Alert Triage & Investigation: investigated Sentinel and MDE alerts; captured evidence and escalated per playbook to support containment and eradication.
Threat-hunting: performed threat hunting with Microsoft Defender for Endpoint, detecting IOCs from brute force attacks, data exfiltration and ransomware.
KQL‑driven Analysis: used KQL to pivot across alerts, sign‑ins, and device data to validate suspicious activity and reduce noise.
Vulnerability Reporting: executed Tenable scans; prioritised findings by severity/asset criticality; produced reports and chased owners for remediation - delivering 100% reduction in critical, 90% in high, and 76% in medium vulnerabilities on the target scope.
Secure Configuration: applied DISA STIG checks; documented deviations and remediation steps to harden Windows/Linux builds.
Automated remediations: used simple PowerShell scripts to automate small remediations
Network Exposure Reduction: reviewed Azure NSG/firewall rules and tightened inbound access to reduce brute‑force exposure.
Incident Documentation: created concise Excel/PowerPoint summaries for stakeholders and contributed to runbook improvements.
