Marwane Belkadi

Proactively monitor enterprise systems and networks using industry-leading SIEM and EDR technologies (QRadar, Azure Sentinel / Defender, CrowdStrike) to detect early indicators of compromise, advanced persistent threats, and anomalous behavior. Conduct in-depth digital forensic investigations across Windows and UNIX environments to uncover root causes, trace attacker movements, and collect admissible evidence for potential legal escalation. Orchestrate rapid incident containment and mitigation, leveraging real-time intelligence and automation to neutralize threats and minimize business impact. Collaborate seamlessly with cross-functional teams—including internal CSIRT, global IT security teams, external partners, service providers, and law enforcement when necessary—to coordinate end-to-end incident response. Continuously track emerging threats, vulnerabilities, and adversary tactics (TTPs) to enhance threat models and inform detection strategy. Engineer advanced detection capabilities, developing tailored signatures, YARA rules, and correlation logic for intrusion prevention systems (IPS), malware detection platforms, and SIEMs—optimizing visibility across hybrid infrastructures.

Leadership across multidisciplinary teams including SOC/CyberSOC analysts, service delivery managers, threat engineers, pre-sales architects, and the Use Case Factory. Strategic oversight of detection scopes, continuously assessing and expanding threat coverage across hybrid environments (on-prem, Azure, AWS). Facilitation of client and stakeholder meetings, driving alignment through operational steering (COSUI), technical committees (COTECH), executive reviews (COPIL), and strategic governance boards (PERCO, COMAC, COSTRAT). Design and presentation of KPIs and success metrics, enabling data-driven decision-making and operational visibility. Lifecycle management of detection rules and log sources, ensuring optimal signal-to-noise ratio and actionable alerts. Vulnerability management and remediation orchestration, aligning with risk posture and compliance requirements. Operational continuity (MCO) and service continuity (MCS) for all detection related platforms, ensuring resilience and high availability. Coordination and prioritization of SOC activities, ensuring team performance, incident readiness, and continuous improvement. Direct client request handling and escalation management, fostering trust and transparency throughout the engagement. Project ownership for detection perimeter extensions, including integrations with Microsoft Sentinel, Azure, AWS, and other cloud-native technologies. Use case development, scenario implementation, and rule fine-tuning, tailored to client-specific threat models and regulatory requirements. MITRE ATT&CK framework coverage assurance, translating adversary behavior into actionable detections. Proactive threat hunting operations, leveraging contextual intelligence to uncover stealthy and sophisticated attack patterns. Change management oversight in accordance with ITIL/ITSM best practices, ensuring smooth transitions and minimal service disruption.

Personal [IMAGE] [IMAGE] [IMAGE]

Strategic planning and orchestration of daily SOC operations, ensuring seamless detection, response, and monitoring across enterprise environments. Operational leadership during major cybersecurity incidents, acting as a key stakeholder in crisis management and incident containment. Coordination with CERT and CSIRT teams, especially under crisis conditions, to synchronize actions across all operational security units and maintain situational awareness. SOC vision and strategy definition, aligning detection capabilities with regulatory mandates, evolving threat landscapes, and the organization's risk appetite. Design and implementation of escalation and notification workflows, supported by real-time KPI dashboards presented during executive meetings (COPIL, COSUI). Evaluation of SOC tool effectiveness, leading continuous improvement initiatives and driving corrective action plans based on operational performance and threat coverage gaps. Threat-informed detection strategy development, leveraging a global view of the organization's vulnerability exposure and attack surface. Architecture and deployment of SOC toolsets, including: Event collection pipelines (SIEM/EDR/NDR) Secure access to security platforms Suspicious event investigation and triage Alert lifecycle management Workflow automation for incident tracking and resolution