Open to opportunities

Esteban Castillo

@estebancastillo1

Cyber Threat Detection & Response analyst bridging IT and OT security to keep enterprises resilient against evolving threats.

Costa Rica

Message

What I'm looking for

I’m looking for a SOC/OT security role where I can run threat detection and incident response across IT and ICS/SCADA, using SIEM/OT visibility tools to reduce risk, improve detections, and partner on remediation for resilient operations.

I’m an IT and OT professional focused on leveraging technology to drive innovation and operational excellence. I dedicate myself to delivering secure, resilient, and efficient solutions by bridging traditional IT infrastructure with critical OT environments.

At IBM, I serve as a Tier 2 Analyst for the Honda Motor Co., Ltd. account, monitoring critical industrial environments and helping secure ICS and SCADA systems. I work with industrial protocols such as Modbus, BACnet, EtherNet/IP, and OPC UA to identify network security risks, firewall configuration gaps, and intrusion detection opportunities within OT.

My background centers on SOC workflows—detection, investigation, and incident response—supported by SIEM and OT visibility tools. I use IBM QRadar, Claroty, Nozomi Networks, and Palo Alto Cortex XSIAM, applying threat actor tactics, techniques, and procedures with frameworks like MITRE ATT&CK, and performing deep packet inspection with Wireshark/PCAP analysis to analyze logs and system behavior.

I previously worked as an IBM SIEM Cybersecurity Analyst (Senior) for Bank of America and Bancolombia, where I analyzed events and alerts, correlated activity, tuned detections, and provided client recommendations to enhance security posture. I also bring an execution mindset from earlier L1 support, consulting, and QA work—always combining accurate troubleshooting with continuous learning.

Experience

Work history, roles, and key accomplishments

Current

Tier 2 OT Threat Analyst

Current

IBM

Dec 2024 - Present (1 year 6 months)

Serve as a Tier 2 analyst for the Honda Motor Co., Ltd. account, monitoring ICS/OT environments and securing industrial networks. Use OT protocols and SIEM/OT visibility tooling to identify risks, investigate intrusions, and analyze network traffic for threats.

Incident Response SIEM OT Visibility Claroty Modbus OPC UA

OT Analyst

IBM

Apr 2024 - Dec 2024 (8 months)

Supported OT/ICS threat detection and incident workflows by triaging and analyzing events across enterprise environments. Operated security platforms and provided guidance to improve confidentiality, integrity, and availability of OT/ICS assets.

OT ICS Security Threat Detection Triage Security Monitoring Vulnerability Assessment Threat Hunting

SIEM Cybersecurity Analyst

IBM

Mar 2017 - Apr 2024 (7 years 1 month)

Analyzed alerts, network flows, and events for Bank of America and Bancolombia accounts, correlating activity and tuning detections. Produced incident escalations and security recommendations, and delivered client presentations based on traffic trends and anomalies.

Alert Tuning Incident Escalation Threat Detection

Software Engineer (Support)

Tek Experts

Jul 2013 - Mar 2017 (3 years 8 months)

Provided L1 support for enterprise SiteScope (data collection platform) via phone, email, and WebEx, troubleshooting Windows/Linux servers and related infrastructure. Reproduced issues in-house and resolved customer problems within product and third-party scope.

L1 Technical Support Windows Server Linux Databases Webex Troubleshooting

Technical Consultant (L1)

Malek

Jul 2012 - Apr 2013 (9 months)

Delivered application support and ticket management for Malek Consultant and external clients, including access provisioning and user management. Supported Google Workspace and Microsoft Office 365, performing migrations from Microsoft Exchange to Google Workspace.

Google Workspace Microsoft Office 365 Active Directory Postini Ticketing Access Provisioning Troubleshooting

IT Consultant (Fortinet)

Business Solution Consulting BSC

Feb 2012 - Jul 2012 (5 months)

Served as an IT consultant on Fortinet pre-sales and implementation activities for internal and external customers. Installed and configured Fortinet security solutions and managed UTM profiles, firewall policies, web/email filtering, and anti-spam controls.

Fortinet Web Filtering Email Filtering Network Device Configuration

QA Software Tester

Align Technology

Mar 2009 - Jan 2012 (2 years 10 months)

Tested internal dental software to validate functionality and quality across releases. Documented enhancement findings and communicated issue details and improvements to developers.

Software Testing Regression Testing Cross Functional Communication