Security Engineer · Oracle
London · Oct 2023 — Present
Detection engineering and incident response for Oracle Cloud Infrastructure, owning ML-assisted detection development across high-volume telemetry.
- Detection engineering
- Designed and own ML-assisted detection models for OCI, improving true-positive accuracy by ~30% and cutting false positives by 75%, while expanding visibility through optimised log pipelines, IAM policies, and event routing.
- Detection as code
- Maintain Sigma rules in Git with automated testing in CI/CD, mapped to MITRE ATT&CK for coverage tracking.
- Response & automation
- Lead investigations across cloud and endpoint environments and engineered SOAR playbooks for triage, enrichment, and escalation — improving mean time to detect by ~60%.
- Intelligence & governance
- Integrated threat-intelligence feeds into detection pipelines, run ATT&CK-aligned hunts that close coverage gaps, and deliver NIST/ISO 27001-aligned risk reviews and executive incident reporting.