Uwe Schwarz
Software Architect
I turn complex requirements into robust, scalable, and durable systems. I work at the intersection of modern software, platforms, infrastructure, and AI-adjacent workflows, with a clear focus on solutions that are technically sound, secure to operate, and genuinely useful in practice.
Availability
75% available · 100% from 2027-01-01
About Me
With more than two decades of hands-on experience across IT, infrastructure, and security, I build secure, scalable, and durable systems. My focus is on the architecture and implementation of technical solutions — from Linux and network infrastructure to security- and compliance-oriented platforms, as well as modern software for multi-tenant SaaS products.
I work at the intersection of technical depth and clear execution. Whether it is platform architecture, security-by-design, infrastructure modernization, or translating regulatory requirements into robust technical systems, I combine architecture, engineering, and pragmatism to turn complexity into working solutions.
I am especially interested in AI. I do not just follow the field — I actively experiment with new models, tools, and workflows, from development and automation processes to product-facing use cases. I am most interested in solutions that are not just clever on paper, but genuinely useful in practice, well engineered, and secure to operate.
Experience
Key Projects
Major technical and organizational engagements with high responsibility.
A curated selection of multi-month and multi-year work; further details on request.
Technical Program Lead IPv6 Migration
Deutsche Rentenversicherung (RP, BW)
- Technical program ownership for the IPv6 migration at DRV RP and DRV BW, with a focus on migration planning, execution structure, and cross-functional technical coordination.
- Designed and implemented an operational control model with dashboard, action board, KPI portfolio, risk register, and decision index to translate technical topics into structured delivery artifacts.
- Coordinated technical groundwork for architecture and rollout across IPv6 addressing, segmentation, dual-stack target design, test-lab planning, and cross-team dependencies.
- Supported security- and compliance-related requirements in the context of BSI, NIS2, and critical infrastructure, translating them into traceable evidence, risks, and management reporting.
- Achievement: Established a reusable intake-to-governance workflow for systematically capturing technical actions, risks, open issues, and evidence requirements.
- Achievement: Created an operational baseline for technical program execution with measurable KPIs, clear ownership, and transparent decision support.
Technical Subproject Lead Data Center Migration & Backup Modernization
Joh. Berenberg, Gossler & Co. KG
- Technical subproject ownership within the data center migration, focused on Solaris, Linux, storage, and backup environments.
- Designed, modernized, and implemented the enterprise backup platform based on Rubrik Security Cloud, coordinating across operations, security, and recovery requirements.
- Contributed to the evolution of the Solaris infrastructure and the phased replacement of legacy systems with modern, cloud-ready target architectures.
- Supported the technical renewal of the network infrastructure toward a segmented, security-oriented architecture with clearer operational and protection boundaries.
- Achievement: Established a modernized backup baseline with improved data protection, compliance, and recoverability across multiple business units.
- Achievement: Contributed to the technical preparation and coordinated execution of the relocation of two data centers, with minimized downtime and aligned infrastructure dependencies.
Information Security Engineer & Compliance
Threedium Ltd.
- Advised on and implemented information security measures across technical security controls and organizational security requirements.
- Supported the DevOps team on security-related topics, operational hardening measures, and the integration of security requirements into existing platform and deployment processes.
- Integrated services into the existing SSO infrastructure to standardize authentication, access control, and user management across multiple platforms.
- Supported audit and certification readiness for SOC 2 and ISO 27001, including control mapping, evidence collection, and coordination of technical and organizational measures.
- Advised on GDPR requirements and introduced retention rules, data protection policies, and related organizational controls.
- Introduced and evolved security policies and baseline controls to strengthen the organization's overall security posture.
- Achievement: Implemented IT security measures that supported a SOC 2 audit with zero non-conformities and helped secure key client requirements.
- Achievement: Integrated SSO infrastructure across multiple platforms, improving security, access consistency, and user experience.
- Achievement: Contributed to successful ISO 27001 certification within a tight timeline through structured implementation of requirements, controls, and evidence.
Security Engineer & Incident Response
Deutsche Vermögensberatung AG
- Provided security consulting and technical support across information security, with a focus on server, network, and infrastructure security.
- Supported strategic and operational activities during a major security incident, including coordination of response, containment, and recovery.
- Developed and refined security policies, technical concepts, and implementation-oriented security standards.
