soc-analyst@security-operations:~/projects

> Security_Projects

> Showcasing my hands-on experience in security operations and blue team activities

> SIEM Implementation and Optimization

Infrastructure 3 months

Implemented and optimized a Splunk SIEM solution for a medium-sized enterprise, improving threat detection capabilities and reducing false positives.

Project Goals:

  • Centralize security logs from diverse systems
  • Create custom dashboards for security operations
  • Develop correlation rules for advanced threat detection
  • Automate routine analysis tasks

Technologies Used:

Splunk Syslog Python Windows Event Logs Linux Logs

Key Outcomes:

  • Reduced alert investigation time by 45%
  • Decreased false positive rate by 60%
  • Created 15+ custom dashboards for different security scenarios
  • Implemented automated threat intelligence integration

> Threat Hunting Framework Development

Methodology 2 months

Developed and implemented a systematic threat hunting methodology to proactively identify adversaries in the network before they trigger alerts.

Project Goals:

  • Create a repeatable process for threat hunting operations
  • Develop hypotheses based on TTPs from MITRE ATT&CK framework
  • Build custom detection scripts for hunting specific behaviors
  • Document findings and convert successful hunts into permanent detections

Technologies Used:

Python PowerShell MITRE ATT&CK Jupyter Notebooks Elastic Stack

Key Outcomes:

  • Discovered 3 previously undetected persistence mechanisms
  • Identified lateral movement techniques evading traditional detection
  • Created 20+ hunting playbooks for different adversary techniques
  • Developed 12 new detection rules from hunting findings

> Security Automation

Automation 1 month

Developed a semi-automated system for analyzing reported phishing emails, extracting IOCs, and streamlining the triage process.

Project Goals:

  • Reduce manual effort in analyzing reported phishing emails
  • Extract and analyze indicators of compromise (IOCs)
  • Automate reputation checks against threat intelligence sources
  • Generate standardized reports for incident tracking

Technologies Used:

Python YARA VirusTotal API MISP Regular Expressions

Key Outcomes:

  • Reduced phishing analysis time by 70%
  • Improved accuracy of IOC extraction
  • Automated sharing of verified IOCs with security tools
  • Created a historical database of phishing campaigns for trend analysis

> Incident Response Playbook Development

Documentation 1 month

Created comprehensive incident response playbooks for the SOC team, standardizing the approach to common security incidents.

Project Goals:

  • Standardize response procedures for common incident types
  • Reduce mean time to respond (MTTR) for security incidents
  • Ensure consistent evidence collection and documentation
  • Facilitate knowledge transfer within the security team

Technologies Used:

NIST Framework SOAR Markdown TheHive GitLab

Key Outcomes:

  • Developed 15 detailed response playbooks for different incident types
  • Reduced incident response time by 35%
  • Improved consistency in evidence collection and documentation
  • Created automated workflows for common response actions

© André Almeida | SOC Analyst