Available for senior roles and consulting

Noussayr Derbel

Senior Cybersecurity Engineer

Hands-on cybersecurity engineer with 5+ years of experience across SOC operations, consulting, and enterprise security engineering. I enjoy experimenting with new methodologies and tools, learning continuously, and playing CTFs whenever I feel like it. Alongside day-to-day technical work, I am steadily developing leadership through mentoring, knowledge sharing, and cross-functional collaboration to be ready for broader security responsibilities over time.

Get in Touch View Capabilities Email
5+
Years Experience
6
Expertise Areas
3
Working Languages
40+
Frameworks / Tools
Expertise
Areas of Expertise

A high-level view of the security domains I work in most often, from incident response and detection engineering to architecture, communication, and mentoring.

Incident Response and DFIR
95
Threat Detection Engineering
93
Threat Intelligence and Hunting
91
SIEM and Telemetry Engineering
90
Malware Analysis
89
Security Architecture and Design
88
Identity and Access Security
87
Network and Traffic Analysis
86
Technical Communication
90
Mentoring and Knowledge Sharing
88
Capabilities
Operational Capabilities

Detailed capability areas from hands-on delivery, with the tools and frameworks most relevant to each domain.

Capability 01 Systems Architecture & Design Hybrid environments, network visibility, identity security, and automation workflows.
  • Solid understanding of hybrid environments: on-prem infrastructure, Windows and Linux servers, Microsoft 365, and Azure AD / Entra ID.
  • Network traffic analysis across routing, switching, proxies, VPNs, network segmentation, WAF, and SD-WAN.
  • Design of automation workflows to handle repetitive or time-sensitive security tasks.
  • Understanding of identity security architecture: privilege management, conditional access, MFA enforcement, and identity-based threat detection.
  • Basic exposure to Azure and AWS activity monitoring and IAM review.
Windows Server
Linux
Microsoft 365
Entra ID
Azure
AWS
Palo Alto FW
WAF
SD-WAN
Conditional Access
MFA
Capability 02 SOC Capability & Detection Engineering Log correlation, SOC capability building, platform operations, and SIEM migration exposure.
  • Multi-source log correlation across Windows event logs, authentication logs, network telemetry, and EDR data.
  • Contribution to SOC capabilities: log ingestion, normalization pipelines, detection rules, enrichment workflows, and MITRE ATT&CK mapping.
  • Hands-on experience with Splunk, IBM QRadar, Microsoft Defender, Zscaler, and Cortex XSOAR.
  • Experience reviewing security policies and assessing the consistency and coverage of existing controls.
  • Exposure to SIEM migration projects, including log-source scoping, normalization schema design, and phased detection porting.
Splunk
IBM QRadar
Microsoft Defender
CrowdStrike
Cortex XDR
Cortex XSOAR
Zscaler
MITRE ATT&CK
Log Normalization
SIEM Migration
Capability 03 CTI, DFIR & Malware Analysis APT tradecraft, alert triage, threat intelligence tooling, and malware analysis environments.
  • Good understanding of APT TTPs: social engineering, identity abuse, lateral movement, and exploitation of exposed services.
  • Ability to translate attacker techniques into operational risks for IT teams, SOC analysts, and management, and update detection rules accordingly.
  • Experience with threat intelligence tools: dark web monitoring, VirusTotal, CrowdStrike intelligence feeds, and IoC management.
  • Alert triage and weak signal analysis: forming hypotheses and reconstructing incidents involving servers, clusters, or cloud environments.
  • Understanding of both static and dynamic malware analysis: obfuscated scripts, encoded or compressed data, and basic transformations.
  • Experience with analysis environments including Windows Sandbox, WSL, REMnux, Cuckoo Sandbox, Hybrid Analysis, and AnyRun.
VirusTotal
Dark Web Monitoring
IoC Management
CrowdStrike
Windows Sandbox
WSL
REMnux
Cuckoo Sandbox
Hybrid Analysis
AnyRun
CyberChef
Capability 04 Investigation Workflow & Detection Tuning Behavioral analysis, tool-driven investigations, and detection tuning across multiple log sources.
  • Behavioral analysis: monitoring processes, file activity, network connections, and execution patterns.
  • Ability to work through unknown code progressively, focusing on logic and critical functions rather than line-by-line review.
  • Targeted testing of NGAV, EDR, proxies, and NDR to identify blind spots, with structured reporting back to vendor partners.
  • Regular use of Sysinternals tools, Windows log analysis, packet capture, and Wireshark.
  • Building coherent timelines and quickly separating legitimate artefacts from suspicious signals.
  • Advanced use of CyberChef for deobfuscation and analysis of encoded or compressed content.
  • Experience writing and tuning detection use cases across multiple log sources, mapped to MITRE ATT&CK tactics and techniques.
Sysinternals
Process Explorer
Procmon
PSExec
Vectra AI
Darktrace
Wireshark
Packet Capture
NGAV
EDR
NDR
MITRE ATT&CK
CyberChef
Capability 05 Knowledge Sharing & Mentoring Technical communication, workshops, mentoring, and internal documentation.
  • Explaining technical topics clearly for different audiences, including non-technical stakeholders.
  • Delivering educational presentations on attack chains, identity abuse, remote access risks, and exposed services.
  • Designing workshop materials for IT and SOC teams on DFIR, CTI, advanced malware analysis, and Purple Teaming.
  • Mentoring students and junior analysts on investigation projects, malware analysis, security audits, and tool development.
  • Writing internal documentation: playbooks, detection summaries, post-incident reports, and onboarding guides.
  • Reviewing and giving structured feedback on technical work, with a focus on building long-term competence.
Playbooks
Detection Summaries
Post-Incident Reports
Onboarding Guides
Workshop Design
Purple Teaming
Technical Presentations
Capability 06 Cross-Functional Skills & Professional Strengths Security posture improvement, structured communication, prioritisation, and leadership growth.
  • Proactively identifying gaps and proposing practical improvements to the overall security posture.
  • Staying focused and methodical under pressure, particularly during incident response situations.
  • Risk-based prioritisation: evaluating impact, exposure, and exploitability to decide what matters most.
  • Working well with local and global teams across IT, security, and business functions.
  • Developing a leadership style based on consistency, guidance, and genuine interest in others' growth.
  • Clear, respectful, and structured communication that helps others understand complex situations without unnecessary jargon.
  • Comfortable managing multiple parallel workstreams: vendor PoVs, detection engineering, stakeholder coordination, and documentation.
  • Strong attention to detail when producing structured deliverables: frameworks, reference documents, and technical reports.
Risk Management
Vendor PoVs
ISO/IEC 27001
MITRE D3FEND
Control Reviews
Security Policies
Security Maturity
Cross-Functional Collaboration
Content
Medium Articles

