REZKAOUI SAID

Details

Skills

Networking & Infrastructure Security:
Layer 3 Routing, TCP/IP, OSPF, BGP, Layer 2 Security, Access Control Lists (ACL), VLAN Segmentation, Firewalling, Fortinet FortiGate, VPN (IPsec/SSL), DNS, NAT SIEM & Logging Engineering:
ELK Stack, Logstash, Elasticsearch, Splunk, Graylog, Log Ingestion, Grok Parsing, Active Directory Security SOAR & Incident Response:
SOAR, n8n, Shuffle SOAR, Incident Response, SOC Analysis, Playbook Development, Threat Detection, Case Management AI & Advanced Analytics:
GIA LLM, Foundation-Sec LLM, Machine Learning (ML), Deep Learning (DL), Prompt Engineering, Python (Pandas) EDR/XDR & Threat Intelligence:
Nucleon EDR, Wazuh (XDR), Microsoft Defender for Endpoint, Threat Intelligence, VirusTotal API, MISP, AbuseIPDB, AlienVault OTX, MITRE ATT&CK Framework

About

A results-driven Cybersecurity Engineer, Network Specialist, and recent graduate with an engineering degree in Network Engineering and Information Security, specializing in Blue Team operations and automated SecOps. Possesses a strong technical foundation in enterprise networking and infrastructure security, with hands-on experience configuring Layer 3 routing protocols (TCP/IP, OSPF, BGP), Layer 2 security mechanisms (MAC-based ACLs, port security, VLAN segmentation), and secure remote connectivity infrastructures utilizing IPsec and SSL VPNs. Proven expertise in threat containment, boundary protection, and firewalling—specifically managing Fortinet FortiGate appliances and crafting advanced firewall policies. A specialist in bridging the gap between networking and cutting-edge artificial intelligence, with a deep understanding of how Machine Learning (ML), Deep Learning (DL), and specialized Large Language Models (LLMs) can be applied to security analytics. Experienced in deploying intelligent SIEM/SOAR architectures leveraging the ELK Stack, engineered for agentless log collection via Logstash listeners to process enterprise telemetry across EDR, Active Directory, and Firewalls. Expert at automating end-to-end incident response pipelines using Shuffle and n8n to ingest alerts, enrich data via threat intelligence APIs, and integrate models like Foundation-Sec and GIA LLM for semantic alert triage, false-positive reduction, and zero-trust active containment via REST APIs. Developed extensive practical experience investigating real-world SOC alerts through hands-on labs on the LetsDefend platform, applying structured artifact analysis, OSINT threat intelligence enrichment, and MITRE ATT&CK mapping to analyze and close complex malware, phishing, and web-based attack vectors. Core Skills MatrixNetworking & Infrastructure Security: Layer 3 Routing & Switching (TCP/IP, DNS, DHCP), Layer 2 Security (VLANs, MAC-based Access Control Lists, Port Security), Enterprise Firewalling, Secure Connectivity (IPsec/SSL VPNs), NAT. SOAR & SecOps Automation: Playbook Development, Event-Driven Workflows, API Integration, n8n, Shuffle SOAR. AI, Machine Learning & LLMs: Machine Learning (ML) & Deep Learning (DL) applications in SecOps, LLM Prompt Engineering, Local LLM Orchestration (Foundation-Sec, GIA LLM), Intelligent False-Positive Reduction. SIEM Engineering & Logging: Agentless Telemetry Collection (Syslog, Raw TCP/UDP Sockets), ELK Stack (Logstash, Elasticsearch), Splunk, Graylog, Custom Grok Parsing. Defensive Technologies & EDR: Fortinet FortiGate REST API Management, Nucleon EDR, Wazuh (XDR), Microsoft Defender for Endpoint, Active Directory (AD) Security Tracking & Session Auditing. Practical Incident Handling: Hands-on labs and real-world SOC alert investigation mapped to the MITRE ATT&CK framework (Malware analysis, Phishing, SQL Injection, LFI) on platforms like LetsDefend