~/about

About

Professional Summary · Experience · Skills · Education

// professional summary

Who I Am

Senior Cyber Security Incident Responder (L3) and Threat Hunter with 5+ years of hands-on experience across SOC operations, incident response, digital forensics, threat detection engineering and cyber threat intelligence.

Currently working as an L3 Incident Response analyst in a large-scale enterprise banking environment, acting as the escalation point for L1/L2 SOC analysts and providing technical guidance, and contributing to playbook development, detection rule engineering, compromise assessments, malware analysis and proactive threat hunting.

Previously specialized in detection engineering and threat research — building detection content with YARA, Sigma and OSQuery, developing SIEM and EDR rules, performing static and dynamic malware analysis, and mapping attacker TTPs to MITRE ATT&CK across Windows, Linux, macOS and ESXi environments. Focused on detecting advanced threats, reducing mean time to respond, and turning threat intelligence into actionable defenses.

// experience

Professional Experience

Jul 2024 – Present
Senior Cyber Security Incident Responder (L3) — SOC
DenizBank / Intertech (IT subsidiary of DenizBank) — Istanbul, Türkiye
  • Act as Level 3 Incident Response specialist, providing pivotal support and technical guidance to L1/L2 SOC analysts.
  • Lead incident response efforts to rapidly contain security incidents and minimize organizational impact.
  • Develop and maintain incident response playbooks documenting use-case actions and escalation paths.
  • Author and tune SIEM, EDR, YARA and Sigma rules to strengthen monitoring capabilities and reduce mean time to respond.
  • Conduct in-depth digital forensic investigations and compromise assessments to determine breach scope and root cause.
  • Perform proactive threat hunting and malware analysis to identify and eliminate threats before impact.
  • Track cyber threat intelligence sources and translate relevant threats into actionable defensive measures.
  • Prepare and present regular incident analysis reports to management; collaborate in purple team exercises with red team counterparts.
Technologies: SIEM, SOAR, EDR/XDR, AV, NDR, IPS/IDS, Firewall, IoC scanners, forensics tools, CTI tools, email/DNS/network/proxy security, WAF, attack simulation, sandboxes, honeypots, DLP
Jul 2021 – Jul 2024
Cyber Security Detection Engineer
Binalyze — Tallinn, Estonia
  • Researched malware families, attack chains and APT campaigns; extracted behaviors and TTPs from threat intelligence reports.
  • Created static and behavior-based detection rules using YARA, Sigma, OSQuery and SQL.
  • Performed static and dynamic malware analysis and mapped findings to the MITRE ATT&CK Enterprise matrix.
  • Drove R&D on DFIR product capabilities; added key forensic evidence sources across Windows, Linux and macOS.
  • Developed a Linux Process Analyzer for malicious process detection and an ESXi evidence collector.
  • Simulated and emulated adversary behavior; participated in purple team exercises and developed use cases for Binalyze AIR.
Jun 2020 – Jul 2020
SOC Analyst Intern
Bentego — Istanbul, Türkiye
  • Executed purple team activities with Atomic Red Team, Cobalt Strike and Sliver; monitored and analyzed resulting telemetry using the Elastic Stack (Elasticsearch, Kibana, Logstash).
// technical skills

Technical Skills

Incident Response & DFIR

L3 Incident ResponseDigital Forensics Compromise AssessmentThreat Hunting Forensics Tooling

Detection Engineering

YARASigma OSQuerySplunk SPL

Malware Analysis

Static AnalysisDynamic Analysis SandboxesIoC Extraction

Adversary Emulation & Purple Team

MITRE ATT&CKAdversary Emulation Purple TeamingAtomic Red Team Attack Simulation

SIEM / SOAR / EDR / XDR

SplunkArcSight XSOARCrowdStrike Falcon FDR

Network & Perimeter Security

NDRIDS/IPS WAFFirewall DNS SecurityEmail Security ProxyDLP

Threat Intelligence & Automation

CTI PlatformsIoC Scanners HoneypotsPython
// education

Education

2018 – 2022
B.Sc. Digital Forensics Engineering
Fırat University — Türkiye
2020 – 2021
Erasmus+ Exchange, Computer Science
University of Maribor — Slovenia
// languages

Languages

TR

Turkish

Native

EN

English

Full Professional Proficiency