Live integration from my Medium feed. This section shows only recent cybersecurity-focused articles.

Loading
Fetching latest cybersecurity posts...
This section automatically pulls cybersecurity article titles, summaries, and publish dates from the Medium RSS feed.
medium.com/@noussayr.derbel ->

Loading latest cybersecurity articles...

Read All Articles
Growth
Currently Improving
[1]
Strategic Threat Intelligence
Improving long-term threat framing, adversary context building, and the ability to connect intelligence with operational decisions.
[2]
Product Design & Development
Improving how technical ideas become useful tools, structured workflows, and practical deliverables that teams can actually use.
[3]
Leadership
Improving guidance, decision-making, communication, and the ability to help teams grow with consistency over time.
Background
Education & Certifications

Formal education and continuous learning details from my background.

Education
Bachelor's Degree in Information and Communication Technologies
Oct 2017 - Jul 2020
Major in Network Security. Foundation in network defense, system security fundamentals, and practical cybersecurity operations.
Certification
Advanced Malware Analysis
Jan 2025
Advanced malware behavior analysis, execution flow understanding, and structured investigation techniques.
Certification
Advanced Cyber Threat Intelligence
Dec 2024
Adversary-focused intelligence interpretation, context-driven prioritization, and operationally relevant threat analysis.
Contact
Get in Touch

Open to senior cybersecurity engineering roles, consulting engagements, and teaching opportunities. Based in Tallinn, Estonia.

@
Email noussayr.derbel@gmail.com
tel
Phone +372 5196 6024
M
Medium @noussayr.derbel
in
LinkedIn Professional profile
noussayr@security ~$ whoami Senior Cybersecurity Engineer DFIR / Detection / Security Architecture
noussayr@security ~$ cat location.txt Tallinn, Estonia Open to remote and relocation options
noussayr@security ~$ cat languages.txt Arabic English French
noussayr@security ~$ cat status.txt [open] Available for opportunities
noussayr@security ~$