• Spearheaded the development and foundational implementation of a robust threat detection engineering program.

• Formulated a comprehensive maturity matrix for the detection engineering program, establishing a systematic approach to monitor and enhance its processes over time.

• Collaborated in the effective utilization of a diverse array of security tooling, such as Cloudflare, Area1, Cisco Umbrella, CrowdStrike EDR, Splunk, Hunters AI, Office 365, Wiz, and NoName to enhance and fortify the organization's security posture.

• Conducted pen-test reviews, meticulously tracking progress and collaborating with the broader security organization to implement robust controls for enhanced system hardening.

• Engaged in proactive research and collaborated with threat intelligence analysts to devise effective threat detections across Splunk and CrowdStrike EDR.

• Successfully led proof-of-concept initiatives and evaluated threat detection platforms, significantly boosting visibility and coverage with immediate impact.

• Utilized Tines SOAR automation tool to streamline and enrich alerting from external SOC, enhancing overall response efficiency.

• Orchestrated the automation of phishing remediation processes via Tines, transitioning from manual procedures to a one-click style of automation. This involved leveraging security tooling APIs to address file hashes, domains, malicious sender addresses, and promptly removing malicious emails from users' inboxes.

• Engineered an automated ticket creation system via Tines from external SOC, significantly improving traceability of Key Performance Indicators (KPIs) for security analysts.

• Facilitated communication with stakeholders and implemented strategic processes to elevate the security posture of applications dealing with Personally Identifiable Information (PII), including SAP and in-house applications.

• Built automated threat detection frameworks using the GreyMatter Detect platform.

• Specialized in Splunk detection templates across various log source types for GreyMatter Detect.

• Perform R&D to build customized ADHOC detections that are not available in our detection library for customers based on detection needs. Example detections include unauthorized access to customer defined critical assets and customized MFA fatigue and fraud attacks.

• Utilize GitLab to maintain and approve merge requests for SPL based detections for internal detection library.

• Present the capabilities of the GreyMatter Detect platform to customers.

• Collaborated with new customers to assess current security tool stack and environment. Implement foundational detections using SIEM technologies based around the customer security stack.

• Conducted discussions and presentations with customers at all levels to address their security concerns and develop customized detection roadmaps for future use-case implementation.

• Developed detection road maps leveraging MITRE and Kill Chain frameworks to ensure customers are gaining visibility in gap areas to build towards a better security posture.

• Quickly learned to build detections in SIEM technologies such as Qradar, Splunk, LogRhythm, Devo, and Azure Sentinel.

• Collaborated with security analysts to review tuning opportunities for deployed detections in customer SIEM environments.

• Communicated with customers to ensure detection use-cases were tailored and customized to their preferences.

• Performed R&D to build detections around new log source types. Examples include building GitLab detections to monitor major auditing events such as large exports of branches or unauthorized users merging into customer critical branches.

• Evaluated detection capabilities in emerging SIEM technologies such as Humio to review if the SIEM technology would be a good fit in combination with GreyMatter platform.