Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets,

Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score

Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper

'Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,

Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates

Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace

Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application

Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.

'Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards,

Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information)

Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates

Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using

'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,

Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,

'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD

'This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub

'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure

'Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing,

'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques

Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,

Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources—username enumeration, email

Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security

'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences

'Performs API inventory and discovery to identify all API endpoints in an organization''s environment including

'Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses,

'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security

'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based

Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and

'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations

'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments

'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,

Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting

Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking

'Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell

'Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate

'Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous

'This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed

Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,

A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and

Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit