148 lines
3.0 KiB
Markdown
148 lines
3.0 KiB
Markdown
# Technical Skills
|
|
|
|
## Security Operations & Incident Response
|
|
|
|
**SIEM Platforms**
|
|
- Splunk
|
|
- ELK Stack (Elasticsearch, Logstash, Kibana)
|
|
- Sentinel One
|
|
- Rapid 7 IDR
|
|
- Stellar Cyber Security
|
|
- Microsoft Sentinel
|
|
- Microsoft Defender (Cloud / 365)
|
|
|
|
**SOAR Platforms**
|
|
- Swimlane
|
|
- D3 SOAR
|
|
- Torq
|
|
|
|
**EDR & Threat Detection**
|
|
- Darktrace
|
|
- Tanium
|
|
- Vectra
|
|
- FireEye
|
|
- Sentinel One
|
|
|
|
**DFIR & Forensics**
|
|
- Volatility (memory forensics)
|
|
- Malware analysis & reverse engineering
|
|
- Multi-host compromise investigation
|
|
- Incident response planning & execution
|
|
- Evidence collection & preservation
|
|
|
|
**Threat Hunting & Detection**
|
|
- Threat hunting methodologies
|
|
- Detection engineering
|
|
- Custom heuristics & rule development
|
|
- Behavioral analysis
|
|
|
|
## Penetration Testing & Red Team
|
|
|
|
- Metasploit Framework
|
|
- Web application security testing
|
|
- Automated attack simulation
|
|
- Red team engagement oversight
|
|
- Purple team testing
|
|
- Phishing campaign management & security training
|
|
- Vulnerability assessment & remediation
|
|
|
|
## Cloud Platforms & Security
|
|
|
|
**Cloud Providers**
|
|
- AWS (Lambda, Bedrock, EC2, S3)
|
|
- Microsoft Azure
|
|
- Oracle Cloud Infrastructure (OCI)
|
|
|
|
**Cloud Security**
|
|
- Cloud security architecture
|
|
- Hybrid cloud environments
|
|
- Cloud security posture management
|
|
- Identity & access management
|
|
|
|
## AI/ML & Security Automation
|
|
|
|
**AI & Machine Learning**
|
|
- AWS Bedrock / Large Language Models
|
|
- Retrieval-Augmented Generation (RAG)
|
|
- Machine learning for security detection
|
|
- Custom AI process development
|
|
|
|
**Automation**
|
|
- SOAR playbook development
|
|
- Alert triage automation (11,000-21,000 alerts/month)
|
|
- Python-based automation programs
|
|
- Workflow automation & orchestration
|
|
- Custom tool development
|
|
|
|
## Programming & Scripting
|
|
|
|
- Python (primary)
|
|
- PowerShell
|
|
- Bash
|
|
- SQL
|
|
- YAML configuration management
|
|
|
|
## Infrastructure & Systems
|
|
|
|
**Server Administration**
|
|
- Windows Server (2008, 2012, 2016+)
|
|
- Linux/UNIX administration
|
|
- Active Directory management
|
|
|
|
**Virtualization & Containers**
|
|
- VMware
|
|
- Hyper-V
|
|
- Docker
|
|
- Kubernetes
|
|
|
|
**Networking**
|
|
- Network architecture & design
|
|
- Network segmentation & VLANs
|
|
- Firewall management & configuration
|
|
- WAN/LAN design & management
|
|
|
|
## Compliance & Frameworks
|
|
|
|
- NIST 800-53 / 800 series
|
|
- PCI-DSS
|
|
- HIPAA
|
|
- GDPR
|
|
- CIS Benchmarks
|
|
- Security audit navigation & remediation
|
|
|
|
## Leadership & Management
|
|
|
|
**Team Leadership**
|
|
- SOC team management (up to 17 direct reports)
|
|
- Technical team oversight (8+ direct reports)
|
|
- Cross-functional team coordination
|
|
- Multi-timezone project management
|
|
|
|
**Operations Management**
|
|
- MSSP operations (50+ clients, 150,000+ assets, 1 million+ users)
|
|
- Budget & P&L management
|
|
- Vendor negotiations & management
|
|
- Service delivery optimization
|
|
|
|
**Development & Training**
|
|
- Training program development
|
|
- Security awareness programs
|
|
- Mentorship & skill development
|
|
- Hiring & team building
|
|
- SOP & documentation creation
|
|
|
|
## Operating Systems
|
|
|
|
- Linux (Debian, RHEL, Ubuntu, CentOS)
|
|
- Windows Server
|
|
- Windows Desktop
|
|
- macOS
|
|
- UNIX
|
|
|
|
## Project & Ticket Management
|
|
|
|
- Jira
|
|
- ServiceNow
|
|
- Custom ticketing systems
|
|
- Agile/Scrum methodologies
|