mkv37

Architected and maintained the monthly review process for penetration test results across business sites, collaborating closely with SRE and engineering teams to enforce remediation plans and security improvements. Leveraged SentinelOne for advanced endpoint security, developing bespoke deployment strategies and incident triage workflows to reduce risk exposure and optimise operational response. Engineered foundational alerting pipelines for AlienVault SIEM, partnering with managed security service provider (MSSP) teams to advance threat detection logic and refine integration approaches for new data sources. Led rapid delivery of penetration tests, adapting testing methodologies and tools to meet evolving standards for the carbon project, enabling short-notice completion without compromising quality or coverage. Designed and implemented log ingestion strategies, extending SIEM integration across crucial platforms—Snowflake, Microsoft Azure AD, Abnormal, Imperva, Qualys, Zscaler, Salesforce, Fortinet, Commvault, GitHub—frequently developing custom connectors or Azure blob solutions when native support was unavailable. Served as the principal point of contact for security queries, providing direct guidance and solution design to engineering colleagues and external partners. Implemented Imperva’s DDoS protection measures within production environments, automating response protocols to preserve service availability during attack incidents. Devised a multi-layered email security strategy—integrating Tessian Adaptive Email DLP, Abnormal anomaly detection, and Mimecast threat intelligence—to automate defence and maintain secure communications. Built and automated vulnerability management workflows using Qualys, generating actionable technical and executive reporting, and tracking remediation efforts for senior stakeholders. Automated asset registration and monitoring for hosted web portals and public-facing IP addresses, enhancing visibility and reducing external exposure gaps. Collaborated with the MSSP to audit baseline user activity, incorporating contextual anomaly detection for login behaviour and engineering weekend support handovers with managed service providers. Identified and addressed monitoring gaps in Azure AD integrations—engineering tailored solutions and technical documentation to strengthen organisational security posture. Established and maintained the internal asset inventory, utilising ServiceNow and custom scripts to deliver real-time updates and comprehensive tracking. Oversaw operational security engineering, ensuring effective incident management, threat detection, and efficient handling of high-priority change requests through ServiceNow and Jira automation.

Examining endpoint behaviour in addition to setting up policies around USB exemptions, and triaging threats/incidences through Crowdstrike. Managed staff identities across multiple tenants, utilising Active Directory groups (SG-Groups) for effective identity management. Conducting audits through active directory using Varonis. Using ADManager+ (Zoho) for efficient Active Directory management and automation, including user provisioning, group management, password resets, and enforcing security policies. Using Illusive and CyberArk for identity management and flaw identification within activity directory, as well as managing honeypots. Drafting IR reports with details such as a timeline of occurrence, log data, communications, in addition to liaising with other teams during a crisis within an agreed SLA. Advising the wider business of the implementation of tooling, which became extremely effective mitigating vulnerabilities within the environment for hosts/servers no longer supported by vendors, whilst also minimising downtime. Proficient in utilizing Palo Alto firewalls for advanced network security, including monitoring, analysis, and threat intelligence integration. Participated in a regular on-call schedule between 3 geographical locations. Preparing & presenting daily hand over reviews for issues throughout the day to other team members outside the UK. Addressing growing concerns and offering suggestions for remediation or corrective measures in relation to security. Investigating events using Kibana, Splunk, Graylog, Logz.io, and Solarwinds, to proactively identify undetected threats usually found by automated systems. Working with Digital Shadows and Recorded Future to probe for violating or deceptive domains spanning multiple tenants, and triggering domain removals via domain registrars like ICANN, GoDaddy and AWS. Moreover, interacting with these two tools, to detect compromised login credentials across affiliated companies. Developing play-books for xSOAR (Security Orchestration, Automation and Response) to assist and automate closing out alerts ranging from low-critical. Monitoring, whitelisting and blacklisting DNS/domain names using Netskope and Panorama. Utilising Netbox for internal network and system analysis. Using various Microsoft tools in relation security, such as daily check-ups of Microsoft Azure Risky users and Microsoft Cloud App Security across multiple tenants, and intune for remote device wiping. Created multiple Standard Operating Procedures (SOPs) and tool documentation for new team members. Additionally, using these SOPs to identify and improve existing workflows for team members. Managing email threat mitigation using a range of ProofPoint utilities (POD, Admin, TAP, TRAP, Archive). Proficient in leveraging Shodan for identifying internal system vulnerabilities. Managing DDOS and other domain threats through Cloudflare Web Application Security (WAF). Coordinating with third parties such as Bitsight, SecurityScorecard, FBI and NCSC for external vulnerability management. Working in Blockchain projects within the company, including being actively responsible for assessing the risk factors as part of the project.

Supporting management for the endpoint protection for clients and company. Experience in integrating and assembly of on-prem SIEM(Security Information and Event Management) solutions (specifically Security Onion), involving RAID configurations, HP ILO setups, and hands-on server construction. Managed software updates and installations for endpoint protection across multiple clients. Implement custom YAML scripts per client, to improve security awareness within Security Onion. Pen-testing internally to create custom YAML scripts that would alert against suspicious events using findings from resources like Att&ck Matrix, Github Repositories, and pen-testing blogs. Demonstrated expertise in collecting threat intelligence data on unknown IP addresses and URLs using TheHive project. Effectively optimizing and integrating threat feeds on Cortex using API’s. Independently running Phishing tests through GoPhish. Experienced in configuring a testing email server (MailHog) to effectively manage phishing emails. Orchestrated red team-blue team networks both internally/virtually, to identify and evaluate new exploits and vulnerabilities. Following baseline standards using Microsoft Guidelines. Using Nessus to perform comprehensive scans that evaluate potential vulnerabilities and security risks in computer systems.