Diverse Lynx
Monitored, triaged, and investigated security alerts and events using IBM QRadar SIEM and integrated telemetry sources.
Performed incident response and case management in IBM Resilient, ensuring timely containment, remediation, and documentation.
Utilized CrowdStrike Falcon and the Microsoft Defender suite (Defender for Endpoint, Identity, Office, and Cloud Apps) for endpoint detection, threat hunting, and response.
Leveraged Microsoft Sentinel to develop, tune, and operationalize detection rules, playbooks, and dashboards for advanced threat visibility.
Correlated and analyzed data from multiple sources (SIEM, EDR, cloud telemetry, identity logs) to detect and investigate indicators of compromise (IOCs) and advanced persistent threats (APTs).
Collaborated with threat intelligence, security engineering, and vulnerability management teams to enhance detection coverage and streamline response workflows.
Developed and maintained runbooks and automated playbooks to standardize and accelerate incident response procedures.