MSSP Security Operations & Process Optimization (Armature Systems)
Remote incident response and alert-tuning support for pharmaceutical, biopharmaceutical, healthcare, and enterprise clients of a US-based MSSP — building toward a structured alert-exclusion and automation process.
Overview
As an Incident Response Analyst at Armature Systems, a US-based Managed Security Services Provider, I support security operations across a portfolio of clients in highly regulated industries — pharmaceutical, biopharmaceutical, healthcare, and enterprise. The work centers on incident investigation and response, reviewing detection alerts across multiple EDR/XDR and SIEM platforms and recommending tuning and exclusions to cut down noise, and currently building out a structured process for alert-exclusion review and Tines automation workflow creation.
Highlights
- Investigate and respond to security incidents across endpoint, identity, email, and network telemetry for multiple concurrent clients.
- Review alerts across SentinelOne, CrowdStrike Falcon, Cortex XDR, Microsoft Defender, and Microsoft Sentinel, recommending tuning and exclusions to reduce noise.
- Currently building out a structured process for alert-exclusion review and Tines automation workflow creation to streamline triage and response.
- Support identity, email, and network security investigations across Okta, Abnormal Security, Zscaler, and Google Workspace, with Jira-based operational tracking.
Open to security research collaborations & freelance engineering work
Let's strengthen your security posture — or build something new.
Whether it's detection engineering, a compromise assessment, or a full-stack build — I'm always glad to talk shop.