Open to opportunities

Alvaro User

@alvarouser1

Message

Incident Response Manager with expertise in cybersecurity and threat hunting.

Spain

Message

What I'm looking for

I seek a challenging role in cybersecurity where I can leverage my skills in incident response and threat hunting, while contributing to a collaborative team environment focused on continuous improvement and innovation.

I am Álvaro Ortiz Almansa, an Incident Response Manager with a robust background in cybersecurity, specializing in incident management within the retail sector. My experience includes handling various security incidents such as data breaches, DDoS attacks, and business email compromises. I have a proven track record of enhancing detection and incident response capabilities through the creation of advanced use cases in SIEM platforms like Splunk and Microsoft Defender.

Throughout my career, I have led proactive threat hunting initiatives, validating search activities to identify potential attack signs based on the Mitre Att&ack standard. My role at El Corte Inglés has allowed me to participate in significant projects aimed at improving security configurations and automating alerts using AI-driven playbooks. I am passionate about advancing cybersecurity maturity levels and ensuring comprehensive incident analysis.

Experience

Work history, roles, and key accomplishments

Current

Incident Response Manager

Current

El Corte Inglés

Mar 2025 - Present (2 months)

Managed incident response for retail, focusing on infostealers, data breaches, and DDoS attacks, ensuring thorough analysis of alerts. Led the creation and optimization of advanced SIEM use cases in Splunk and Microsoft Defender for Endpoint, enhancing detection and response capabilities. Responsible for Threat Hunting, proactively identifying attack signs and converting findings into actionable u

Incident Management SIEM Splunk Microsoft Defender Zscaler Automation

Security Analyst

S2 Grupo

Aug 2019 - Present (5 years 9 months)

Served as a Senior L2/L3 Analyst in the Blue Team, administering SIEM platforms like GLORIA and Microsoft Sentinel. Developed playbooks and conducted threat hunting with Microsoft Defender for Endpoint, resolving advanced security incidents including ransomware and phishing. Applied DFIR techniques in major cybersecurity incidents and improved client security posture through initiatives like ranso

Security Analysis Blue Team SIEM Administration DFIR

Middleware Technical

GFI Spain

Feb 2018 - Present (7 years 3 months)

Administered middleware technologies, specifically Oracle WebLogic, and managed software deployments. Oversaw web and application server administration, handling ticketing for the Telefónica Genesis project.

Middleware Oracle Weblogic Software Deployment Ticketing

Technical Support

Fujitsu Technology Solutions

Apr 2016 - Present (9 years 1 month)

Operated Linux and Windows systems, providing remote technical support and monitoring alerts. Managed ticketing and offered infrastructure support for ministries of the Andalusian Government.

Linux Systems Windows Alerting Ticketing Systems Infrastructure Support

Education

Degrees, certifications, and relevant coursework

IMF Business School

Master in Cybersecurity, Cybersecurity

Completed a Master's degree focusing on advanced cybersecurity concepts and practices. Gained expertise in incident response, threat hunting, and security operations, enhancing capabilities in digital forensics and incident response (DFIR).

Grupo Studium Formación

Higher Technician, Computer Systems Network Administration

Acquired practical skills in computer systems and network administration. Focused on managing and maintaining network infrastructure and IT systems, preparing for roles in IT support and administration.