Technical Skills
- SIEM
- Devo, ELK, Wazuh, Splunk, OpenSearch
- SOAR
- Devo SOAR, Splunk Phantom
- IAM
- Microsoft Entra
- Packet Analysis
- Wireshark, TCPDump
- Web Interceptors
- Burp Suite, OWASP ZAP
- Network Scanners
- Nmap, Zenmap, Nikto
- EDR
- CrowdStrike, Microsoft Defender
- Vulnerability Assessment
- Nessus, OpenVAS
- Ticking and Case Management
- Service Now, Jira, Manage Engine, Redmine, Hive
- Deception Tool
- Attivo
Skilled in identifying intrusions, correlating events, analyzing Sysmon and Windows event logs, and detecting AD attacks (Kerberoasting, DCSync, Golden Ticket). Experience in red team exercises, web app and cloud pentesting, phishing analysis, and malware investigation. Proficient with Active Directory, network, and endpoint investigations using TCPDump, ELK/Wazuh, and Splunk.