Istanbul, Istanbul, Türkiye
Looking for Trouble
- Architected an end-to-end SIEM cluster using Nginx, Kafka, and Wazuh integrated with Cribl, while developing custom decoders and rulesets to ensure zero data loss and full environmental visibility. - Analyzed and triaged incoming cyber threat intelligence data, ensuring timely execution and tracking of mitigation actions to strengthen the organization's security posture. - Managed the end-to-end deployment of EDR agents across client devices, establishing security policies and overseeing incident triage and remediation workflows. - Established server logging standards and managed the enterprise-wide deployment of antivirus agents, including policy development and end-to-end incident response for security alerts. - Configured and expanded the DLP infrastructure to broaden data protection coverage, while managing the analysis and remediation of high-priority security alerts. - Configured device compliance policies and application management via Microsoft Intune and Entra ID, while streamlining access controls through the implementation of App SSO. - Administered Cloudflare infrastructure by configuring DNS settings, DDoS mitigation, and custom rate-limiting rules to ensure high availability and robust web application security. - Developed a custom Alert Manager using Python and Flask, integrating local LLMs to automate security incident triage and streamline response actions such as IP blocking and Threat Intelligence analysis. - Drove technical research and PoC initiatives for emerging technologies, including SASE and AI security frameworks, to align organizational infrastructure with modern cybersecurity standards.
I was responsible for managing and overseeing the implementation, positioning, and administration of various security products, including SIEM, EDR, CASB, Proxy, CTI, and AWS Security. This involved configuring and optimizing these solutions to enhance threat detection, incident response, and overall security posture. Additionally, I ensured seamless integration and effective management of these tools to protect the organization's infrastructure and sensitive data.
Managed and optimized SIEM, EDR, and antivirus solutions to ensure comprehensive threat detection and response capabilities. Conducted regular security assessments and audits to identify vulnerabilities and develop strategies for mitigation. Collaborated with cross-functional teams to develop and enforce security policies, procedures, and best practices. Investigated security incidents and coordinated incident response activities to minimize the impact of breaches.
Managed and developed correlation rules for SIEM platforms QRadar and Splunk to enhance threat detection capabilities. Utilized and managed AV solutions, including TrendMicro, to ensure comprehensive endpoint protection. Implemented and managed Container Security Solutions such as Prisma Cloud to secure cloud-native applications and environments. Deployed and managed EDR solutions like CrowdStrike to detect and respond to advanced threats. Utilized CTI solutions like SocRadar,BranDefense to gather and analyze threat intelligence data. Collected and managed Linux logs using tools such as Cribl, Rsyslog, and Auditd to monitor system activities and detect anomalies. Proactively followed cyber threat intelligence sources to stay updated on emerging threats and vulnerabilities. Projects; --- HBScout : Phishing Domain Follower (Status and Records) --- Leaked User Control : Python --- CS News : Python Flask --- Inventory Control Tools : Python
Managed SIEM solutions Qradar and ArcSight, including developing correlation rules to enhance threat detection and response capabilities. Actively followed cyber threat intelligence sources to stay updated on emerging threats and vulnerabilities, facilitating proactive defense measures. Led L1 & L2 teams, providing guidance and mentorship to ensure effective incident response and resolution. Participated as a Purple Team Member, collaborating with Red and Blue Teams to assess and improve overall security posture through simulated attacks and defense exercises.