Detection Engineering • Automation • Incident Response • IAM

I turn security signals intodecisive response actions.

Welcome to my portfolio. Don't hesitate to click on contact.

Security Operating Model

Designed for signal clarity.

I build detections, automations, and reporting workflows that help security teams detect faster, investigate consistently, and reduce repetitive manual work. My background mostly spans enterprise security operations, SIEM, SOAR, cloud security, phishing defense, threat intelligence, vulnerability management, infrastructure security, and security operations.

01

Detection Engineering

Design and tune SIEM detections, dashboards, query enrichment, log normalization, and SOPs, threat-hunting workflows.

02

Security Automation

Build response playbooks that collect context, enrich events, standardize triage, and create repeatable investigation handoff.

03

Threat Intelligence

Operationalize IoCs, external exposure context, brand-monitoring signals, and intelligence enrichment across detection workflows.

04

Risk Operations

Transform vulnerability, phishing, and operational telemetry into prioritized remediation and leadership-ready reporting.

Selected Operations

Portfolio-grade security projects.

A quick look at my projects and tools without exposing private implementation details.

Security Automation / SOAR · 2023 — 2026

Splunk SOAR Security Automation Program

Built repeatable workflows to enrich alerts, standardize response actions, and reduce repetitive analyst effort.

Impact: Improved response consistency by turning manual triage steps into reusable playbooks and case workflows.

Splunk SOARPythonAPIsIncident Response

SIEM / Detection Engineering · 2021 — 2026

Detection Engineering with Splunk

Built searches, dashboards, and alert logic across authentication, email, endpoint, firewall, SaaS, and vulnerability telemetry.

Impact: Helped analysts move from raw events to actionable alerts with enrichment, tuning, and visual context.

SIEM ManagementSPLDashboardsThreat Hunting

Microsoft 365 Automation · 2024 — 2025

Power Automate Security Workflows

Connected Microsoft 365 services, forms, approvals, and operational handoffs into repeatable security workflows.

Impact: Reduced manual routing and improved security-process intake, tracking, and communication.

Power AutomateMicrosoft 365Security CopilotWorkflow Automation

Phishing Defense / Awareness · 2024 — 2026

Human Risk Management & Phishing Program

Supported phishing simulation, awareness reporting, user-risk visibility, and measurable security-behavior workflows.

Impact: Translated phishing campaign activity into risk indicators, reporting, and security awareness improvements.

KnowBe4PhishingMetricsSecurity Awareness

Threat Intelligence · 2021 — 2023

MISP & Rapid7 IntSights Workflows

Turned indicators and external threat context into enrichment, detections, watchlists, and reporting.

Impact: Connected external intelligence to internal telemetry so investigations could be prioritized with better context.

MISPRapid7 IntSightsThreat ModelingMITRE ATT&CKExternal ExposureOSINT

Vulnerability Management · 2021 — 2026

Vulnerability Management & Risk Reporting

Converted scanner output into prioritized, ownership-aware remediation work and leadership-ready views.

Impact: Helped transform findings into trackable remediation decisions instead of static scanner reports.

QualysAttack Suface Management (ASM)LinuxRisk Prioritization

Experience

Enterprise security plus infrastructure depth.

Positioned for security engineer, detection engineer, SOAR engineer, and incident response roles.

Dentons

Threat Analyst

2021 — 2026 · Canada

Support enterprise security operations by developing detection logic, improving investigation workflows, building automation, and connecting security telemetry with business context.

  • Built automated phishing and BEC response capabilities, helping maintain zero successful breaches and an estimated $1.5M-$3M+ in avoided exposure.
  • Build and tune Splunk detections for authentication, email security, endpoint, firewall, vulnerability, SaaS, and cloud activity.
  • Create Splunk SOAR playbooks for enrichment, evidence collection, triage standardization, and incident-response handoff.
  • Use threat intelligence, vulnerability findings, and business context to improve prioritization and reporting.
  • Define and track operational KPIs, including MTTD, MTTR, MTTC, alert quality, SLA compliance, and coverage.
  • Internal Phishing Campaign - KnowBe4.
  • Endpoint Security Management.
  • Security Training and Documentation.
  • Mentor junior analysts and engineers.
  • Own incident response processes, leading detection, investigation, and resolution of security events.
  • Build a HUB security integrating over API connections different tools.
  • Partner cross-functionally with global security, IT, infrastructure, legal, privacy, and business stakeholders.

