❯ whoami
Jawad Charafeddine_
Cybersecurity Analyst · Blue Team · SOC · Agentic AI Engineering
I work across the full blue-team lifecycle — vulnerability management, threat hunting, detection engineering, and security operations. Currently focused on building mature detection pipelines and exploring agentic AI applications in SecOps.
// about
I'm a cybersecurity analyst focused on vulnerability management and security operations, with a particular interest in building detection content and automating remediation at scale.
My background spans hands-on SOC work, SIEM engineering (Microsoft Sentinel + KQL), EDR-driven threat hunting, and compliance frameworks (NIST, DISA STIG, PCI-DSS). I also maintain a home lab for continuous research — running controlled attack scenarios, analyzing network traffic, and documenting investigation workflows.
Currently building toward agentic AI applications in security operations — where LLM-driven pipelines can triage alerts, enrich context, and accelerate response at a scale that manual SOC work can't match.
I also like cats, science-fiction, and my favorite nerd font is Agave.
// experience
LogN Pacific
Cybersecurity Support Analyst
Vulnerability Management & SecOps · Contract
- 100% reduction in critical, 90% in high, 76% in medium vulns for the server team via PowerShell-based remediations.
- Performed vulnerability assessments and risk prioritization using Tenable across Windows and Linux environments.
- Executed DISA STIG compliance audits and automated remediation via PowerShell.
- Performed threat hunting with EDR — detecting IoCs from brute force, data exfiltration, and ransomware.
- Developed custom MDE detection rules to automate isolation and investigation of compromised systems.
- Reduced brute force incidents by 100% by implementing inbound NSG/firewall rules.
- Built Microsoft Sentinel dashboards for logon failures and malicious traffic using threat intelligence feeds.
G&E Impressions, Inc.
IT Support Specialist
- Supported Windows endpoints through hardware, software, and configuration issue diagnosis.
- Applied baseline security practices: OS patching, credential hygiene, backup procedures, and access controls.
- Documented incidents and resolutions to standardize troubleshooting workflows.
Self-directed Home Lab
Cybersecurity Analyst
SOC-focused lab environment
- Built and maintained a SOC-focused lab (Kali + Windows) for alert triage, host-based investigations, and network analysis.
- Analyzed DNS/network traffic in Wireshark to identify C2 indicators and DoH visibility trade-offs.
- Executed controlled exploitation scenarios and investigated post-compromise behavior (process execution, C2 comms).
- Correlated host and network artifacts to assess impact, persistence, and attacker objectives.
education
University of Houston
B.S. Psychology · Biology Minor
certifications
// projects
Vulnerability Management Program →
End-to-end simulation of a vulnerability management program — from policy creation and stakeholder engagement through scanning, risk prioritization, and a complete remediation cycle.
Programmatic Vulnerability Remediations →
Tenable plugin ID → CVE mapping with corresponding PowerShell and Bash remediation scripts for systematic, automated vulnerability closure.
Threat Hunting: TOR Browser Detection →
Threat hunting scenario documenting detection and analysis of unauthorized TOR browser usage on an enterprise endpoint using Microsoft Defender for Endpoint and KQL.
Internet-Facing Asset Detection →
Identifies virtual machines mistakenly exposed to the public internet and detects associated brute-force login attempts using Microsoft Defender for Endpoint queries.
KQL Maps →
Microsoft Sentinel map visualizations built with KQL that transform raw security telemetry into geographic insights — designed to communicate risk posture to non-technical stakeholders.
AI Alert Triage Agent →
Claude-powered SOC agent that autonomously investigates Microsoft Sentinel incidents — querying Log Analytics, enriching IOCs via AbuseIPDB and VirusTotal, mapping MITRE ATT&CK techniques, and writing the analyst brief.
DISA STIG Remediations →
PowerShell and Bash scripts for automating DISA STIG hardening benchmarks across Windows and Linux environments.