Tristan Q.

Purple Team Lead & Incident Response @ Orange Cyberdefense

Paris, Île-de-France, France

About

I lead our internal purple-team program to raise detection standards and maturity across technologies. As the main researcher and project lead, I design and execute adversary emulations to pressure-test security solutions.

Experience

  • Orange Cyberdefense (Paris)
    • Purple Team Lead & Incident Response
      Aug 2025 - Present · 1 yr

      For Dynamic-SOC, I run the internal purple-team programs that combine red-team with blue-team to pressure-test our EDR/XDR solutions: - offensive scenario design & adversary emulation - exploit development - EDR/XDR evasion, tampering & bypass - post-compromise IoC hunting & custom rule engineering - advanced detection engineering & telemetry tuning - program leadership: roadmap, enablement & metrics Even though the purple team program takes up a large part of my work, I'm also part of the incident response team: - crisis management - in-depth investigations - remediation and reconstruction - technical and executive reporting When, after all that, I have a bit of time left (which is rare), I get involved in various R&D and incubation projects.

    • SOC Analyst
      Feb 2025 - Jul 2025 · 6 mos

      EDR / XDR / Incident Response Analyst - deployment and maintenance of EDR & XDR solutions - investigation, categorisation and resolution of alerts - service delivery improvement by various means It was during this experience that I came up with the idea of setting up the Purple Team, which I now lead at Dynamic-SOC. The aim of this project was to strengthen our detection capabilities by putting ourselves in the shoes of threat actors.

  • 0xECE - Equipe (Permanent · 2 yrs 5 mos)
    • Team Coach
      Nov 2025 - Apr 2026 · 6 mos

      After being part of the team for 2 years now, my role for 0xECE Competitive team has changed. I'm now coaching the team members to offer them my experience and advice. After two years of intensive CTF competitions, I help provide a top-level view. Specialities: - Active Directory - Web - Forensics

    • Competitive CTF Player
      Dec 2023 - Nov 2025 · 2 yrs

      Created in 2021, this team brings together the best CTF players from the ECE Paris engineering school. The team is currently coached and trained by CGI Business Consulting Cybersecurity Lab. For the second consecutive year, I'm a member of this team to compete in the most highly rated CTFs. Specialities: - Active Directory - Web Link : https://0xece.fr/equipe

  • Bug Bounty Hunter at Yogosha
    Oct 2024 - Jul 2025 · 10 mos

    Bug Bounty program of the Nouvelle Aquitaine region (France). - search for vulnerabilities and security flaws in corporate infrastructures - document and report findings - support for companies in the remediation process

  • Cyber Security & DevOps Consultant at SILAMIR GROUP
    Apr 2024 - Aug 2024 · 5 mos

    Empowering and securing companies by deploying and exploiting Tanium for endpoint security management: - deploying complex IT infrastructures - securing and ensuring governance of infrastructures - automating Tanium processes with its GraphQL API - preparing threat response plan with Tanium modules Ensuring streamlined DevOps practices for our clients: - Azure DevOps pipelines maintenance - AWS OpsWorks migration to automated Terraform and GitHub Actions - Application deployment and automation - Overall AWS exploitation for our clients

  • Cyber Security Analyst & Pentester at SUEZ
    Jun 2023 - Jul 2023 · 2 mos

    Bringing our cloud security to the next level by auditing our platforms and pentesting our applications. - pentest of Microsoft Azure architectures - cloud cybersecurity remediations