Security + Systems Engineer& Automation Specialist

Led EDR engineering and security automation for an MSP/MSSP fleet of ~17,000 endpoints, acting as Tier 3 escalation and bridging SecOps with systems administration and log visibility.

• Enterprise EDR Engineering
  • Administered a multi-tenant SentinelOne deployment (~17,000 endpoints, 700+ tenants), tuning STAR rules, exclusions, and indicator blocklists to reduce false positives.
  • Led CrowdStrike Falcon onboarding with Flight Control and parent/child CIDs; scripted policy migrations with PSFalcon and leveraged Falcon RTR for rapid response.
  • Designed and implemented configurable network quarantine policies using JSON syntax to create granular allow-lists for essential services (DNS/DHCP/DC).
• Security Automation & Tooling
  • Engineered custom PowerShell automation (SentinelOne AIO Toolkit) to standardize agent lifecycle management and execute mass remediation.
  • Developed automated incident response workflows via CrowdStrike Falcon Fusion (SOAR) and Microsoft Teams.
  • Scripted the automated provisioning of Azure App Registrations via Microsoft Graph API.
• Vulnerability Management & Zero Trust
  • Administered ThreatLocker zero-trust endpoint policies (Ring-Fencing) and evaluated unknown binaries in sandbox environments.
  • Managed Horizon3.ai NodeZero autonomous pentesting platform to schedule regular continuous vulnerability assessments.
• Infrastructure & Log Visibility
  • Integrated client networks into SOC SIEM by configuring syslog forwarding (WatchGuard, Meraki, Fortinet) and deploying Cribl collectors to Splunk.

Managed daily operations of a secure, globally distributed VPN infrastructure across 6 regions, ensuring high availability under active attack conditions.

• Administered Debian/RHEL Linux servers across 6 regions with responsibility for uptime, patching, and OS hardening.
• Managed SSH access controls (authorized_keys, sudoers, PAM) and enforced least-privilege authentication policies.
• Built and maintained host-level firewall policies with iptables/nftables, including ACLs and rate limiting during incidents.
• Architected L3/L4 DDoS mitigation using Cloudflare Magic Transit and GRE tunneling for latency-sensitive services.
• Resolved Linux service failures and performance degradation through log analysis and configuration review.

Senior escalation point within AppleCare, resolving the most complex macOS and iOS issues. Specialized in security-sensitive cases involving account recovery, data integrity, and device trust.

• Provided Tier 3 support for macOS and iOS, handling security issues including Apple ID recovery and iCloud integrity.
• Diagnosed and resolved software faults, system crashes, and performance issues via log analysis and profiling.
• Mentored junior advisors on escalated cases, improving consistency in technical troubleshooting and support practices.
• Collaborated with engineering teams to document edge-case bugs and contribute to internal knowledge base articles.