Detection Engineering & Elastic SIEM
Custom KQL detection rules, threshold-based alerting, and centralized log ingestion using Elastic Stack and Filebeat.
Security engineer focused on detection and practical tooling
I build SIEM pipelines, endpoint visibility labs, and defensive tools that make investigations faster and telemetry clearer.
- Elastic
- Sysmon
- Winlogbeat
- Python
- Linux
- Wireshark
Elastic Security – Active Detection Rules
Featured work
A few highlights. Full list lives in Projects.
Automated Detection & Response Workflows
Real-time SSH and RDP brute-force detection with Slack alerting, firewall enforcement, and automated response actions.
Custom Log Analysis & Blue Team Utilities
Python-based authentication failure analysis and structured log reporting tools designed to accelerate investigation and triage.
Core focus areas
The work I enjoy and the problems I like solving.
Detection and investigation
- Telemetry-first thinking
- Alert logic and triage workflows
- Hunting and incident response support
Security tooling
- Python automation for blue team workflows
- Fast investigation helpers and scripts
- Practical, repeatable lab setups
Hardening and research
- System hardening and baseline checks
- Threat modeling and risk-oriented fixes
- Writeups with clear takeaways
Latest writeups
Short technical notes, incident-style breakdowns, and build logs.
About
I work across offensive and defensive security, with a practical focus on visibility, detection, and investigation workflows. I like building things that are small, useful, and easy to run in real environments.
- Penetration testing and system security foundations
- Threat hunting, incident response support, and forensic mindset
- Tooling that speeds up SOC and investigation workflows