abbas tolgay yılmaz

Governate Oy

Helsinki, 1.2025 – Present

Architecting an enterprise-grade post-quantum file security platform — encrypted file sharing with policy-based access control, cross-platform clients, and full observability stack on GCP.

• Implemented NIST-standardized Kyber-1024 (post-quantum KEM) for key wrapping using Cloudflare CIRCL — hybrid encryption scheme: AES-256-GCM for file content, Kyber-1024 for per-access key encapsulation with perfect forward secrecy.
• Designed on-demand key wrapping architecture — no keys stored in DB, backend encapsulates on access request using Go CIRCL, clients decapsulate via cross-platform crypto-lib CLI (macOS Intel/ARM64, Windows, Linux).
• Built ZK proof-based device activation using Zig and Circom circuits — proofs bind device fingerprint, Kyber key derivation, and timestamp freshness for tamper-evident CLI onboarding.
• Defined requirements and led delivery of Windows desktop client (C# / WPF / .NET 6) — kernel minifilter driver for file system protection, Windows API hooks for print and screen-capture control, background service for folder auto-encryption; owned backend integration and overall technical accountability as CTO.
• Implemented policy-based access control with operation-level permissions (view, print, download, copy, annotate), multi-recipient sharing (user, email, domain), and approval-workflow access requests.
• Hardened backend (Go Fiber) with rate limiting, CSRF, mTLS via Cloudflare client certificates, WebAuthn/Passkeys, TOTP MFA, device tracking, and comprehensive audit logging to ClickHouse.
• Shipped real-time notification layer over WebSocket + NATS pub/sub with Redis caching; self-hosted observability stack (ClickHouse + Grafana + Prometheus) on GCP with GitHub Actions CI/CD.

Vattenfall Energy Trading GmbH

Hamburg, 2019 – 2022

• Contributed building a containerized data platform aggregating real-time feeds from 50+ wind turbines at Princess Alexia Wind Park.
• Designed modeling pipelines processing 5M+ telemetry events/day using Kafka and Cassandra.
• Improved energy trading accuracy by 18% through turbine curtailing and production scheduling optimizations.
• Reduced forecast deviation by 25%, increasing revenue from wind asset trading.
• Engineered secure infrastructure for EV charging networks, supporting 1,000+ active charging sessions/day.
• Secured SCADA communications for power plants including CHP and nuclear facilities, strengthening cybersecurity compliance with OpenMUC library.

Element Insurance AG

Lübeck, 2018 – 2019

• Enhanced and scaled insurance microservices serving 100K+ policyholders across multiple internal teams.
• Delivered 5+ new platform capabilities by integrating APIs and shared services across departments.
• Led cloud migration efforts, moving 70% of workloads to AWS, improving system reliability.
• Implemented Infrastructure-as-Code (Terraform) reducing environment setup time by 80%.
• Built and optimized React dashboards used daily by 50+ internal users.

Türkiye İş Bankası A.Ş.

Istanbul, 2017 – 2018

• Reverse-engineered and integrated legacy SOAP/WSDL endpoints using SmartBear SoapUI's Java SDK, enabling automated testing of the bank's internal service infrastructure.
• Built and maintained internal web tools with Spring Boot backend and jQuery/vanilla JS, HTML, CSS frontends.
• Optimized API testing workflows, improving reliability and reducing manual verification overhead across core banking services.
• Collaborated with cross-functional banking teams to document and standardize internal service contracts, improving onboarding for new engineers.