Open to opportunities

Tinsaeberhan Kassa

@tinsaeberhankassa

Message

Principal CSOC specialist delivering SOC engineering, threat hunting, and incident response.

Ethiopia

Message

What I'm looking for

I’m looking to join a security team where I can detect and analyze attacks to root cause, engineer SOC tooling (SIEM/SOAR), and run effective threat hunting and incident response—while continuously improving detection quality.

I’m an enthusiastic Cyber Security professional with 16+ years of experience across national governmental organizations, national CERT, and the Telecom industry. I’m dedicated to detecting and analyzing attacks down to the root cause, then executing mitigating activities, with a strong focus on effective incident response.

As a Principal CSOC Analyst, I design and implement SOC capabilities from scratch—deploying and configuring Splunk SIEM and Palo Alto SOAR (log collection, parsing, normalization, SOC metrics like MTTT/MTTR, and automation). I’ve developed and tuned 100+ attack detection use cases aligned with the MITRE ATT&CK framework for both IT and Telco core network, and I lead threat hunting, alert monitoring, incident forensic work, and Red/Blue/Purple team exercises. Earlier, I expanded from malware analysis into incident analysis and forensic work, performing deep malware analysis and building defensive mini tools, while also delivering SOC monitoring, SIEM tuning (30+ correlation rules), and technical training on reverse engineering, malware analysis, incident handling, and basic threat hunting.

Experience

Work history, roles, and key accomplishments

Current

Principal CSOC Analyst

Current

Safaricom Telecommunications Ethiopia

Feb 2022 - Present (4 years 4 months)

Designed and implemented SOC capabilities from scratch, including deploying Splunk SIEM and Palo Alto XSOAR with log collection, parsing/normalization, and SOC metrics configuration. Developed and tuned 100+ MITRE ATT&CK-aligned attack detection use cases and configured 10+ playbooks/automations to improve SOC monitoring, triage, and incident response.

Splunk XSOAR SOC Threat Hunting Log Parsing Normalization Windows & Telco Logs

SOC Analyst

SecureTech

Mar 2021 - Feb 2022 (11 months)

Monitored network and data center intrusions and performed threat hunting using Palo Alto and FortiGate security controls. Investigated malware incidents using SentinelOne EDR and performed patching/updating via WSUS, including detecting and analyzing HAFNIUM/China Chopper webshell activity on Microsoft Exchange servers.

Palo Alto Firewalls SentinelOne Threat Hunting Malware Analysis Microsoft Exchange Server WSUS Server Endpoint Triage

Malware & Incident Analyst

Information Network Security Agency

Oct 2009 - Feb 2021 (11 years 4 months)

Performed deep malware analysis and expanded into incident analysis, forensics, and threat hunting, including reversing and analyzing multiple local and international malware families. Built defensive tooling (e.g., Semien Fox and malware protection/removal mini tools), conducted SOC shift monitoring with IGLOO SIEM, and tuned 30+ SIEM correlation rules to detect attacks across varied infrastructu

Malware Analysis Threat Hunting IGLOO SIEM SIEM Tuning Correlation Rules Reverse Engineering (IDA Pro Ollydbg)Memory Forensics (Volatility)Assembly C Tooling