Snoop-It — Runtime analysis and black-box security assessment tool for iOS apps. Co-developed at NESO Security Labs. Snoop-It worked by retrofitting existing apps at runtime with debugging and tracing capabilities, exposed through a clean web interface. It became a useful tool for security researchers analyzing iOS app behavior.

iOS CVE Discoveries — Discovered multiple vulnerabilities in Apple's iOS during research at NESO Security Labs. Apple fixed them in iOS 8.0 (CVE-2014-4361, CVE-2014-4362) and iOS 8.3 (CVE-2015-1113, CVE-2015-1115).

Academic Work — Peer-reviewed publication at GI Sicherheit 2014 on Snoop-It. Magazine feature in c't in 2013. Master's thesis on evading Apple's App Store Review process. Bachelor's thesis on improving system security on iOS 5, resulting in Gorilla 2 — a security app letting users control app data access. See Publications for details.

Establishing Mobile Development — Joined as the first hire dedicated to mobile development at Kaufland. Together with two colleagues who had been working on mobile topics before the area had an organizational home, we built the foundation for mobile development at Kaufland: build servers, release and testing processes, the initial library and service choices (crash reporting, analytics, databases). The patterns established here shaped how the Schwarz Group approached mobile for years to come.

Early internal work included a redesign of the mobile application for maintenance in warehouses and production, apps for internal test customers in stores, and proof-of-concept apps — including a mobile checkout with Braintree integration connected to Kaufland's inventory system — built to demonstrate what was possible.

Kaufland App — Co-architected and co-built the Kaufland App — the company's first customer-facing mobile application. The project established multiple firsts at the same time:

• First App Store account (created during this project)
• First cloud-based application at Kaufland, running on Microsoft Azure
• First productive use of NoSQL databases (Couchbase Server & Sync Gateway)
• First customer authentication and OpenID Connect provider (Keycloak as IdP), enabling shopping list sharing and synchronization between customers
• First serious mobile UX/UI design process — with our internal junior team winning against external agencies
• First app built against the new internal enterprise service bus

Cloud procurement didn't exist at Schwarz yet when we started — we used private credit cards for Azure subscriptions to get the infrastructure running. The project also included the first real engagement with Apple from a Schwarz Group company: App Store account, WWDC attendance, direct relationship building.

Kaufland Delivery (Berlin) — Lead iOS developer for Kaufland's delivery service pilot in Berlin — Kaufland's second customer-facing app. This was also the first project run by Schwarz Group's newly established tech hub in Sofia, Bulgaria — an early test of international distributed engineering at Schwarz. The team also included external engineers from Switzerland and Egypt.

First Cloud-Native Application at Kaufland — After Kaufland Delivery was discontinued, I returned to the Kaufland App, which was facing significant backend performance issues under push notification load. As part of diagnosing the problem, I introduced systematic monitoring of cloud applications at Kaufland — using Prometheus, Grafana, and Azure Log Analytics — which was itself a first for this area.

With the root cause understood, I rewrote the backend in Go on Kubernetes — replacing the Java Enterprise stack that had been in operation. Complete rewrite delivered in under two weeks, with significantly improved performance on fewer resources and no outages under load. Scaled to tens of thousands of requests per second, with the first serious distributed load tests at Kaufland. This was the first productive cloud-native application in the company.

Go and Kubernetes later became standard technology across Schwarz Digits. The way we worked here changed how engineering happened in the company.

Solution Architecture Across Products — As the Go/Kubernetes work became visible, I was pulled into more and more products as advisor — in parallel to my main responsibilities. Officially titled Solution Architect, practically an on-call technical consultant. Advised on architecture and security, conducted penetration tests, and helped teams make better technology choices. The setup became a template for how deep technical expertise could flow across organizational boundaries at Schwarz.

Store Merchandise Management PoC — Technical lead for a proof of concept for Kaufland's store merchandise management system, competing against external vendors. Responsible for technology choice and architecture. The PoC won and established the technological foundation for store operations over the following years. Done together with a colleague who continued the work and took it into production.

twogo Acquisition and Migration to STACKIT — Technical lead for the acquisition of twogo from SAP (2019) and its subsequent migration to Schwarz's internal cloud platform STACKIT — one of the first productive public-facing applications running on STACKIT.

Lidl WAWI Modernization — Part of the core architecture team for the modernization of Lidl's global merchandise management system (WAWI) — a nine-figure-budget project that followed the publicly reported collapse of the ELWIS implementation with SAP.

The old WAWI consisted of many small two-tier .exe applications talking directly to a replicated database — 1990s architecture running the core of one of the world's largest retailers. We designed a completely new model based on cloud-native principles, distributed systems, and event sourcing. Along with the architecture itself, we established a new way of thinking and talking about systems inside Lidl's tech organization.

One Digital Journey (ODJ) — Internal Developer Platform — After the Lidl architecture phase, I joined the team building Schwarz Digits' internal developer platform (ODJ). ODJ is the foundation for cloud-native development across the company. I contributed to the platform architecture and built several central services — including a new user management system and SCIM synchronization — and led migrations of identity providers and STACKIT integration work.

Cross-Silo Alerting System — Led the engineering of a new internal alerting system together with the infrastructure team — one of the first joint projects between software engineering and infrastructure at Schwarz Digits. The project served as a pilot for new collaboration patterns and new organizational forms inside Schwarz Digits, and was the first cloud-native project delivered by the infrastructure organization. The core matching engine was open-sourced as hypermatch .

Digital Foundation — Shaping the generalization of the internal developer platform into a group-wide engineering foundation — standardizing transparency, reusability, service models, and architectural language across Schwarz Digits.

Formal role: Domain Engineering Lead. Leading multiple engineering teams in adjacent platform areas while personally driving the deeper architectural and strategic work.

Secure Communication Architecture — Leading architecture work on strategic secure communication initiatives at Schwarz Digits — at the intersection of cryptography, distributed systems, and platform architecture.

hypermatch — Co-author of hypermatch , a high-performance Go library for rapid matching of large numbers of rules against events. Processes thousands of events per second in memory with minimal latency.

noah-mqtt — Creator of noah-mqtt , an open-source tool integrating Growatt Noah 2000 home batteries with Home Assistant via MQTT. Built in spare time, used by the Home Assistant community.

Open Source Governance at Schwarz Digits — Chair of Schwarz Digits' Open Source Committee. Responsible for defining the rules for the company's GitHub presence, advising projects on open-source readiness, and approving releases.

Speaking — Regular speaker at Schwarz Digits' internal developer conferences on cloud-native architecture, platform engineering, and technology strategy.