SOC Analyst & Security Engineer
Threat detection. Incident response. Security automation.
Embrace the Unknown
About
The person behind the handle — my background, focus, and what drives me.
A SOC Analyst and Computer Science student. My work lives at the intersection of detection engineering, incident response, and automation — building systems that find threats before they become breaches.
Security Professional
LxZy
SOC Analyst · CS Student
Background
Where the foundation was built. Academic rigor meets hands-on practice.
Cairo, Egypt · Currently enrolled
Major: Cloud & Mobile ComputingComputer and Information Systems Security / Information Assurance
Information Systems SecurityWork
Roles where I have operated, defended, and delivered.
Independent / Academic
Designing and deploying enterprise-grade security lab environments covering Zero Trust Architecture, Identity & Access Management, and Blue Team investigation workflows. Each lab is fully documented and built with production-grade open-source tooling.
2025 to Present
What I offer
Security capabilities I provide. From detection engineering to full incident response cycles.
24/7 threat monitoring, SIEM management, alert triage, and detection rule development aligned to MITRE ATT&CK.
Full IR lifecycle. Containment, eradication, forensic analysis, and documented post-incident reports.
IOC enrichment, threat actor profiling, and intelligence-driven detection engineering for your environment.
Python-based automation for enrichment pipelines, SOAR playbooks, and repetitive analyst workflows.
Portfolio
Production-quality labs and tools. Fully documented, built with real open-source tooling.
Architected a production-grade dual-device Zero Trust environment from scratch, aligned to NIST SP 800-207. Two physical machines connected via IKEv2 IPsec tunnel, 4 VLANs, Suricata IDS on both firewalls, Splunk + Vector aggregating cross-site logs, Traefik + Authelia MFA behind Cloudflare Zero Trust tunnels, and an isolated Kali VM on VLAN 40 for adversary simulation.
A full Identity & Access Management lab running on VirtualBox across 5 VMs. FreeIPA handles LDAP, Kerberos, DNS, and the internal CA. Keycloak federates identities and enforces TOTP MFA via OIDC/SAML. HashiCorp Vault manages secrets and PKI. Elastic captures all authentication events. WireGuard connects the management plane.
A practical Blue Team lab series covering 10 real-world SOC scenarios: authentication anomaly detection, phishing analysis, PCAP investigation, SIEM correlation, lateral movement hunting, detection rule development, incident response execution, and memory forensics on fileless malware. All labs produce reportable artefacts: investigation reports, detection rules, and automation scripts.
A Python automation script integrating VirusTotal and AbuseIPDB to effectively reduce analyst enrichment time. Accepts bulk IOC lists (IPs, hashes, domains), queries multiple threat intel sources in parallel, and outputs structured reports ready for ticket ingestion.
Get in touch
Open to IR consulting, managed SOC engagements, and collaboration on security automation. Reach out. I respond fast.