Ismael Belem

|

🏢 Dataprise 🎓 John Jay College (CUNY) ☁️ Microsoft Certified ☁️ CrowdStrike Certified ☁️ Comptia Certified

Results-driven Cybersecurity Analyst with 4+ years in blue team operations, incident response, and digital forensics. Experienced in leveraging SIEM (Microsoft Sentinel, Wazuh, Splunk) and EDR (CrowdStrike Falcon, Microsoft Defender) to protect 400+ endpoints across public cloud (Azure, Google, AWS), hybrid, and on-prem environments. Proven track record in reducing false-positive alerts by 25%, leading SOC teams, and conducting comprehensive security gap assessments. Skilled in developing SOPs, performing threat hunting, and delivering executive-level security briefings to technical and non-technical stakeholders.

View Resume Get In Touch

What I Do

I specialize in detection engineering, threat hunting, and incident response across enterprise cloud and hybrid environments. I build and tune detection logic in CrowdStrike LogScale and Microsoft Sentinel (KQL), develop automated response workflows, and lead investigations into advanced threat actors and enterprise breaches. My goal is to close the gap between raw telemetry and actionable defense — turning noise into signal and alerts into outcomes. I'm currently pursuing roles as a Detection Engineer, Threat Hunter, or Senior IR Analyst where I can scale those capabilities.

Experience

Cybersecurity Analyst II

Dataprise North Bergen, NJ
Sep 2023 – Present
  • Designed and deployed enterprise detection and telemetry dashboards in CrowdStrike LogScale and Microsoft Sentinel, improving SOC visibility across managed environments.
  • Implemented automated host containment workflows (Attack Disruption) using CrowdStrike Fusion to isolate compromised systems based on vetted detection alerts.
  • Served as the highest technical escalation point for SOC investigations, supporting incident response engagements involving advanced threat actors and enterprise breaches.
  • Conducted proactive threat hunting and adversary infrastructure analysis using telemetry, OSINT sources, and emerging intelligence feeds.
  • Monitored and investigated security alerts across CrowdStrike Falcon and Microsoft Sentinel, analyzing host telemetry and log data to identify suspicious activity and potential compromise.
  • Conducted incident investigations including malware detections, account compromise, and unauthorized activity across managed environments.
  • Managed over 400 endpoints using CrowdStrike: enforced EDR policies, coordinated sensor deployments, and developed detection workflows and automated tasks using PowerShell and Python.
  • Security awareness training (KnowBe4, PII-Protect "Breach Secure Now"): oversaw 200 accounts, created automated training programs, phishing simulations, and monthly newsletters.
  • Appointed by Cyber Department President to lead a vendor evaluation project assessing cybersecurity awareness tools — measuring efficiency, scalability, and AI capabilities.
  • Led creation of incident response SOPs; trained Tier 1 SOC analysts and delivered monthly client briefings including vulnerability and remediation reports.
  • Provided ongoing intelligence briefings on emerging threats, adversary TTPs, cybercrime trends, and new IOCs to SOC analysts and client stakeholders.

Cybersecurity Engineer

Cohere Cyber Secure (MSSP) Manhattan, NY
Sep 2022 – Sep 2023
  • Provided overall security posture assessments in After-Action Reports covering penetration testing scope, risk management, mitigation strategies, and lessons learned.
  • Triaged security incidents including ransomware, following the Incident Response Framework and performing host- and network-based forensics to determine root cause and preserve evidence.
  • Configured policies in CrowdStrike to harden environments and prevent attacker lateral movement.
  • Monitored, created rules, and onboarded clients to SIEM (Wazuh), developing custom detection rules and parsers using regex and threshold tuning to improve alert fidelity.
  • Developed Incident Response, ransomware, phishing, and Wazuh deployment SOPs to standardize response and onboarding procedures.
  • Conducted quarterly Vulnerability Assessments using Nessus and CrowdStrike; communicated findings to clients and coordinated remediation planning.
  • Monitored and analyzed Linux operating systems for security threats and vulnerabilities, implementing timely remediation.

Operations Manager

Bocaphe Manhattan, NY
Jan 2020 – Sep 2022
  • Conducted recruitment, training, and scheduling of new employees.
  • Provided support for all internal POS systems and utilized AnyDesk/TeamViewer for tablet-based internal computer troubleshooting.
  • Facilitated software setup for new technological products and internal systems.

Freelance IT Technician

Self-Employed Ouagadougou "Burkina faso-West Africa" & Manhattan, NY
Jan 2013 – Sep 2021
  • Provided maintenance and hardware upgrades for PCs and laptops.
  • Installed and configured software and applications including operating systems, VMware, Wireshark, antivirus, Office 365, Azure, and Linux.
  • Delivered IT support assistance to third-party clients.

Projects

Threat Intelligence & SIEM Integration

Fall 2024

Built and managed a cybersecurity homelab using Proxmox VE, Wazuh, and MISP to simulate an enterprise SOC environment.

Deployed and configured Ubuntu-based virtual machines on Proxmox, including Wazuh Manager and MISP servers.

Integrated Wazuh with the MISP API to enable automated threat intelligence correlation for Indicators of Compromise (IoCs) such as malicious IPs, domains, and file hashes.

Installed and monitored Wazuh agents and Sysmon on Windows endpoints to collect endpoint telemetry, analyze security events, and validate real-time detection and alerting workflows.

Proxmox VE Wazuh MISP Ubuntu Sysmon Python Scripting API Integraton

Cyber Risk Assessment and Management (NIST CSF Core Evaluation and Comprehensive Information and Security and Privacy Program)

Spring 2023

Developed a comprehensive Information Security and Privacy Program, incorporating concepts such as the Three Lines of Defense, Zero Trust, Defense in Depth, and Agile Security frameworks.

Applied cyber risk mitigation strategies and leveraged threat modeling techniques to think like an attacker. Built a comprehensive risk mitigation plan to address high-risk threats while maintaining a security-first mindset to support long-term cyber maturity.

NIST Cybersecurity Framework (CSF) MITRE ATT&CK Framework Risk Assessment & Risk Mitigation Planning

Azure Sentinel (SIEM) Map with Live Cyber Attacks!

Fall 2022

Used custom PowerShell script to extract metadata from Windows Event Viewer to be forwarded to third party API in order to derive geolocation data.

Configured Azure Sentinel (Microsoft's cloud SIEM) workbook to display global attack data (RDP brute force) on world map according to physical location and magnitude of attacks.

Powershell KQL

Digital Forensic Application

Spring 2022

Worked on a school project as a Forensic Investigator for the New York Police Department. Each week involved a different case where we were required to collect digital evidence related to alleged crimes and download forensic images onto an evidence storage device (an external USB drive).

Completed a Chain of Custody (COC) for the evidence receptacle drive and maintained an evidence inventory for each forensic image.

Identified and analyzed evidence related to alleged data theft, unauthorized host intrusion, and other unlawful activities performed by the suspect.

Documented all findings in a comprehensive investigative report.

Autopsy FTK Imager Prefetch Shell bag USB Forensic Tracker Jump List Hashmyfiles

Raspberry Pi SOC & Pentesting Homelab

Fall 2021

Built a portable cybersecurity homelab on Raspberry Pi using Docker and Portainer to simulate a secure virtualized security testing environment.

Installed and configured Docker containers through Portainer’s web interface to deploy and manage cybersecurity tools, including Kali Linux and Metasploitable.

Created isolated containerized lab environments for penetration testing, vulnerability assessment, attack simulation, and network security practice without exposing the home network.

Configured remote administration and monitoring using SSH, Docker networking, and Portainer stack deployments to streamline container orchestration and security lab management.

OpenSSH Kali Linux Metasploitable Docker Raspberry Pi Portainer

Skills & Technologies

🔍 SIEM & EDR

Microsoft Sentinel Splunk Wazuh CrowdStrike Falcon MS Defender for Endpoint CrowdStrike LogScale KQL

🔧 Detection & Platform Engineering

CrowdStrike Falcon CrowdStrike LogScale Microsoft Sentinel (KQL) Detection Rule Development Security Telemetry Engineering Automation Workflows

🎯 Threat Hunting & IR

Threat Hunting Incident Investigation Adversary Infrastructure Analysis Detection Engineering IR Lifecycle MITRE ATT&CK TTPs IOC / IOA Analysis Playbook Development SOAR

🕵️ Digital Forensics

Autopsy FTK Imager Sleuth Kit Wireshark HxD Hex Editor Jump List Analysis Prefetch Analysis USB Forensic Tracker HashMyFiles

🧠 Threat Intelligence & OSINT

MISP AbuseIPDB Abuse.ch Shodan Maltiverse Lumu SpiderFoot Maltego Recon-ng IOC Analysis IOA Analysis

🛡 Vulnerability Management

Nessus Greenbone Cavelo CVSS Remediation Tracking Risk Assessment

⚙️ Automation & Scripting

PowerShell Python n8n Bash Scripting CrowdStrike Fusion SOAR Playbook Development

☁️ Cloud & Identity

Microsoft Azure Microsoft Intune Active Directory Google Cloud (GCP) AWS

🌐 Networking

TCP/IP OSI Model VLANs Network Traffic Analysis Cisco Packet Tracer

🖥 Operating Systems

Windows Windows Server Linux Ubuntu Kali Linux Parrot OS macOS

📐 Frameworks & Methodology

NIST CSF MITRE ATT&CK Zero Trust Defense in Depth Incident Response Framework Kill Chain

🔬 Virtualization & Labs

VMware Docker VirtualBox Proxmox FLARE VM

Education

🎓

Master of Science — Digital Forensics and Cybersecurity

John Jay College of Criminal Justice (CUNY) New York, NY Jan 2021 - May 22
🎓

Master of Science — A.C. P.B. Applied Digital Forensics

John Jay College of Criminal Justice (CUNY) New York, NY Jan 2021 - May 2022
🎓

Bachelor of Science — Computer Science and Information Security

John Jay College of Criminal Justice (CUNY) New York, NY Aug 2019 - Dec 2020
🎓

Associate of Science — Computer Network Technology

Borough of Manhattan Community College (CUNY) New York, NY Aug 2017 - May 2019

Certifications

☁️ CrowdStrike·Certified Falcon Administrator CCFA-200 ☁️ Microsoft·Security Operations Analyst Associate SC-200 ☁️ Microsoft·Azure Administrator Associate AZ-104 ☁️ Microsoft·Security, Compliance, and Identity Fundamentals SC-900 ☁️ CompTIA Security+ SY0-601 🗣️ French (Fluent)

Get In Touch

I'm open to Detection Engineer, Threat Hunter, Senior IR Analyst, and SOC Lead roles — as well as research collaborations and conversations about AI-assisted defense and security automation.

📧 Send Email LinkedIn
📍 North Bergen, NJ 🌐 Ismaelbelem.com