Freelancer profile translated to English.

Description

Certified Cybersecurity Engineer and Analyst "Blue Team", I support companies in strengthening their defense posture through a proactive and automated approach. With solid field experience gained at leaders like THALES DIS, I combine complex incident investigation and detection engineering.

My goal is to transform your SOC from reactive to proactive through:

Orchestration & Automation: Optimization of response time (MTTR) via Python/PowerShell scripting and the use of SOAR.

Threat Intelligence (CTI): Integration of threat feeds (OpenCTI, MISP) and strategic alignment with the MITRE ATT&CK framework.

Detection Engineering: Creation and refinement of rules on Microsoft Sentinel, Elastic (ELK), QRadar, and Splunk.

Pedagogical and rigorous, I also ensure the training of your teams and technical documentation to guarantee the sustainability of security processes.

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Marseille (up to 50km)

THALES DIS,
Cybersecurity Analyst / SOC / CTI
TECH
October 2023 - December 2025 (2 years and 2 months)
Gémenos, France
Orchestration, SOC & Incident Response: Investigation and remediation of alerts with SOAR Microsoft Sentinel, Microsoft Defender, Zscaler, and JIRA. Threat Engineering (CTI): Cyber Threat Intelligence management via OpenCTI and alignment of QRadar detection rules with MITRE. Proactive Defense: Execution of attack simulations based on real TTPs and prioritization of detection rules. Automation: Python/PowerShell scripting for data enrichment and automation of recurring tasks. Security Culture: Technical documentation, training, and awareness of employees on best practices.
OpenCTI Security Operations Center (SOC) Scripting Cyber Threat Intelligence
LMPS Group
SOC Analyst N2/N3
CONSULTING AND AUDITS
September 2022 - August 2023 (11 months)
Casablanca, Morocco
SOC and Orchestration: Incident lifecycle management (Detection, Analysis, Response) on the Elastic SIEM (ELK, TheHive, and Cortex). Log Parsing: Log collection via Logstash from different terminals. Threat Hunting & OSINT: Proactive investigation in logs and intelligence gathering to identify threats. Detection Engineering: Creation, continuous improvement of rules. Technology Watch: Writing reports on vulnerabilities.
ELK Stack Cybersecurity Incident Management Security Operations Center (SOC) Forensics Technology Watch
LMPS Group
SOC Analyst Intern
CONSULTING AND AUDITS
February 2022 - August 2022 (6 months)
Casablanca, Morocco
• Monitoring and analysis of security events.
• Installation/Configuration of the Elasticsearch SIEM and OpenCTI | Integration of OpenCTI to the ELK SIEM.
• Implementation of rules to detect Cyber Threat Intelligence IOCs (OpenCTI, Elasticsearch) data.
OpenCTI Security Operations Center (SOC) Cyber Threat Intelligence ELK Stack Docker