Open to SOC / CTI Analyst roles

SOC Analyst & Threat Intelligence

Alert triage, incident investigation, and threat intelligence. My work centers on understanding attacker behavior, mapping activity to MITRE ATT&CK, and turning technical findings into something an analyst can act on.

The goal is to be the analyst who catches what matters and explains why clearly. Structured triage, real threat context, and output that moves investigations forward rather than adding to the noise.

View Projects CTI Reports GitHub

Core Stack

Elastic StackSplunkSysmonVirusTotalMISPShodanPythonSigma Rules

SIEM & log analysis

Alert triage & event correlation

IOC enrichment

Pipelines & validation workflows

Defensive labs

TryHackMe & investigation scenarios

MITRE ATT&CK

TTP mapping & detection

Analytical Focus

The work that happens between an alert firing and a decision being made.

The part of security work I care about most is where raw data becomes a decision. That means reviewing alerts, studying malware behavior, enriching indicators, mapping activity to ATT&CK, and figuring out what matters enough to escalate or report.

Alert Analysis & Triage

Reviewing alerts, logs, and host activity to understand attacker behavior and decide what deserves deeper investigation

Threat Actor Context

ATT&CK mapping, actor profiling, and malware research that add context to technical findings

Reporting & Escalation

Turning technical evidence into reports, gaps, and next steps that another analyst or defender can act on

Industry Threat Intelligence Reports

Current threat patterns, likely attack paths, and the controls that deserve attention first, organized by industry.

Each report is structured for defenders, not executives. Threat actors, active TTPs, and the detection or mitigation gaps worth prioritizing now.

Explore CTI Reports by Industry

Core Competencies

Applied to real problems across SOC triage, threat intelligence, and detection coverage.

SOC Operations & Incident Analysis

Alert triage, log review, and investigation-focused lab work built around analyst workflows

Intermediate

ATT&CK Mapping & Threat Research

Mapping adversary behavior to ATT&CK, profiling actors, and connecting malware activity to TTPs

Proficient

Log & Telemetry Analysis

Elastic, Sysmon, Windows logs, and network telemetry used in defensive lab work

Intermediate

IOC Analysis & Enrichment

Using Python and enrichment workflows to support faster triage, context building, and reporting

Proficient

View All Skills