- Automated vulnerability and incident management to improve structured intake, prioritization, and handling of security-relevant events.
- Supported the build-out and evolution of IT architecture and security strategy, particularly in network architecture, cloud infrastructure, and firewall design.
- Prepared and supported penetration tests across network, cloud, application, and Active Directory environments.
- Held operational responsibility in the SOC environment, focusing on security monitoring, incident response, and continuous improvement of analysis and escalation processes.
- Performed security audits and provided security oversight for application and network migrations.
- Technical focus on Linux and networking, complemented by security consulting for Windows, Azure, and application development environments.
- Advised on data protection, audit, and certification requirements, including ISO 27001, BSI baseline protection, NIST, and MITRE.
- Achievement: Contributed to the coordinated response to a major security incident, with a focus on damage containment, recovery, and operational stabilization.
- Achievement: Developed and automated a vulnerability management approach, improving response times and transparency in incident handling.
- Achievement: Implemented security policies and technical security standards that were later adopted as reusable best practices across the organization.
Lead Infrastructure Engineer
Deutsche Vermögensberatung AG
- Handled technical coordination and resource planning for a small infrastructure team.
- The team’s scope covered Linux-based platforms for email, cloud storage, load balancing, proxy, and DNS.
- Analyzed, troubleshot, and sustainably stabilized complex email infrastructures.
- Provided consulting and technical implementation across IPv6, security, and highly available infrastructure systems.
- Held technical subproject responsibility for a data center relocation, including migration and rebuild of applications and server infrastructure into redundant, highly available target environments.
- Achievement: Contributed to the coordinated execution of a successful data center relocation with aligned infrastructure dependencies and stable operational transition.
- Achievement: Introduced IPv6 in the enterprise environment as part of the long-term modernization of the network infrastructure.
- Achievement: Improved team throughput and operational stability through automation and more structured resource coordination.
System Architect Email Archiving
Deutsche Vermögensberatung AG
- System architect for the enterprise-wide email archiving platform, responsible for architecture, technical evolution, and long-term maintainability.
- Designed and implemented a legally compliant archive for more than 50,000 users, ensuring immutable retention, auditability, and durable operation.
- Introduced scalable storage and redundancy concepts as well as monitoring, indexing, and full-text search for efficient retrieval of historical correspondence.
- Worked closely with legal, compliance, and audit teams to meet regulatory requirements and preserve long-term evidentiary integrity.
- Held additional responsibilities in the surrounding mail infrastructure, including dovecot, postfix, Linux-based services, DNS, proxy, load balancing, and cloud storage.
- Achievement: Delivered a stable, compliant archive used daily across the organization.
- Achievement: Established future-proof retention strategies aligned with strict regulatory requirements.
Additional & Focused Projects
Complementary or specialized projects with flexible scope.
Specialized, flexible, or focused initiatives that complement the broader work.
Member of the Board
DEGIT AG
- Board-level responsibility for information security, privacy, and compliance topics.
- Trusted advisor for security, infrastructure, and regulatory requirements across client engagements.
- Contributed to secure and compliant IT architectures with a focus on modern technologies such as IPv6, Zero Trust, and Zero-Config VPN approaches.
- Connected governance requirements with practical technical implementation across security and infrastructure initiatives.
Lead Software Engineer – SchlauFabrik Training Platform
xtensible UG (haftungsbeschränkt) & Co. KG
- Designed, architected, and developed a multi-tenant training platform for compliance and AI topics with role-based access control and clear tenant isolation.
- Implemented core platform capabilities including course delivery, progress tracking, quizzes, assignments, and admin dashboards for tenant and user management.
- Implemented security-by-design using Postgres Row-Level Security, audit logging, rate limiting, and hardened authentication flows based on passkeys, magic links, 2FA, and SSO.
- Developed tamper-evident PDF certificates with QR verification, cryptographic hashing, and bulk export capabilities for audit and evidence workflows.
- Integrated Stripe billing including subscriptions, customer portal, and webhooks, and implemented tenant-based licensing models and soft-lock mechanisms for usage limits.
- Built with Next.js App Router, TypeScript, Bun, Tailwind, next-intl, Neon Postgres, Resend, and automated testing with Vitest and Playwright.
- Achievement: Built a production-grade SaaS platform focused on security, multi-tenant operation, billing readiness, and auditability.
