SIEM & Detection
- Splunk
- Exabeam
- Microsoft Sentinel
- Detection Engineering
- MITRE ATT&CK
Senior Security Engineer · LATAM
Detection engineering at the speed of attack.
Six years cutting noise, response time, and manual ops in 24/7 MSSP environments. Splunk, CrowdStrike, AWS — and a 25-analyst SOC that triages itself.
About
Building detection that scales — not noise.
Senior Security Engineer with 6+ years designing, optimizing, and scaling detection and response in MSSP environments across Latin America.
I've shipped SIEM architecture (Splunk, Exabeam), EDR integrations (CrowdStrike, Defender), AWS/Azure security posture, and Python/Terraform/SOAR automation that runs in production every day.
Today I lead 25 analysts across Panama and Colombia. 24/7 coverage for 50+ enterprise clients. 30,000+ alerts triaged every month.
- 30%
- False-positive reduction
- 80%
- Cloud assessment efficiency gain
- 25
- SOC analysts led
- 50+
- Enterprise clients covered
Featured work
Selected things I built & broke.
Three pieces from the last 12 months — DFIR forensic analysis, agentic AI in detection, and autonomous SOC operations.
- 01 Forensic report
DFIR · Forensic report
Anatomy of a ClickFix campaign — ccudmcx.xyz
Forensic walk-through of a ClickFix infection chain abusing chimefusion.com. IOCs, payload staging, persistence, and detection content.
Read article - 02 Sofistic
Agentic SOC
Designing a SOC that triages itself
Agentic SOC processing alerts autonomously: noise cut by 30%+, triage time down 20%. 25 analysts, 2 countries, 50+ enterprise clients.
Read article - 03 LinkedIn article
Robotics · Voice · WhatsApp
I gave an AI agent eyes, wheels, and a WhatsApp number
Curiosity experiment turned autonomous apartment exploration. The architecture, the lessons — and the security frame you can't ignore.
Read article
Experience
From inspector to leading a 25-analyst SOC.
A non-linear path. Each role compounded into the next.
-
SOC Team Leader
Sofistic Cybersecurity (a Cuatroochenta company)
- Lead 25 SOC analysts across Panama and Colombia, 24/7 coverage for 50+ enterprise clients.
- Process 30,000+ alerts monthly. Designed agentic AI SOC: noise –30%, triage time –20%.
- Led 10+ DFIR investigations for enterprise clients.
- Owns SLAs, false-positive reduction, MTTR improvement, and Tier-1/Tier-2 capability building.
-
Tech Leader
Sofistic Cybersecurity
- Led 8-person technical team for managed security services across 30+ clients.
- Optimized NDR / EDR / SIEM tooling — improved client detection and response posture.
- Defined certification roadmap and technical training plan.
-
Cyber Security Analyst
Sofistic Cybersecurity
- Pentested web apps, network infrastructure and Wi-Fi for enterprise clients.
- Designed and executed 30+ phishing and social engineering simulations.
- Identified critical vulnerabilities; applied OWASP, PTES and NIST.
- SOC Tier-1/Tier-2 monitoring and initial incident response.
-
Intern
Sofistic Cybersecurity
- Splunk fundamentals and onboarding to MSSP detection workflows.
-
Inspector
Ministerio de Trabajo y Desarrollo Laboral
- Pre-cybersecurity track. Government inspection role.
Tooling & capabilities
Stack — battle-tested in MSSP at scale.
EDR / NDR / Threat Hunting
- CrowdStrike Falcon
- Microsoft Defender
- Darktrace
- Threat Hunting
- CTI
Cloud Security
- AWS Security
- Azure Security
- IAM hardening
- Cloud posture management
Automation & Engineering
- Python
- Terraform
- SOAR (Tines / FlexSOAR)
- Agentic AI workflows
- Webhooks / API integration
Incident Response
- DFIR
- Playbook design
- Forensic analysis
- Post-incident review
Offensive (foundational)
- Web pentesting (OWASP)
- Network pentesting (PTES, NIST)
- Phishing simulation
- Wi-Fi security
Certifications · 43+
Forty-five and counting.
Cloud, detection, offensive — vendors that ship the tools I run in production every day.
- AWSAWS Certified AI Practitioner2026
- AWSAWS Certified Cloud Practitioner2022
- CrowdStrikeCCSE — CrowdStrike SIEM Engineer2026
- CrowdStrikeCCFH — Falcon Hunter2024
- CrowdStrikeCCFA — Falcon Administrator2023
- SplunkSplunk Enterprise Certified Admin2024
- SplunkSplunk Core Certified Power User2021
- TryHackMeCyber Security 101 (SEC1)2026
- ISC2Certified in Cybersecurity (CC)2023
- Hack The BoxHTB Certified Junior Cybersecurity Associate2025
- Hack The BoxHTB Certified Defensive Security Analyst2025
- INEWeb Application Penetration Tester2025
- CompTIACompTIA Cloud+2025
- CompTIACompTIA CSCP Stackable2025
- DarktraceDarktrace Threat Visualizer Essentials2025
- TCM SecurityPractical Junior Penetration Tester2025
- INEINE Certified Cloud Associate2025
- INEJunior Penetration Tester2025
- MastermindISO/IEC 27001:2022 Lead Auditor2025
- CyberWarFare LabsCertified Red Team Analyst (CRTA)2025
- CompTIACompTIA Cloud Essentials+2025
- arcXFoundation Threat Intelligence Analyst2025
- CompTIACompTIA CySA+2025
- CompTIACompTIA CSAP Stackable2025
- CompTIACompTIA CNSP Stackable2025
- CompTIACompTIA CNVP Stackable2025
- CompTIACompTIA PenTest+2025
- CertiProfCybersecurity Awareness Learner2024
- CompTIACompTIA Security+2024
- INECertified Incident Responder2024
- EC-CouncilCertified SOC Analyst2023
- MicrosoftMicrosoft 365 Fundamentals2023
- MicrosoftAzure AI Fundamentals2023
- INEeCPPT2023
- MicrosoftAzure Fundamentals2021
- MicrosoftMicrosoft SC-9002022
- DarktraceDarktrace Cyber Engineer2024
- EC-CouncilCEH Master2021
- EC-CouncilCEH (Practical)2021
- EC-CouncilCertified Ethical Hacker2024
- INE SecurityeJPT2020
- CertiProfScrum Foundations (SFPC)2020
- ExabeamExabeam Community CTF Winner2024
Education
Foundations.
-
2014 — 2018
Engineering — Information & Systems Security
Universidad del Istmo, Panama
-
2018 — 2019
Teaching Diploma — Diversified Secondary Education, Cybersecurity emphasis
Universidad Autónoma de Chiriquí
Speaking
On stage.
-
802.11 Surface Attacks and WPA2 Automation
Jan 2021
BSides Panama
Wi-Fi attack surface, automated WPA2 cracking, AI-assisted handshake analysis. Volunteer talk.
Contact
Hire me, talk, or trade attack chains.
Open to senior detection engineering, cloud security, and security automation roles in remote global teams.