Karoly Mathe

Looking for a Cyber Security Analyst opportunity

Security Operations & Technology

• SIEM: Microsoft Sentinel - triage of alerts, correlation, and investigation using KQL; working familiarity with Splunk for dashboards and searches.
• EDR/MDR: Microsoft Defender for Endpoint - alert investigation, device isolation workflows, and escalation per playbook.
• Vulnerability Management: Tenable Nessus scanning, prioritised reporting, and tracking remediation with owners.
• Hardening & Compliance: DISA STIG checks; secure configuration documentation and deviation tracking.
• Cloud & Network Controls: Azure fundamentals; NSG/firewall rule reviews to reduce unnecessary exposure; Wireshark packet capture to corroborate alerts. 

Consulting & Core

• Scripting & Querying: PowerShell basics and KQL for triage, enrichment, and pivoting across data sources.
• Awareness of IR phases and Cyber Kill Chain; able to apply concepts within guided runbooks.
• Data handling and reporting: Excel (pivots/lookups/conditional formatting) and clear PowerPoint summaries.
• Stakeholder communication: concise incident notes, escalation, and follow‑through with remediation owners.
• Deep understanding of the “soft” side of Vulnerability and Risk Management: rapport, trust, transparency, and business need.

Certifications

• CompTIA A+, Network+, Security+, CySA+ (2025)
• NVQ Level 4 Team Leader/Manager (2023)
• Security Analyst Level 1 (SAL1 -TryHackMe) - In progress
• Considering SC‑200 (Microsoft Security Operations Analyst) to deepen SOC fundamentals

Cyber Security Technician - Intern | Log(N) Pacific - Remote (Jun 2025 - Present)

• Alert Triage & Investigation: investigated Sentinel and MDE alerts; captured evidence and escalated per playbook to support containment and eradication.
• Threat-hunting: performed threat hunting with Microsoft Defender for Endpoint, detecting IOCs from brute force attacks, data exfiltration and ransomware.
• KQL‑driven Analysis: used KQL to pivot across alerts, sign‑ins, and device data to validate suspicious activity and reduce noise.
• Vulnerability Reporting: executed Tenable scans; prioritised findings by severity/asset criticality; produced reports and chased owners for remediation - delivering 100% reduction in critical, 90% in high, and 76% in medium vulnerabilities on the target scope.
• Secure Configuration: applied DISA STIG checks; documented deviations and remediation steps to harden Windows/Linux builds. 
• Automated remediations: used simple PowerShell scripts to automate small remediations
• Network Exposure Reduction: reviewed Azure NSG/firewall rules and tightened inbound access to reduce brute‑force exposure.
• Incident Documentation: created concise Excel/PowerPoint summaries for stakeholders and contributed to runbook improvements.