- Achievement: Connected product logic, compliance requirements, and technical implementation in a consistent platform architecture.
Founding Member & Data Protection Officer
AKTion gegen Krebs gUG
- Founding member with responsibility for data protection and GDPR compliance.
- Develop and maintain the organization's backend systems.
- Design and implement AI-supported workflows for case management.
- Responsible for IT security strategy and risk management.
- Established GDPR-compliant data protection framework from the ground up.
AI Training Platform & AI Tools Evaluation
DEGIT AG
- Design and implementation of an internal AI training platform for corporate use, focusing on compliance with the EU AI Act and practical enablement of teams.
- Evaluation and decision paper comparing leading AI and automation platforms with regard to data protection, reliability, API integration and governance readiness.
- Evaluation of emerging Agentic AI workflows for multi-step task orchestration and their integration into enterprise automation environments.
- Analyzed and benchmarked: OpenAI ChatGPT, OpenAI Open-Weight GPT-OSS, Microsoft Copilot, Perplexity, Anthropic Claude, Apple Foundation, z.AI GLM, n8n, make.com, Zapier.
Code Review & Security Advisory
GEHR Datentechnik GmbH
- Comprehensive code review of the existing PHP application with a structured assessment of critical, medium and low-severity issues.
- Creation of a detailed review document including technical findings, recommended remediation steps, and prioritization for development teams.
- Consulting on application and infrastructure security with a focus on practical improvements, secure coding patterns and operational hardening.
- Support during the implementation phase to fix identified issues and improve overall application resilience.
Developed Solutions
EU AI Act Training Platform
Designed and developed a modular training platform covering the EU Artificial Intelligence Act (EU AI Act). The course provides a structured learning path with interactive slides, voice narration, and integrated quizzes to ensure a clear understanding of the regulation’s scope, risk-based framework, and compliance implications. The platform includes five sections — from fundamentals to governance, risk categories, and real-world applications — and was built with future expansion in mind to accommodate upcoming modules on data protection, ethical AI, and technical implementation guidelines.
Secure Email Archive
Designed and implemented a legally compliant enterprise-wide email archiving solution for more than 50,000 users. The system ensures immutable retention of all communication for over 10 years and meets strict regulatory and audit requirements. Based on open-source technologies, the archive was built for scalability, redundancy, and long-term maintainability. Integrated monitoring, indexing, and full-text search enable efficient retrieval of historical correspondence.
AI-Supported Case Management
Designed and implemented a system to support the processing of cancer-related cases using AI. The platform integrates secure data handling, structured workflows, and AI-based assistance to prioritize, analyze, and streamline case management. This ensures faster response times and improved quality in handling sensitive medical and legal information.
SOC 2 & ISO 27001 Certification
Implemented SOC 2 and ISO 27001 compliance requirements by introducing information security policies, controls, and evidence structures aligned with audit and certification needs.
Zero-Config IPv6 VPN Network
Designed and implemented a secure, zero-configuration VPN network leveraging IPv6 as the foundation for global connectivity. The solution enables seamless peer-to-peer communication without manual setup, NAT traversal, or complex provisioning, while ensuring strong encryption and modern authentication mechanisms. By combining simple rules with advanced security controls, the network architecture provides resilient, scalable, and privacy-preserving access across distributed environments.
Backup Infrastructure Modernization with Rubrik
Modernized the existing backup infrastructure by implementing Rubrik's enterprise backup solution, enhancing data protection, reducing recovery times, and simplifying management across hybrid environments.
Automated Document Management with OCR and AI Categorization
Developed a private system to digitize all personal documents and letters using OCR technology. Integrated AI-based classification to automatically sort documents into predefined categories, enabling efficient search, retrieval, and archival. Additionally, implemented automated analysis to detect tax-relevant documents for income tax purposes and tag them accordingly.
Skills & Technologies
The tools I rely on to build secure and scalable IT systems
Software Architecture
Platform Architecture
Infrastructure Architecture
Technical Leadership
Team Leadership
Stakeholder Communication
Technical Concepts
Delivery Structure
Get In Touch
Interested in working together? Feel free to reach out!
Let's Connect
Feel free to reach out for collaborations or just a friendly hello.
Email me at
mail@uweschwarz.euPhone
+49 151 64403667