Skip to content
View KBS320's full-sized avatar
๐Ÿ 
Working from home
๐Ÿ 
Working from home

Block or report KBS320

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please donโ€™t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
KBS320/README.md

Hi, I'm Khaled Saifullah ๐Ÿ‘‹

Detection Engineer & SOC Analyst โ€” 8+ years securing healthcare, banking, and fintech systems. I build SIEM detections, lead vulnerability management programs, and automate incident response.


๐Ÿ’ผ Experience

Prime Therapeutics โ€” Cyber Security Analyst (Oct 2023โ€“Present) Built Splunk/ELK detection dashboards, led vulnerability management with Tenable/Qualys, deployed Snort/Suricata IDS/IPS, and automated SOC 2 compliance with Drata/Vanta.

Fiserv โ€” SOC Analyst (Jul 2020โ€“Aug 2023) Ran GRC compliance programs, deployed CrowdStrike EDR, performed penetration testing with Metasploit and Burp Suite, and led malware analysis with REMnux and Ghidra.

TD โ€” IT Security Analyst (Apr 2017โ€“Mar 2020) Built SIEM dashboards in Splunk and QRadar, managed cloud security posture with Prisma Cloud and Azure Security Center, and automated infrastructure with Ansible and Vagrant.


๐Ÿ”จ Featured Projects

SOC Home Lab โ€” Personal detection-engineering lab: 30 MITRE ATT&CK techniques in Splunk with custom SPL, plus a second Wazuh/Suricata/ELK SIEM-NIDS-HIDS deployment with a verified live detection pipeline. Full writeup for every technique.

SOC Triage Assistant โ€” AI-powered alert triage tool that enriches indicators via VirusTotal and summarizes alerts using an LLM.


๐Ÿงฐ Tools I Work With

Splunk QRadar Elastic CrowdStrike Suricata Cortex XSOAR AWS Azure Python Linux


๐ŸŽ“ Certifications

  • CompTIA Security+ โœ…
  • CompTIA CySA+ โœ…

๐Ÿ“บ Find me here

LinkedIn

Pinned Loading

  1. SOC-Home-Lab SOC-Home-Lab Public

    Blue Team home lab: 30 MITRE ATT&CK techniques attacked with Atomic Red Team on Windows 11 and detected in Splunk with custom SPL, plus a second Wazuh/Suricata/ELK SIEM-NIDS-HIDS deployment. Full dโ€ฆ

  2. soc-triage-assistant soc-triage-assistant Public

    AI-assisted SOC alert triage tool โ€” enriches indicators via VirusTotal and triages events with an LLM

    Python