Senior Incident Responder (L3) · Threat Hunter · DFIR & Detection Engineering
I have 5+ years of hands-on experience in SOC operations, incident response, digital forensics and threat hunting. This page is a personal portfolio — a place to share my background and the consulting & training topics I can take on.
The full lifecycle of blue team operations and threat detection — collection, detection, response, hunting and reporting.
L1/L2/L3 incident response lifecycle: detection, triage, scoping, containment and escalation.
Deep forensic analysis across Windows, Linux, macOS and ESXi; root cause and compromise assessment.
Behavior-based detection rules with YARA, Sigma, OSQuery and SPL; SIEM and EDR rule development, MITRE ATT&CK mapping.
Hypothesis-driven proactive hunting; APT TTP modeling and telemetry analysis.
Static and dynamic malware analysis; family classification, IoC extraction, behavior reporting.
Bridge between red and blue teams; validating detection capability against real attack scenarios.
Tracking CTI sources and translating them into actionable defensive measures.
Deep scans of suspect environments; attack chain reconstruction and findings report.
A YARA detection rule I authored was referenced and published by the FBI and CISA in public threat advisories.
Served as a Threat Hunter on the Turkish Armed Forces Blue Team across two consecutive editions (2024 and 2025) of the world's largest live-fire cyber defense exercise.
Currently working as an L3 Incident Response analyst in a large-scale enterprise banking environment. Previously worked at an international DFIR software company.