Detection Engineering Program

Created a reusable detection library and playbook set for SOC operations, improving consistency across triage and escalation.

See resume context Discuss similar work

Challenge

Repeated incidents required consistent logic, documentation, and response steps to scale the SOC.

Approach

Built ATT&CK-aligned use cases and named them by behavior, not just by tool or log source.
Documented trigger conditions, severity mapping, investigation steps, and containment actions.
Used threat hunting findings to refine and expand detections.

Outcomes

Reusable SOC playbooks for common attack patterns.
Faster triage and clearer analyst handoff.
Better coverage for ransomware and credential abuse behaviors.

Tools and stack

MITRE ATT&CKELKWazuhThreat HuntingPlaybooks

Portfolio note

Each case study should show the exact value you created. Use charts, screenshots, diagrams, and logs where they add proof. Keep the design clean so the evidence remains the focus.