Technical Expertise

Skills Matrix

Hands-on across the full security stack — detection engineering, threat intelligence, cloud security, IAM, and AI-native tooling.

SIEM & Monitoring
Splunk (SPL, dashboards, alert tuning) Wazuh HIDS Azure Sentinel Suricata IDS Real-time alert triage Incident escalation MITRE ATT&CK mapping
Threat Detection & Incident Response
MITRE ATT&CK Sigma rules YARA rules IOC enrichment NIST SP 800-61 IR lifecycle Phishing investigation Malware analysis Brute-force detection Log correlation
Threat Intelligence
ThreatConnect MISP OTX AlienVault VirusTotal Shodan IOC enrichment Advisory report generation Threat actor profiling
IAM & Identity
Active Directory Azure AD / Entra ID Conditional Access MFA PIM ADFS SCIM SAML 2.0 OAuth 2.0 Provisioning & deprovisioning GPO / RBAC / OU management Access reviews Least privilege enforcement
Cloud Security
AWS IAM CloudTrail GuardDuty S3 bucket policies VPC security groups Azure security baseline ★ AWS CCP Certified
Network & Endpoint Security
TCP/IP DNS HTTP/S Wireshark Nmap Firewalls IDS/IPS VPN Traffic analysis Endpoint hardening Vulnerability scanning (Nessus)
Penetration Testing
Metasploit Burp Suite OWASP Top 10 PortSwigger Web Academy ★ eJPTv2 Certified
API Security
OWASP API Top 10 REST API security testing API authentication flaws ★ CASA-APIsec Certified
Scripting & Automation
Python PowerShell Bash Flask FastAPI scikit-learn API integrations Log parsing IOC automation AD scripting
Frameworks & Standards
NIST CSF NIST SP 800-61 MITRE ATT&CK CIS Controls ISO 27001 (awareness) Incident response lifecycle
Tools & Platforms
REMnux FlareVM VirtualBox VMware Linux (Ubuntu / Kali) Windows Server ServiceNow (conceptual) Git / GitHub