Creating and leading risk-based Detection Engineering & Threat Intelligence MSSP SOC function(s?)

Ensuring that detection content is updated and distributed daily, increases in coverage and quality, and improving processes across products lifecycle:- Mentored specialists in OSINT, NGFW, EDR and SIEM to improve and to manage projects with minimum necessary oversight, which resulted in new products, improved detection quality, increased release frequencies and new features- Scaled from 2 local to 8 geo-distributed team members in 3 sub-units- Demonstrably succeeded in leading strategic, tactical and operational intelligence and detection development efforts, incl. achieving KPI- Managed workloads, balancing tasks specialty, diversity and personal preferences, creating SME team culture and promoting horizontality- Created and improved processes in communication, detection development and threat research, fulfilling team and SOC needs- Developed a knowledge base from zero, estimated to be used weekly by every team member and sometimes useful to other SOC teams- Reformed the OSINT threat landscape monitoring process with in-house expert-written Python-based system, reducing human OSINT case work by ~80%, system presented at SOC Forum 2022 conference- Represented the team and SOC in coordinating and collaborating with security specialists, stakeholders and leadership (incl. senior) across Company and Company Group- Acted as product owner for internal systems, specifying features, guiding development, suggesting solutions and accepting releases, characterized by developers as easy to work with- Participated in talks and presentations at security conferences [ youtube.com/watch?v=ThIHVrhywQ0 ] and directly to clients, representing the Company and demonstrating team and Company’s competence

- Created custom detection packs for different purposes: performance testing, moonshot hypotheses, sensor fuzzing, fulfilling the needs of internal testing and Company Group requests- Conducted analysis of the detection corpus and prepared actionable reports- Measured and optimized detection in efficacy and performance, fixing false negatives without adding false positives, and eliminating CPU time sinks- Provided support in DFIR activities as L3 MSSP SOC specialist- Developed the Pellonia system prototype (Python-based, see Detection & TI Team Leader section achievements) for first deploy and first automatically created tickets- Leveraged in-house Threat Intelligence Platform to create new detections receiving positive feedback from security monitoring team- Developed software components and TI algorithms to be integrated in TIP, automating manual workload- Advised developers on UX of TIP- Created test targets for attacks (Linux or Windows and target software if required for simulation)- Leveraged known exploits, known exploit primitives, malware behavior data and other threat intelligence to execute a test attack- Created, enriched and contextualized IDPS, EDR and SIEM content, including 3rd-party content- Written Python scripts for automation of linear tasks

- Created test targets for attacks (Linux or Windows and target software if required for simulation)- Leveraged known exploits, known exploit primitives, malware behavior data and other threat intelligence to execute a test attack- Created, enriched and contextualized IDPS, EDR and SIEM content, including 3rd-party content- Written Python scripts for automation of linear tasks