Rui Gonçalo
Lisbon,11
Summary
Started in information security in 2015, and never looked back ever since. I set the bar pretty high and that helped me succeed sometimes and learn from others where I have failed. Like to learn about security every day, specially protocols, windows security internals, malware analysis and forensics. Hobbies besides info-sec, are sports in general and board games.
Overview
3
3
years of professional experience
1
1
Certification
Work History
SOC Analyst & Threat Hunter
Kaspersky Lab
03.2022 - Current
- Incident handling and investigation, IR remediation and actions
- Malware analysis samples originated from investigations
- Research for improvement and implementation of detection logic
- Threat hunting leveraging MITRE&ATTCK framework
- Implemented new Threat Hunting approaches and procedures
- Threat hunting using ML techniques (clustering)
- Support to new employees
SOC Analyst
S21sec
09.2020 - 02.2022
- Incident handling and investigation, IR remediation and actions
- Experience in analyzing endpoint and network telemetry
- Experience with working with a plethora of SIEMs (Arcsight, McAfee, Qradar, Splunk, Azure Sentinel, Fortisiem and Darktrace)
- Assisting in the development and improvement of SIEM Rules to detect new malicious behaviors
- Mentoring more than 5 newcomers
- Team Leader - Tier 1 and Tier 2 teams
- Assisted in recruitment process
Education
Bachelor of Science - Informatics Engineering
Polytechnic Institute of Bragança
Portugal09.2019
Bachelor of Science - Software Development & System Administration
Polytechnic Institute of Bragança
Portugal06.2017
Skills
Python
Disk Forensics
Memory Forensics
Network Forensics
Incident Response
Malware Analysis
C
Yara
Websites
Certification
- Windows Incident Response (Kaspersky Xtraining)
- Certified Cyberdefender (CyberDefenders)
- Practical Threat Hunting (Applied Network Defense)
- Hunt APTs with Yara like a GReAT Ninja (Kaspersky Xtraining)
- OpenSecurityTraining2 Arch1001 Certificate
- SC-200 Microsoft Certified - SOC Operations Associate
- A complete Practical Approcah to malware analysis
and Memory Forensics (BruCON2021) - CCNA - Routing and Switching
- Linux Command Line Essentials
Languages
Portuguese
Native language
English
Proficient
C2
French
Upper intermediate
B2
Spanish
Intermediate
B1
Projects
Integrated solution for 802.1x in wired network -
Using pfSense and NAT logs, rsyslog, graylog and
leveraging RADIUS protocol along with Python, I
was able to put together a solution that through
API calls provided the exact student in a University
environment.
Malware hash cloud - Using IntelMQ platform, I
assisted in the development of some bots using
Python, that would collect and parse indicators of
compromise from malicious samples, uploading
indicators hashes to a database, that could be
used to generate blacklists for perimeter
protection.
Publication
An Architecture for Sharing Cyber-Intelligence Based on Blockchain - BLOCKCHAIN 2020 Blockchain and Applications
Timeline
SOC Analyst & Threat Hunter
Kaspersky Lab
03.2022 - Current
SOC Analyst
S21sec
09.2020 - 02.2022
Bachelor of Science - Informatics Engineering
Polytechnic Institute of Bragança
Bachelor of Science - Software Development & System Administration
Polytechnic Institute of Bragança
Similar Profiles
GAURAV BHATNAGARGAURAV BHATNAGAR
Enterprise Group Manager at Kaspersky LabEnterprise Group Manager at Kaspersky Lab
Dinesh SirkarDinesh Sirkar
Senior Bookkeeper at Kaspersky LabSenior Bookkeeper at Kaspersky Lab
ANASTASIYA SLAVGORODSKAYAANASTASIYA SLAVGORODSKAYA
Marketing Specialist/ Enterprise Coordinator at Kaspersky Lab Middle EastMarketing Specialist/ Enterprise Coordinator at Kaspersky Lab Middle East