Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,
The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing
Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native
Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,
Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,
Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate
Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source
Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,
Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,
Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership
Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms
Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify
Designs and documents structured incident response playbooks that define step-by-step procedures for specific
Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure
Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,
Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and
Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative
Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications
Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)
Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts
Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation
Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control
Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript,
RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital
Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking
Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral
Performs API inventory and discovery to identify all API endpoints in an organization''s environment including
Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,
Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines
Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack
Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate
Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect
Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and
Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation
Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,
Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover
Reverse engineers .NET malware using dnSpy decompiler and debugger to analyze C#/VB.NET source code, identify
Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge
Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify
Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,
Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems
Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper
Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage,
Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running
Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule
Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed
Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for
Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT
Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,
Systematically testing web applications for broken access control vulnerabilities including privilege escalation,
Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate
Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to
Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,
Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,
Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection
Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications
Hardening Docker containers for production involves applying security best practices aligned with CIS Docker
Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards