Loading...
Loading...
Found 18 Skills
Expert detection engineer specializing in SIEM rule development, MITRE ATT&CK coverage mapping, threat hunting, alert tuning, and detection-as-code pipelines for security operations teams.
Guides proactive threat hunting for advanced SOC—hypothesis-driven hunt campaigns, advanced SIEM/query workflows, baseline and anomaly analysis, MITRE ATT&CK–aligned techniques, threat intel fusion, detection engineering feedback, and hunt reporting with IR handoff. Use for threat hunting, proactive hunt, hypothesis-driven detection, advanced SOC, hunt campaign, detection engineering, MITRE ATT&CK hunt, anomaly hunting—not routine SOC alert triage (soc-analyst), declared incident command (incident-responder), adversary simulation campaigns (red-team-specialist), disk forensics acquisition (digital-forensics-analyst), authorized pentest (penetration-tester), or binary RE lab work (reverse-engineer).
Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration flows, and encryption key exchange via Zeek conn.log and NetFlow analysis
Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.
Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.
Guides defensive security analysis—alert triage, log and SIEM investigation, threat hunting, detection engineering basics, MITRE ATT&CK mapping, incident scoping, containment recommendations, and DFIR evidence handling for SOC and blue-team analysts. Use when investigating security alerts, writing detection rules, tuning false positives, analyzing EDR/network/auth logs, building timelines of suspicious activity, recommending containment steps, or documenting findings for incident command—not for enterprise security strategy (cybersecurity), CI/CD pipeline hardening (devsecops), offensive pentest execution (authorize red team separately), or LLM adversarial testing (ai-redteam), or designing on-call rotations and postmortem programs (incident-management-engineer).