'This skill guides organizations through implementing zero trust architecture in cloud environments following

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware

Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential

'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD

'This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub

'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

'Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption

'This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO

'Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing,

'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques

'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational

'Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous function code usage, unauthorized

Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy

Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,

Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and

Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources—username enumeration, email

Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify

'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences

'Performs API inventory and discovery to identify all API endpoints in an organization''s environment including

'Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses,

'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security

'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify

'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations

'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments

'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,

Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities

Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata

Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking

'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation.