Detection Engineering
Design and tune SIEM detections, dashboards, query enrichment, log normalization, and SOPs, threat-hunting workflows.
Detection Engineering • Automation • Incident Response • IAM
Welcome to my portfolio. Don't hesitate to click on contact.
Security Operating Model
I build detections, automations, and reporting workflows that help security teams detect faster, investigate consistently, and reduce repetitive manual work. My background mostly spans enterprise security operations, SIEM, SOAR, cloud security, phishing defense, threat intelligence, vulnerability management, infrastructure security, and security operations.
Design and tune SIEM detections, dashboards, query enrichment, log normalization, and SOPs, threat-hunting workflows.
Build response playbooks that collect context, enrich events, standardize triage, and create repeatable investigation handoff.
Operationalize IoCs, external exposure context, brand-monitoring signals, and intelligence enrichment across detection workflows.
Transform vulnerability, phishing, and operational telemetry into prioritized remediation and leadership-ready reporting.
Selected Operations
A quick look at my projects and tools without exposing private implementation details.
Built repeatable workflows to enrich alerts, standardize response actions, and reduce repetitive analyst effort.
Impact: Improved response consistency by turning manual triage steps into reusable playbooks and case workflows.
Built searches, dashboards, and alert logic across authentication, email, endpoint, firewall, SaaS, and vulnerability telemetry.
Impact: Helped analysts move from raw events to actionable alerts with enrichment, tuning, and visual context.
Connected Microsoft 365 services, forms, approvals, and operational handoffs into repeatable security workflows.
Impact: Reduced manual routing and improved security-process intake, tracking, and communication.
Supported phishing simulation, awareness reporting, user-risk visibility, and measurable security-behavior workflows.
Impact: Translated phishing campaign activity into risk indicators, reporting, and security awareness improvements.
Turned indicators and external threat context into enrichment, detections, watchlists, and reporting.
Impact: Connected external intelligence to internal telemetry so investigations could be prioritized with better context.
Converted scanner output into prioritized, ownership-aware remediation work and leadership-ready views.
Impact: Helped transform findings into trackable remediation decisions instead of static scanner reports.
Experience
Positioned for security engineer, detection engineer, SOAR engineer, and incident response roles.
Threat Analyst
2021 — 2026 · Canada
Support enterprise security operations by developing detection logic, improving investigation workflows, building automation, and connecting security telemetry with business context.
Security Operation Analyst
2020 — 2021 · Canada
Hands-on SOC and security engineering role supporting enterprise and government clients. Focused on SIEM monitoring, alert triage, detection tuning, customer onboarding, vulnerability and risk analysis, threat hunting, scripting, incident documentation, and technical support across endpoint, network, cloud-adjacent, and third-party security technologies.
Cybersecurity Lead
2015 — 2020 · Brazil
Supported infrastructure security, Linux services, vulnerability assessment, log management, collaboration platforms, and operational communications. Operated in lean, high-pressure environments requiring disciplined ownership, executive communication, and resilient security operations.
Cybersecurity Analyst
2012 — 2015 · Brazil
Improved information security management with skills in a diverse range of security technologies inside Data Center environemnt. Diagnosed daily ticket reports to identify and proactively resolve problems in SLA/SLO time.
Toolbox
Core Compentencies and Tech Stack
Case Notes
Are you curious about my project? Please, check them out below. ↓
How SOAR playbooks can improve triage quality, evidence collection, and response consistency without removing analyst judgment.
Read article →A detection engineering approach for turning security telemetry into tuned, enriched, analyst-ready Splunk detections.
Read article →Turning IoCs, external exposure, and threat context into practical enrichment, hunting, detection, and reporting workflows.
Read article →Contact
Reach out for detection engineering, Splunk SOAR automation, threat intelligence, incident response, and security operations roles or collaborations.