• Provided platform training, demos, and SIEM engineer support to clients, troubleshooting LogRhythm and optimizing its SOAR implementation.• Developed YARA rules, use cases, and dashboards within multiple SIEM platforms, including Logpoint, LogRhythm, FortiSIEM, and an in-house SIEM.• Integrated SIEMs with APIs, customized tools, and led threat emulation exercises as part of purple team engagements.• Developed incident response playbooks and created and tuned alerts to ensure accurate detection and effective response to security events, addressing specific threat scenarios.• Implemented Sysmon for Linux to provide extensive MITRE ATT&CK coverage and improve threat detection capabilities.• Executed incident response on actual security incidents in client environment, ensuring effective resolution and mitigation of threats,• Integrated threat intelligence with SIEMs to significantly improve detection capabilities and overall security posture.• Managed log source enrollments and provided logging recommendations to enhance security visibility.• Added SIEM data sources to Grafana to enhance monitoring capabilities and visualize security metrics more effectively.• Simulated recent threats in lab environments, performed threat hunting, and explored attack-defense scenarios in a custom lab.• Monitored security incidents and handled client requirements during shifts, while staying updated on the latest cyber threats and news to anticipate and defend against emerging risks.

• Cyber Threat Intelligence and OpenCTI integration.• Applying the Pyramid of Pain and Cyber Kill Chain frameworks for detection.• Developing and fine-tuning YARA rules.• Monitoring and logging malicious PowerShell commands.• Creating tailored dashboards, reports, and alert rules.• Blacklisting malicious User-Agents and detecting DGAs.• Investigating DNS hijacking and performing Atomic Red Team tests.• Conducting incident investigations and threat research.• Optimizing detection workflows, including email analysis and Windows Registry monitoring.

Cybersecurity Research• SIEM and SOC components: Frameworks and strategies• Digital Forensics and Incident Response• MITRE ATT&CK framework• Threat Intelligence and APT (Advanced Persistent Threats)• Windows Event Logs and Sysmon/Sysinternals analysis• Malware Analysis and Threat Actor investigation• Wireshark for SSL Offloading and network analysis• Web Attack research• Incident Management and Monitoring Tools• Windows and Linux File Systems knowledge• Kibana Query Language (KQL) and Use Case Development• Threat and Vulnerability Management and Threat Emulation• LogPoint POC and LogRhythm training• Anti-Forensics and Network Monitoring