Calian (Formerly iSecurity)

Security Operation Analyst

2020 — 2021 · Canada

Hands-on SOC and security engineering role supporting enterprise and government clients. Focused on SIEM monitoring, alert triage, detection tuning, customer onboarding, vulnerability and risk analysis, threat hunting, scripting, incident documentation, and technical support across endpoint, network, cloud-adjacent, and third-party security technologies.

  • Investigated and triaged multi-tenant security alerts across SIEM, endpoint, network, firewall, cloud, and third-party security platforms.
  • Developed Bash and PowerShell scripts for log enrichment, evidence collection, repetitive triage tasks, and client onboarding workflows.
  • Participated in on-call rotations and handled time-sensitive incidents with minimal supervision, supporting continuity for enterprise and public-sector customers.
  • Collaborated with senior engineers, network teams, and client stakeholders to improve detection coverage, incident handoffs, and security posture across managed environments.
  • Performed threat hunting using threat intelligence, hypotheses, SIEM telemetry, endpoint indicators, and behavioural analysis to identify suspicious activity and potential abuse.
  • Documented incidents, playbooks, lessons learned, and operational procedures to increase SOC consistency and support training for new analysts.
  • Contributed to containerized SOC stack deployment using K8s/Docker, Rancher, Elasticsearch, OpenSearch, and ELK components to improve scalability and ingestion flexibility.
  • Designed, tuned, and maintained detection rules and threat-hunting dashboards to improve signal quality, reduce false positives, and increase analyst efficiency

Technology and Information Centre for Brazilian Navy - Brazilian Navy

Cybersecurity Lead

2015 — 2020 · Brazil

Supported infrastructure security, Linux services, vulnerability assessment, log management, collaboration platforms, and operational communications. Operated in lean, high-pressure environments requiring disciplined ownership, executive communication, and resilient security operations.

  • Led cyber incident response and security operations across critical defence infrastructure, coordinating investigations from detection through containment, mitigation, stakeholder reporting, and post-incident analysis.
  • Built and maintained centralized SIEM and log management capabilities using ELK and Graylog to support large-scale monitoring, investigations, dashboards, and response readiness.
  • Partnered in Red Team and offensive simulation exercises to identify control gaps, validate defensive posture, and strengthen system, network, endpoint, and application resilience.
  • Directed vulnerability assessment and remediation programs across more than 80,000 assets.
  • Coordinated cyber defence readiness for high-profile global events, including World Youth Day, FIFA World Cup, and Olympic Games, maintaining zero successful compromises.
  • Managed and mentored junior cyber engineers and analysts through technical reviews, training, task delegation, and operational coaching during high-stress events.
  • Presented risk, incident status, and security recommendations to national and regional leadership, translating complex technical issues into clear operational and business impact.
  • Guided identity and access management research and control improvements related to SSO, verification procedures, privilege lifecycle, access documentation, and least-privilege practices.

Technology and Information Centre for Brazilian Navy - Brazilian Navy

Cybersecurity Analyst

2012 — 2015 · Brazil

Improved information security management with skills in a diverse range of security technologies inside Data Center environemnt. Diagnosed daily ticket reports to identify and proactively resolve problems in SLA/SLO time.

  • Developed and supported security solutions that reduced costs and enhanced overall security.
  • Created security documentation including security assessment reports, system security plans, and contingency plans.
  • Innovated event alerts, reports, and user behavior monitoring (UEBA) as a MDR provider, leading to improved incident response times.
  • Automated routine tasks using PowerShell and Bash scripting.
  • Implemented File Integrity Monitoring in conjunction with Host Intrusion Prevention Systems (HIPS) and Log Management.
  • Analyzed suspicious incidents by examining Indicator of Compromise (IOC) data to identify potential security breaches.
  • Conducted research on Identity and Access Management (IAM) to support the adoption of new technologies, including Single Sign-On, development of verification procedures, privilege management, lifecycle management, and documentation control.

Toolbox

Hands-on security stack.

Core Compentencies and Tech Stack

SIEM / SOAR

MSSPWorkbooksLog NormalizationDashboardsPlaybooksAutomationAlert TuningSOC Management

Cloud Security

KQLMicrosoft SentinelEntra IDMicrosoft 365Power AutomateIAMAWS Security

Threat & Risk

MISPRapid7 IntSightsIoC HandlingQualysTenablePhishing DefenseRisk ReportingSOC 2

Engineering

Query LanguagesPythonBashOSQuerySigma RuleYARAPowerShell

Case Notes

Writing as proof of thinking.

Are you curious about my project? Please, check them out below. ↓

Contact

Let’s connect on security engineering.


Reach out for detection engineering, Splunk SOAR automation, threat intelligence, incident response, and security operations roles or collaborations.