Automated log ingestion and alerting workflows integrated with SIEM tooling to reduce analyst triage time and surface high-priority events.
Built ingestion and normalization pipelines that bring logs from disparate sources into a consistent format for SIEM correlation rules.
Wrote automation that pre-triages incoming events by severity and known patterns, cutting down the volume an analyst has to manually review.
Deployed and tuned on Linux infrastructure with an emphasis on reliability — the pipeline keeps running and keeps surfacing the events that matter.