Get in touch

Boutique AI & Security Consulting

AI-powered security engineering
for financial institutions and critical infrastructure.

SephiraSec combines 12+ years in modern C++ and systems engineering with hands-on work in network and email security, vulnerability management, and DORA / NIS2 / ISO 27001-aligned security architecture for financial institutions and critical infrastructure.

Book a call View services
Focus AI, Security, Software
Region Austria · EU
Languages EN · DE · RO
Available for engagements

Contract · Consulting · Full-time · Remote-friendly

SephiraSec in a nutshell

  • AI & Security Engineering Design & implementation of security automation, AI-assisted detection use-cases & reporting for modern security teams.
  • Vulnerability Management End-to-end exposure management: scan strategy, risk-based triage, dashboards & continuous improvement with a strong DORA / NIS2 focus.
  • DORA & Compliance Security controls, governance artefacts & reporting aligned with DORA, NIS2, BSI guidance and ISO 27001.
  • Secure Software & C++ Secure-by-design C++ and backend components for automotive, gaming, network security and banking environments.

Based in Vienna · working with banks, financial service providers and critical infrastructure.

Services

Where intelligence meets security. SephiraSec focuses on a few areas – and goes deep.

AI-driven Security Engineering

Design and implementation of security automation, enrichment and analytics: log pipelines, anomaly detection concepts and AI-assisted triage, backed by hands-on AI Engineering studies.

  • Security data modelling & enrichment for SIEM/SOAR
  • Automation playbooks & data pipelines (Python, Kafka, etc.)
  • Prototyping AI / ML and LLM-assisted use-cases for SOC & security teams

Vulnerability & Exposure Management

Design and optimisation of vulnerability management programmes in enterprise environments – from scan architecture to risk-based remediation workflows, with vulnerability management as a central discipline.

  • Scan architecture, coverage & hardening (on-prem & cloud)
  • Risk-based scoring, SLAs & executive-ready reporting
  • Integration with ticketing, CMDB & existing security tools

DORA & Regulatory Resilience

Support for security architecture, documentation and processes aligned with DORA, NIS2 and financial-sector expectations – with a focus on practical implementation and BSI / ISO 27001 good practices.

  • Gap analysis & control mapping to DORA and related requirements
  • Risk-based prioritisation, reporting & playbooks
  • Technical input for policies, procedures & governance

Secure Software & C++ Engineering

Over 12 years of modern C++ across automotive infotainment, slot gaming systems, algorithm-heavy components and network security products – from architecture to implementation.

  • Secure-by-design architecture & threat modelling for C++ systems
  • C++ code, performance & robustness reviews
  • Prototyping & PoCs for security & data-engineering tools

Technical Expertise

12+ years of hands-on depth across engineering, security and AI.

Languages & Engineering

C++ (12+ yrs) C Python Bash SQL Software Testing

Network & Email Security

Firewalls Check Point Barracuda SASE Zero Trust VPN Email Security

AI, Data & Automation

AI Engineering Machine Learning Deep Learning Neural Networks LLMs Elastic Stack SIEM / SOAR Kafka Data Pipelines

Standards & Frameworks

DORA NIS2 ISO 27001 BSI Incident Response Business Continuity Risk Management CVE / CVSS OWASP

Vulnerability & Risk

Tenable SC Vuln Management Exposure Management Risk-based Triage CMDB Integration

Engagement packages

Outcome-driven programs that blend secure software engineering, high-performance systems and defensive architecture for teams that need confidence.

How we work

A pragmatic, outcome-driven delivery model designed for regulated environments.

1) Scope & objectives

We clarify your environment, constraints, and success criteria. You get a written scope and deliverables list.

2) Assessment & evidence

We collect facts fast: tooling, coverage, controls, data flows and evidence needed for audits and stakeholders.

3) Implement & harden

Hands-on engineering: automation, dashboards, playbooks and hardening. No slideware—production-ready output.

4) Handover with KPIs

You receive runbooks, ownership, and KPI definitions so improvements remain measurable after delivery.

Typical outcomes

Examples of what clients can expect—shared in an anonymised form due to NDAs.

Vulnerability program acceleration

Improved scan coverage, reduced noise, and a risk-based remediation workflow with executive-ready KPIs.

Audit-ready DORA evidence

Control mapping, evidence packs, and runbooks aligned with DORA/NIS2 expectations and internal governance.

Security automation that saves time

Automation around existing tools (SIEM/SOAR, ticketing, vuln platforms) to reduce triage time and improve consistency.

Who SephiraSec works with

Security is never one-size-fits-all. The focus is on environments where failure is not an option.

Financial Institutions

Banks, payment providers and financial market infrastructure subject to DORA & local regulators.

Critical Infrastructure

Organisations where uptime, integrity and incident response are critical to operations.

Software & Product Teams

Teams building products that require secure, performant and reliable C++ and backend components.

Any Regulated Industry

Healthcare, manufacturing, legal, retail or any sector where data, systems and processes must be protected — the same rigour, regardless of vertical.

Founder

Dorin-Emilian Avram – Founder of SephiraSec

Dipl.-Ing. Dorin-Emilian Avram, MSc

Dorin is an IT Security Expert, C++ engineer and member of a core security team at a European bank. He holds a Bachelor’s degree in Computer Engineering, a Master’s degree in IT Security and is currently studying AI Engineering at FH Technikum Wien, extending a strong software background into modern AI for security.

Over more than a decade he has built and secured automotive infotainment platforms, casino slot systems, network and e-mail security products (including firewalls, secure mail gateways, VPN and SASE) and later worked as a security consultant for multiple clients. Today he focuses on infrastructure and application security – from data centre to cloud – with a strong emphasis on vulnerability management, regulatory resilience (DORA, NIS2, BSI, ISO 27001) and pragmatic defence-in-depth.

Speaks Romanian, English and German · Available for consulting and project-based engagements across the EU.

Available for engagements

Contract · Consulting · Full-time · Remote-friendly

Areas of expertise

  • Network & mail security Secure network architectures, firewalls, mail security, Zero Trust Network Access, VPN & SASE concepts
  • Vulnerability management Strategy, processes & tooling for enterprise-scale vulnerability & exposure management
  • AI & data engineering Security data modelling, analytics pipelines, automation & AI-assisted detection PoCs
  • Secure C++ Performance-critical, algorithm-heavy & network-integrated C++ and backend components

Education & Certifications

Education

  • B.Sc. Computer Engineering
  • M.Sc. IT Security
  • AI Engineering (ongoing) — FH Technikum Wien

Certifications

  • Barracuda Certified Email Protection Specialist
  • Barracuda SecureEdge Certified
  • Barracuda CloudGen Firewall Certified

Let’s talk

If you are planning a new security initiative, preparing for DORA or NIS2, or need help designing automation around your existing tools, SephiraSec can help.

Send a short description of your context and timeline – you’ll get a focused reply with concrete next steps and options for collaboration.

Contact details

Schedule a call Email SephiraSec  View Dorin’s LinkedIn