Conduct advanced investigations using CrowdStrike Falcon, including malware analysis, digital forensics and validation of TTPs.
Correlate, investigate and contextualize security events in Microsoft Sentinel, Splunk and traditional SIEMs such as QRadar, ArcSight, Securonix and Elastic.
Develop and maintain advanced detection rules using KQL, SPL and native SIEM capabilities.
Plan and execute threat hunting activities based on MITRE ATT&CK, threat intelligence, STIX/TAXII and advanced queries.
Create, maintain and evolve advanced playbooks in SOAR platforms (Cortex XSOAR, Phantom, FortiSOAR) using Python, PowerShell and Bash.
Reproduce attacks and validate detections through offensive simulations with Kali Linux.
Investigate security incidents in Azure and AWS environments, including IAM, APIs, containers and cloud-native workloads.
Map detections to security frameworks and profile adversaries through Threat Intelligence.

Strong command of KQL (Kusto Query Language) and SPL (Search Processing Language).
Solid experience with Microsoft Sentinel, Splunk and traditional SIEMs.
Proficiency with CrowdStrike Falcon and advanced Incident Response practices.
Experience with SOAR platforms (XSOAR, Phantom, FortiSOAR) and security automation.
Practical knowledge of Python, PowerShell and Bash.
Hands-on experience with Kali Linux and offensive techniques for detection validation.
Advanced experience in Threat Intelligence and standards like STIX/TAXII.
Experience working in Azure and AWS environments.
Advanced English for technical communication with clients and global teams.
Certifications such as GCIA, GCFA, GCIH, OSCP, AZ-500, SC-200, SC-300.

Cybersecurity Analyst, English Required

Key skills