Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Generic

Rizwan Pervaiz

Naperville,IL

Summary

Dynamic Security Engineer with extensive experience designing scalable SOAR workflows, tuning endpoint detection tools, and deploying enterprise-wide security automation strategies. Proven success in reducing alert fatigue and enhancing detection accuracy through engineering efforts across modern EDR and XDR platforms. Adept at leading incident response efforts, aligning detection logic with MITRE ATT&CK, and advancing organizational security posture through proactive automation, enrichment strategies, and system hardening.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Information Security Engineer

AAR CORP
01.2023 - Current
  • Conduct real-time monitoring and triage of alerts from Microsoft Defender for Endpoint, SentinelOne, Taegis XDR, and Splunk Enterprise Security to detect and respond to emerging threats.
  • Fine-tune detection logic, suppression rules, and correlation searches to improve fidelity and align detection content with the MITRE ATT&CK framework.
  • Develop and maintain automated playbooks in Splunk SOAR to orchestrate incident response workflows, including alert ingestion, enrichment, IOC correlation, and ticketing via ServiceNow.
  • Perform proactive threat hunting activities across endpoint and network telemetry; collaborate with red team on simulation exercises to enhance threat detection capabilities.
  • Conduct incident response operations, including phishing investigation, user behavior analysis, and forensic imaging using FTK Imager and eSentire telemetry.
  • Automate repetitive SOC tasks using Python and Bash to accelerate triage, improve SLA adherence, and reduce human error.
  • Manage the abuse inbox, identifying phishing attempts, suspicious URLs, and credential harvesting campaigns.
  • Lead phishing awareness training campaigns using Proofpoint and create engagement dashboards using Splunk for executive reporting.
  • Deploy and optimize Cisco Umbrella, Digital Guardian, and Microsoft Defender policies for DLP and endpoint hardening.
  • Support compliance initiatives by validating control effectiveness and documenting procedures aligned to NIST and CIS frameworks.

Information Security Analyst

PBS Financial Systems
01.2019 - 01.2023
  • Monitored endpoint activity and investigated alerts using Carbon Black EDR, escalating critical events based on behavioral patterns and threat classification.
  • Conducted vulnerability scans using Nessus and Rapid7 InsightVM, coordinated with IT teams for remediation, and ensured risk reduction tracking.
  • Developed detection signatures and alert logic tailored to internal log sources for timely threat identification.
  • Performed internal penetration testing of systems and applications, leveraging tools such as Metasploit, Hydra, and John the Ripper.
  • Supported incident response with root cause analysis, log correlation, and containment actions using Unix/Linux command-line tools.
  • Conducted malware sandboxing and static analysis to assess file behavior and potential impact.
  • Authored and maintained runbooks, knowledge base articles, and security policies aligned with security best practices.

Education

Bachelor of Computer Science -

University Of Toronto
Toronto
06-2017

Skills

  • SIEM & Detection Engineering: Splunk ES, KQL, log correlation, custom detection logic, SIEM rule development, MITRE ATT&CK mapping
  • SOAR Automation: Splunk SOAR, Python/Bash scripting, ServiceNow integrations, indicator of compromise (IOC) enrichment workflows
  • Endpoint & Email Security: Microsoft Defender, SentinelOne, Carbon Black, Cisco Secure Email, Proofpoint, eSentire
  • Threat Intelligence & Response: Open-source threat intelligence feeds (OSINT), threat enrichment, YARA rule familiarity, CVE analysis
  • Vulnerability & Risk Management: Rapid7 InsightVM, Nessus, CVSS scoring, patch validation, Lansweeper
  • Red Team & Threat Hunting: Kali Linux, MsfVenom, weekly simulations, TTP analysis, behavioral analytics, packet capture with Wireshark
  • Cloud Security: Azure AD, O365 security hardening, MFA monitoring, PowerShell automation
  • Forensics & Investigation: FTK Imager, endpoint triage, lateral movement analysis, IOC analysis and threat tracing

Accomplishments

    • Recognized as a High-Performance Individual in 2023 for exceeding expectations in incident response and threat detection.

    • Awarded the Wings of Excellence in 2024 for outstanding contributions to security automation and operations.

    • Built and deployed Splunk SOAR playbooks to automate IOC enrichment and threat blocking, reducing manual triage time by 60% and improving SLA adherence.

    Developed a Python-based backend script to collect IOCs from over 30 open-source and private threat intelligence feeds, integrating it with Splunk and SOAR for proactive blocking.

    • Deployed and configured Digital Guardian for USB control and DLP enforcement, and Cisco Umbrella for DNS-layer protection across enterprise endpoints, strengthening endpoint security posture.

    Automated daily asset discovery scans and vulnerability reporting using Rapid7 InsightVM, enhancing leadership visibility into newly onboarded and high-risk assets.

    • Tuned SentinelOne and Microsoft Defender policies to reduce false positives and improve detection accuracy across enterprise endpoints.

    • Conducted quarterly threat hunts to identify and remediate misconfigured or vulnerable assets across the organization.

Certification

CompTIA Security+

CompTIA Network+

Microsoft SC-900

Rapid7 InsightVM/AppSec

TryHackMe - Junior Penetration Tester

Splunk SOAR Automation

Timeline

Information Security Engineer

AAR CORP
01.2023 - Current

Information Security Analyst

PBS Financial Systems
01.2019 - 01.2023

Bachelor of Computer Science -

University Of Toronto
Rizwan Pervaiz