Junior Cyber Security Analyst
ATT&CK-aligned adversary technique validation and telemetry analysis across endpoint and network sensors.
SOC-style analysis environment using Suricata IDS, Sysmon endpoint telemetry, and Splunk investigation workflows.
16 ATT&CK technique investigations documented as detection case studies.
View Detection Case StudiesCore Capabilities
Detection Validation
- ATT&CK technique testing and telemetry validation
- Telemetry testing against controlled execution
- Gap identification across rule sets and data sources
Telemetry & Visibility
- Network traffic analysis (Suricata IDS)
- Endpoint logging and enrichment (Sysmon)
- Telemetry review and cross-source correlation
Alert Reliability
- Detection fidelity evaluation across data sources
- False positive and false negative analysis
- Alert behaviour evaluation and tuning considerations
Operational Environment
- Data Sources
- Suricata IDS gateway traffic + Sysmon endpoint telemetry
- Topology
- Segmented network with isolated test targets
- Aggregation
- Centralised Splunk ingestion and searchable log retention
- Validation Model
- Controlled technique execution mapped to expected telemetry
- Adversary Sim
- Isolated targets with no external exposure
Evidence & Methodology
Measured Detection Coverage
Technique execution generates observable telemetry that is analysed directly in Splunk Enterprise to validate detection behaviour.
Systematic Gap Identification
Blind spots and alert quality issues are recorded per data source and technique, with constraints documented alongside results.
Structured Technique Testing
All tests follow a consistent execution-to-review workflow, producing comparable results across techniques and detection layers.
Detailed case studies documenting execution steps, telemetry output, detection behaviour, and identified gaps.
View Detection Case Studies