Constantin Ududec

• Continuously monitored security alerts generated by security tools like SIEM, IDS/IPS, and firewalls.
• Analyze and triage security events to determine severity and urgency.
• Conducted initial investigation and response for security incidents.
• Escalated complex security incidents to higher-level analysts and participate in the incident response process as required.
• Stay updated on the latest security threats, attack techniques, and vulnerabilities.
• Trained junior analysts in threat intelligence gathering techniques, improving overall team efficiency.
• Identified root causes of security breaches through thorough investigation and analysis of log data.
• Kept abreast with latest cybersecurity trends for better preparedness against emerging threats.
• Collaborated with IT team for effective risk mitigation strategies.

Technologies and Tools Used:

• Microsoft Defender – Investigated security incidents and correlated risk users with Azure AD, identifying compromised accounts and implementing necessary mitigation actions such as host isolation, user account blocking, and policy enforcement to contain threats effectively.
• SIEM Solutions: Wazuh, SiemBiot, Praeco – Monitored security events, conducted log analysis, and designed and fine-tuned detection rules in Praeco to improve threat detection accuracy while reducing false positives.
• TheHive – Utilized for incident case management, alert correlation, and response coordination, ensuring streamlined investigation workflows.
• CrowdStrike Falcon – Threat hunting, behavioral analysis, and real-time endpoint protection to detect and respond to sophisticated cyber threats.
• Cortex XSOAR – Automated incident response and playbook execution, optimizing SOC operations and improving efficiency in handling security incidents. Developed and refined workflows to enhance response effectiveness.
• Exabeam & Datalake – Conducted user behavior analytics (UBA) and threat intelligence enrichment, detecting anomalous activities and potential insider threats.
• SentinelOne – Endpoint detection and response (EDR), advanced threat hunting, and mitigation of sophisticated attack vectors, including fileless malware and APTs.
• Palo Alto EDR – Strengthened network security posture through malware analysis, firewall policy optimization, and real-time incident mitigation.
• Security Onion – Performed network traffic analysis, intrusion detection, and forensic investigations, leveraging tools like Suricata and Zeek for deep packet inspection and threat correlation.