Back to projects
Security
SIEM/EDR/XDR Detection Engineering & Threat Hunting
Ongoing detection engineering practice across SentinelOne, CrowdStrike Falcon, Cortex XDR/XSIAM, Microsoft Sentinel, FortiSIEM, and QRadar — reducing noise and surfacing real threats faster.
Overview
Across three SOC and MSSP roles, I've onboarded log sources, written and tuned detection rules, and run proactive threat-hunting exercises mapped to MITRE ATT&CK across a stack of fifteen-plus SIEM/EDR/XDR platforms. The focus is always the same: cut through alert noise, shrink time-to-detect, and make sure the right incidents reach the right responders fast.
Highlights
- Created and tuned detection use cases across SentinelOne, CrowdStrike Falcon, Cortex XDR, and Microsoft Defender for MSSP clients.
- Onboarded new log sources and authored fine-tuned detection rules in Cortex XSIAM.
- Used AttackIQ breach & attack simulation to validate detection coverage against MITRE ATT&CK techniques.
- Collaborated on use-case development to improve SIEM/EDR detection accuracy for healthcare and banking clients.
Open to security research collaborations & freelance engineering work
Let's strengthen your security posture — or build something new.
Whether it's detection engineering, a compromise assessment, or a full-stack build — I'm always glad to talk shop.