Implement software supply chain integrity verification for container builds using the in-toto framework to create

Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,

'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for

'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,

'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential

'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

'Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption

'Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing,

'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational

'Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous function code usage, unauthorized

Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,

Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources—username enumeration, email

Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify

'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences

'Performs API inventory and discovery to identify all API endpoints in an organization''s environment including

'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security

'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations

'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments

'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking

'Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell

'Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,

'Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous

'This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed