance controls, conducting security assessments and penetration tests of enterprise networks, domains and web applications. During more than 7 years of my professional career I have worked on numerous worldwide projects and helped many system administrators to mitigate or properly prioritize and address the identified security threats.

GIAC Defending Advanced Threats (GDAT)
CompTIA Security+ ce Certification

Skills

Vulnerability Assessments
Vulnerability Assessments

Identifying weaknesses across networks, systems, and applications. Prioritizing mitigation and establishing effective vulnerability management processes.
Security Compliance
Security Compliance

Conducting security audits and implementing secure configurations in line with industry-leading compliance standards.
Penetration Testing
Penetration Testing

Simulating real-world attacks to evaluate system security and uncover vulnerabilities.
Red Teaming
Red Teaming

Simulate real-world cyber threats, providing valuable insights into security weaknesses and enhancing organization defenses.
Monitoring & Logging
Monitoring & Logging

Collecting and correlating metrics and logs for comprehensive environment status overview.
SIEM Configuration
SIEM Configuration

Collecting and correlating security event data for a comprehensive security status overview.
Endpoint Security (EDR)
Endpoint Security (EDR)

Protecting individual devices (computers, smartphones, etc.) from unwanted malicious access.
Firewall Management
Firewall Management

Configuring and maintaining firewalls to control and filter network traffic based on predefined security rules.
Threat Intelligence
Threat Intelligence

Gathering and analyzing information about potential and existing cyber threats to proactively defend against attacks.
Secure SDLC
Secure SDLC

Implementing Secure Software Development Lifecycle (SDLC) practices to ensure robust security measures throughout the software development process.
Asset & Patch Management
Asset & Patch Management

Maintaining software inventory and implementing timely updates for system security and performance.
Virtualization
Virtualization

Configuring and managing virtual environments to enhance scalability and efficiency.
Secure Home Automation
Secure Home Automation

Ensuring the implementation of robust security measures to safeguard smart home devices and networks from potential vulnerabilities and threats.
Web Application Security
Web Application Security

Assessing and securing web applications against common vulnerabilities.
Automation
Automation

Streamlining tasks and optimizing workflow efficiency through scripting and configuration management.
AD Domain Management
AD Domain Management

Administering Active Directory for seamless user authentication and access control.
Scripting
Scripting

Utilizing Python, Bash, PowerShell, and CMD for problem-solving and automation.
Additional Competencies
Additional Competencies

Expertise extends beyond listed skills, encompassing a diverse range of competencies tailored to meet various project requirements and organizational needs.

Experiences

1
Application Security Engineer
Sportradar Group AG

Nov 2022 - Present, Ljubljana, Slovenia

Sportradar is the world’s leading sports technology company, at the intersection between sports, media and betting.

Responsibilities:
  • Ensuring company’s security and privacy regulations are followed and enforced (Security & Privacy Champion for BET Tribe)
  • Reviewing and optimizing the CI pipelines and scan configurations of security tools used in software development process (SSDLC)
  • Implementation of Akamai’s CDN security measures on the exposed sites and API endpoints with more than 350B req/month
  • Ensuring compliance of a web application module with the United Kingdom Gambling Commission (UKGC) regulatory
NIL Ltd.

Jan 2019 - Oct 2022, Ljubljana, Slovenia

Leading company in Slovenia offering defensive cybersecurity services.

Cybersecurity Engineer

Jan 2019 - Oct 2022

  • Developed a fully automated reporting service for all SOC customers using GitLab CI, Python, Latex and Elastic Cloud
  • Cooperated in architecture planning and deployment of a Security Operations Center (SOC) based in Saudi Arabia
  • System Administrator of a Saudi Arabian Security Operations Center (SOC) with on‑site work of more than 6 months
  • Managed, patched, upgraded and optimized the customer’s Windows server environment with MS AD and SCCM
  • Security hardening customer’s Security Operations Center (SOC) (Windows corporate environment) according to CIS Security Benchmark
  • Deployed and managed a multitenant Tenable Security Center for automated scheduled vulnerability scans and reports
  • Onboarded and managed the EDR configuration for customers with multiple organization locations (approx. 8k of total assets)
  • Collaborated in an incident response by neutralizing a threat actor and restoring a secure environment
Cybersecurity Consultant

Jan 2019 - Oct 2022

  • Led a team of 3 engineers to integrate multiple customer virtual environments with the company’s SOC
  • Optimized, improved and conducted reviews of the SOC analytics processes to provide quality assurance
  • Consulted T1/T2 analysts on threat hunting activities, incident investigation and response procedures
  • Performed vulnerability assessments (with additional verifications), management and reporting for a few customers
  • Performed security assessment and verifications of the SOC detection and response capabilities
  • Wrote detailed analytic and vulnerability assessment reports which included adapted mitigation recommendations for each customer
2
3
Penetration Tester
VIRIS d.o.o.

Oct 2016 - Dec 2018, Ljubljana, Slovenia

Leading company in Slovenia offering offensive cybersecurity services.

Responsibilities:
  • Conducted more than 90 web application penetration tests following the OWASP methodology
  • Conducted more than 40 internal and external network vulnerability assessments (with additional verifications)
  • Conducted multiple Social‑Engineering attacks with malicious attachments, links, media files and honeytokens
  • Collaborated on source code vulnerability checks with SAST and Android application penetration tests
  • Customization of malicious binary applications, documents and scripts for acquiring a higher initial access success rate
  • Wrote detailed security reports of all performed security engagements in Slovenian or English languages
  • Planned, redesigned (optimized), deployed and documented the company’s virtual infrastructure and physical data center architecture
  • Organized and improved the company’s report template and project execution workflow
  • Collaborated on the creation of a few capture‑the‑flag environments (one was used in BSides Ljubljana 2017)

Education
University of Ljubljana, Faculty of Electrical Engineering
2017
B.Sc. in Electrical Engineering
CGPA: 8.6 out of 10
Publications:
Upper Secondary School of Electrical and Computer Engineering Ljubljana
High School graduate of electrical engineering and computer science
Publications:
  • Global Positioning System with SiRFstarIII

Accomplishments

GIAC Defending Advanced Threats (GDAT)
GIAC May 2019

The GIAC Defending Advanced Threats (GDAT) certification covers both offensive and defensive topics in-depth. The GDAT certification have tought me a thorough understanding of how advanced cyber adversaries operate and how the IT environment can be improved to better prevent, detect, and respond to incidents.

View Certificate
CompTIA Security+
CompTIA May 2023

With CompTIA Security+ I refreshed my knowledge and skills necessary to perform core security functions required for any cybersecurity role. It showed how to identify and address potential threats, attacks and vulnerabilities and have also tought me of establishing techniques in risk management, risk mitigation, threat management and intrusion detection.

View Certificate