Open to opportunities

Mohamed Amine Gharbi

@mohamedaminegharbi

Message

Cybersecurity CERT consultant specializing in SOC operations, digital forensics, and proactive threat hunting.

Luxembourg

Message

What I'm looking for

I’m looking to grow in incident response and detection engineering—investigating real-world threats, strengthening SOC/CERT coverage with SIEM/EDR, and building threat hunting and playbooks that align monitoring and response with compliance.

I am an experienced cybersecurity professional with a strong background in SOC operations, digital forensics, and proactive threat hunting. In my current role, I conduct technical investigations for major incidents by analyzing endpoint, network, cloud, and system artifacts (including Defender logs and Azure/M365 telemetry) to reconstruct attacker activity and assess detection effectiveness.

I also lead proactive threat hunting using SIEM and endpoint/cloud telemetry to detect stealthy adversary behavior, and I collaborate with client SOC teams to refine detection use cases and correlation rules using threat intelligence and MITRE ATT&CK. I draft and maintain investigation playbooks, deliver root-cause incident reports and recommendations, align monitoring/response controls with governance requirements (e.g., GDPR, ISO 27001, PCI DSS), and research newly disclosed CVEs to enrich internal detection tools.

Experience

Work history, roles, and key accomplishments

Current

CERT Consultant

Current

Contern

Oct 2024 - Present (1 year 5 months)

Conducted technical investigations for major incidents by analyzing endpoint, network, and cloud artifacts (e.g., Defender logs and Azure/M365 telemetry) to reconstruct attacker activity and assess detection effectiveness. Performed proactive threat hunting, improved detection use cases with MITRE ATT&CK-aligned correlations, and delivered incident reports with root-cause findings and recommendati

Threat Hunting Azure M365 Telemetry Detection Engineering Incident Reports Root Cause Analysis

SOC Analyst

Contern

Jul 2022 - Sep 2024 (2 years 2 months)

Monitored customer environments with SIEM and EDR solutions to ensure timely detection and swift response to security events. Conducted network traffic and log analysis, supported SIEM optimization (log aggregation and tooling), and investigated intrusions and other breaches while contributing to cybersecurity resilience initiatives.

SIEM EDR Network Analysis Log Analysis Incident Response Alert Tuning Threat Detection Security Resilience

SOC Analyst / SOC Engineer

Keystone Group

Sep 2021 - Jun 2022 (9 months)

Performed Level 2 SOC incident analysis and investigations using SIEM and EDR to detect and respond to threats. Supported SIEM/EDR tooling implementation and fine-tuning, tuned detection content (correlation rules, dashboards, alerting), supported system hardening, and created detection guides and investigation templates to support analyst onboarding.

L2 Incident Analysis EDR Alert Tuning Log Management System Hardening Investigation Templates Knowledge Sharing

L1 SOC Analyst

Keystone Group

Jan 2020 - Aug 2021 (1 year 7 months)

Handled 24x7 Level 1 security incident triage in a SOC, ensuring prompt response and managing daily SOC operations including incident handovers and playbook execution. Supported SIEM infrastructure integration, performed health checks of security tools, onboarded new log sources, researched evolving threats, and helped tune alert thresholds by flagging recurring false positives.

SIEM Alert Threshold Tuning Log Parsing Verification Incident Handover THREAT RESEARCH