'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency

'Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)

Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger

Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information)

Implement software supply chain integrity verification for container builds using the in-toto framework to create

Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates

Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,

'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for

'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response

Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities

Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation

'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false

Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,

'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,

'This skill guides organizations through implementing zero trust architecture in cloud environments following

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,

'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,

Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware

Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential

'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD

'This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub

'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

'Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption

'This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO

'Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing,

'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques

'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational

'Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous function code usage, unauthorized

Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy

Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,

Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and

Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources—username enumeration, email

Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify