Skip to main content
Calvin NguyenCN
Open to opportunities

Calvin Nguyen

@calvinnguyen

Cybersecurity engineer specializing in threat hunting, detection engineering, and incident response.

United States
Message

What I'm looking for

I’m looking for a team where I can stay hands-on in 24x7 SOC work—building MITRE-aligned detections, running purple-team coverage improvements, and leading incident response and tuning with strong cross-functional collaboration.

I’m a Cybersecurity Engineer with 5+ years of experience in 24x7 security operations, threat hunting, and detection engineering across enterprise environments. I focus on MITRE ATT&CK–aligned TTP alerting and correlation logic tuning to improve signal quality when it matters most.

At SLB, I defend enterprise systems through proactive threat hunting across identity, endpoint, and network telemetry. I built and validated TTP-based detection logic in XSIAM XQL and Google SecOps YARA-L, then used Atomic Red Team and coverage dashboards to measure and raise detection effectiveness.

I strengthen detection outcomes by writing and reviewing correlation logic with cross-source joins and risk-based alerting to reduce false positives. I also lead purple team exercises, track coverage gaps using ATT&CK Navigator heatmaps, and present results through live detection demos that drive continuous improvements.

During incident response, I execute containment and escalation investigations—EDR host isolation, Azure AD token revocation, timeline reconstruction, EDR process tree analysis, KAPE Windows log analysis, and Wireshark packet review—while staying hands-on and supportive. I’ve also automated email triage with LLM-based workflows, and operationalized threat intelligence enrichment using commercial feeds and OSINT to improve triage accuracy and backlog.

Experience

Work history, roles, and key accomplishments

SLB logoSL
Current

CyberSOC Engineer

Aug 2022 - Present (3 years 11 months)

Defend enterprise systems by performing MITRE ATT&CK-driven threat hunting and incident response, tuning detection logic in XSIAM XQL and Google SecOps YARA-L. Led purple team exercises and built TTP-based detections to improve SOC coverage and reduce false positives.

CITGO Petroleum Corporation logoCC

Network Security Analyst

Aug 2019 - Aug 2022 (3 years)

Built and maintained LogRhythm SIEM detections and vulnerability management using Tenable Nessus. Hardened email security with SPF/DKIM/DMARC and administered Cisco ASA/FTD firewalls while supporting incident containment and investigation using SIEM correlation and packet captures.

Education

Degrees, certifications, and relevant coursework

University of Houston – Main Campus logoUC

University of Houston – Main Campus

Bachelor of Science, Computer Information Systems

Earned a B.Sc. in Computer Information Systems at the University of Houston, graduating in 2019.

Tech stack

Software and tools used professionally

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan