'Executes authorized attack simulations against Active Directory environments to identify misconfigurations,

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless

Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect

Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious

Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,

'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access

'Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based

Reduce container attack surface by building application images on Google distroless base images that contain

Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin

Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug

'Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration,

Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based

Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,

'Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates

'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based

'This skill covers designing and implementing security zones and conduits for industrial automation and control

Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted

'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,

Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,

Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control

'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.

'This skill covers implementing a structured patch management program for OT/ICS environments where traditional

PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements

'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes

Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated

'This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories.

Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC

'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for

'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response

'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,

'Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have

'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution

'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,