Details
Skills
Microsoft Sentinel, Splunk (SPL, correlation rules), QRadar, Wazuh, ELK Stack — 24x7 SOC operations
Microsoft Defender for Endpoint, Defender for Cloud, CrowdStrike Falcon — alert triage to containment
Nessus, Qualys — scanning, risk prioritization, patch coordination with IT teams
Azure AD RBAC, MFA, least-privilege enforcement; Azure/M365/AWS (IAM, VPC, CloudTrail, Lambda)
Full IR lifecycle (NIST 800-61) — triage, containment, root cause analysis, remediation, postmortem
ISO 27001, NIST CSF/800-53, PHIPA (healthcare), OWASP Top 10, DISA STIG — audit-ready documentation
Jira, ServiceNow — incident management, change control, escalation workflows
Python, PowerShell, Bash — SOAR playbooks, IOC enrichment, VirusTotal/AbuseIPDB/Shodan APIs
MITRE ATT&CK mapping, MISP, OTX, IOC enrichment, APT tracking, AI-enabled threat detection
MITRE ATT&CK, NIST CSF, ISO 27001, NIST 800-61, PHIPA, SANS Top 20
About
Cybersecurity Analyst with 6+ years leading SOC operations, incident response, and detection engineering across enterprise, MSSP, and fintech environments. Deep expertise in Microsoft Sentinel, Microsoft Defender for Cloud/Endpoint, and Splunk with hands-on experience maturing SecOps functions in regulated industries. Proven incident commander with a track record of containing APT-linked campaigns, remediating cloud misconfigurations across Azure/AWS/M365, and authoring ISO 27001/NIST/PHIPA-aligned playbooks. Adept at translating complex threats into executive-level risk guidance and driving AI-assisted detection initiatives. CompTIA Security+, CySA+, and SC-200 certified.
Profile Photo
