Dfir Engineer
CurrentEvaluated several SIEM products and ran proof of concepts to select a code first detection pipeline.Evaluated several WAF solutions and ran proof of concepts to select a WAF and integrate it in application monitoring pipeline.Migrated existing SIEM from unmanaged SumoLogic to Infrastructure as Code managed panther.io, using Terraform, SaltStack, Snowflake, and AWS.Created an maintained a catalog of all audit logs for Data Sub-processors, and Tier 1-3 SaaS vendors, and their security relevancy to inclusion in the detection pipeline.Deployed Crowdstrike SIEM Connector to AWS using SaltStack and Vector to integrate Crowdstrike reporting and automated alerts into our SIEM.Unified a variety of log streams into a single SIEM with centralized alerting and automations.Led a team to build a pipeline for analyzing and extracting security relevant data from k8s application logs.Worked extensively with SRE, Infra, and other Operations teams to roll out log collection tooling in several environments using company standard tooling.