Asad Noor | Assistant Manager – Data Center | Cybersecurity Engineer

// about

Who I Am

I’m a Cybersecurity Engineer and Assistant Manager – Data Center at PostEx (fintech/logistics), managing enterprise infrastructure security and cybersecurity operations across a high-stakes financial environment.

My core expertise spans SIEM engineering with Splunk Enterprise, open-source security with Wazuh and Elastic Stack, detection engineering against the MITRE ATT&CK framework, threat hunting, network security monitoring, and full infrastructure security from hypervisor to application layer.

I recently deployed Splunk Enterprise in production at PostEx — aggregating logs from the local network, global WAN, core routers (MikroTik/Cisco), and 500+ infrastructure assets. This gives real-time visibility across the full attack surface.

Outside of work I maintain a TryHackMe Top 1% ranking (218 rooms, 39 badges, 193-day streak) and actively research detection engineering, web application security, and threat hunting.

👥 LinkedIn 🐙 GitHub 🎯 TryHackMe 📄 Resume

Tech Stack

📈

Splunk

🔌

Wazuh

🟢

Elastic

📌

Sec Onion

🛠

Docker

💻

Proxmox

🌐

MikroTik

🖥

Linux

🔎

Burp Suite

🛡

MITRE

🎯

TryHackMe

⚙

Ansible

// achievements

By the Numbers

Quantified results from production deployments and continuous learning.

🔌

100+

Servers Monitored

Cross-platform servers (Windows, Linux, VMware, Proxmox) under centralized SIEM coverage via Splunk Enterprise and Elastic Stack

📈

500+

Endpoints Managed

Workstations and servers across PostEx enterprise environment with Wazuh agent deployment, monitoring, and active response

🛡

40+

Detection Rules

MITRE ATT&CK-mapped detection rules across Splunk SPL, Wazuh XML, Sigma, and Elastic EQL. 40% false positive reduction achieved.

🎯

Top 1%

TryHackMe Ranking

Global Top 1% ranking on TryHackMe. Rank #19,078. 218 completed rooms, 39 earned badges, 193-day consecutive streak.

⚡

<2 min

Mean Time to Notify

Automated detection-to-alert pipeline via n8n + Wazuh + Telegram. Critical threats trigger notification in under 2 minutes 24/7.

📄

193

Day Streak

193 consecutive days of security training and lab practice on TryHackMe, demonstrating consistent discipline and commitment to growth.

// experience

Work Experience

★ Flagship Achievement: Deployed Splunk Enterprise in production — centralized log aggregation from local network, global WAN, core routers, and 500+ infrastructure assets. Real-time threat monitoring, infrastructure monitoring, alert analysis.

Engineered 40+ MITRE ATT&CK-mapped detection rules across Splunk SPL, Wazuh XML, and Sigma formats. Reduced false positive rate by 40% through systematic audit-mode tuning methodology.
Deployed Wazuh SIEM+XDR across 500+ endpoints with agent management, vulnerability detection, FIM, compliance monitoring (PCI-DSS, GDPR), and active response automation.
Deployed Elastic Fleet with Elastic Defend agent across 100+ cross-platform servers for centralized endpoint security monitoring and EDR capabilities.
Built SOC automation pipeline: n8n → Wazuh webhook → VirusTotal/AbuseIPDB enrichment → Telegram alert → JIRA ticket. MTTN: <2 minutes.
Deployed Security Onion with Suricata IDS and Zeek NSM. Configured JA3/JA3S TLS fingerprinting for encrypted C2 detection without payload inspection.
Designed network security architecture: VLAN segmentation (Corporate, Server, DMZ, Management, Security), MikroTik firewall ACLs, VPN (WireGuard/IPSec/OpenVPN), port knocking.
Hardened Proxmox VE hypervisor cluster, VMware ESXi, Windows Server/Active Directory, and 100+ Linux servers to CIS benchmark standards via Ansible playbooks.
Managed Active Directory security: GPO hardening, privileged access management, Kerberoasting/Pass-the-Hash/DCSync attack detection rules.

Splunk Enterprise Wazuh Elastic Fleet Security Onion Detection Engineering Proxmox MikroTik

// skills

Technical Skills

📈 SIEM Platforms

🛡 Detection Engineering

🌐 Network & Infrastructure

🔎 Offensive Security

// projects

Featured Projects

Production deployments, security engineering labs, and research projects with measurable outcomes.

Enterprise Security Monitoring Platform

Multi-SIEM, multi-platform security operations platform: Splunk Enterprise + Wazuh + Elastic Fleet + Security Onion deployed on Proxmox VE via Docker. Unified visibility across 500+ endpoints, 100+ servers, network layer to application layer.

📈 500+ endpoints 🌐 4 network segments 🛡 40+ rules

SplunkWazuhElastic FleetSecurity OnionProxmoxDocker

View Case Study →

Splunk Enterprise SIEM Deployment

Production Splunk Enterprise deployment at PostEx. Universal Forwarders via GPO/Ansible, router syslog, Windows/Linux log collection, syslog aggregation, 40+ SPL detection rules, custom dashboards, alerting.

Splunk EnterpriseUniversal ForwarderSPLMikroTik Syslog

Case Study →

Wazuh SIEM + XDR Deployment

Wazuh across 500+ endpoints. Agent management, vulnerability detection, File Integrity Monitoring, compliance monitoring (PCI-DSS, GDPR), endpoint monitoring, active response automation.

Wazuh 4.xFIMVulnerability DetectionActive Response

Case Study →

Elastic Fleet + Elastic Defend

Elastic Fleet deployment with Elastic Defend agent across 100+ cross-platform servers. Centralized endpoint security monitoring, EDR capabilities, malware prevention, and Elastic SIEM detection rules.

Elastic FleetElastic Defend100+ ServersKibana

Case Study →

Detection Rule Engineering Library

40+ MITRE ATT&CK-mapped detection rules across Splunk SPL, Wazuh XML, and Sigma formats. 40% false positive reduction through systematic audit-mode tuning methodology.

Splunk SPLSigmaWazuh XMLMITRE ATT&CK

Case Study →

Security Onion NSM Deployment

Network security monitoring with Suricata IDS, Zeek protocol analysis, JA3/JA3S TLS fingerprinting for encrypted C2 detection, and Elastic Security integration.

Security OnionSuricataZeekJA3

Case Study →

Dockerized Security Stack

Fully containerized SOC stack: Wazuh + ELK + TheHive + Cortex + MISP via Docker Compose. Full deployment in 15 minutes on any Linux host. Includes MISP threat intel integration.

Docker ComposeTheHiveMISPCortex

Case Study →

Web Application Pentesting Lab

OWASP Top 10 penetration testing methodology. SQLi, IDOR, SSRF, auth bypass, business logic testing using Burp Suite Pro. Findings directly feed detection rule pipeline.

Burp Suite ProOWASP Top 10NucleiCVSS 3.1

Case Study →

Home Lab Architecture

Production-grade Proxmox VE home lab with VLAN segmentation, Active Directory domain, full SIEM stack, Kali Linux attack simulation, and Security Onion NSM for continuous research.

Proxmox VEVLANActive DirectoryKali Linux

View Architecture →

Bug Bounty Recon Framework

Automated reconnaissance pipeline: Subfinder + Amass + httprobe + gowitness + Nuclei. Continuous asset discovery, live host monitoring, automated vulnerability scanning.

SubfinderAmassNucleiBash

Case Study →

🐙 View All on GitHub

// security research

Security Research

Published detection content, SPL queries, Sigma rules, and threat hunting playbooks.

📈

Splunk SPL Detection Queries

Production-tested SPL queries for brute force (T1110), scheduled task persistence (T1053.005), lateral movement via RDP (T1021.001), LOLBin execution (T1218), and DNS tunneling (T1071.004). Deployed across PostEx SIEM.

index=windows_security EventCode=4625
| bucket _time span=5m
| stats count by _time, IpAddress
| where count >= 10
| eval technique="T1110.001"

View Full Article →

🛡

Sigma Rules Library

Cross-platform Sigma rules compilable to Splunk SPL, Elastic EQL, QRadar AQL, and Wazuh. Covers PowerShell encoded commands, LSASS memory access, scheduled task creation, and registry persistence techniques.

title: PowerShell Encoded Command
tags: [attack.execution, attack.t1059.001]
detection:
  selection:
    ScriptBlockText|contains:
      - '-EncodedCommand'
level: high

View Rules →

🔍

Threat Hunting Queries

Hypothesis-driven hunt queries for LOLBin execution, Kerberoasting (T1558.003), DNS tunneling (T1071.004), beaconing detection via connection regularity analysis, and NTDS.dit extraction detection.

index=windows_events EventCode=4688
| eval child=lower(
    mvindex(split(NewProcessName,"\\"),-1))
| where child IN (
    "mshta.exe","certutil.exe",
    "regsvr32.exe","wscript.exe")

View Playbook →

🟢

Elastic Detection Rules

Elastic EQL and KQL detection rules for Elastic SIEM. Covers process injection (T1055), credential dumping (T1003), privilege escalation, and command & control via Elastic Defend telemetry.

// Elastic EQL - LSASS Access
process where event.action == "start"
  and process.name : "lsass.exe"
  and process.parent.name != (
    "wininit.exe","svchost.exe")

View Rules →

🔌

Wazuh Custom Detection Rules

Custom Wazuh XML rules for brute force detection, privilege escalation, web application attacks, and active response automation. Rules tuned to minimize false positives in enterprise environments.

<rule id="100001" level="12">
  <if_sid>18152</if_sid>
  <same_source_ip/>
  <occurrence>5</occurrence>
  <timeframe>120</timeframe>
</rule>

View Rules →

📋

Detection Engineering Blog

12 full technical articles on SIEM deployment, detection engineering methodology, threat hunting, web application security, network security monitoring, and infrastructure hardening. 1,500–2,500+ words each.

📄 12 articles ⌛ 18-22 min avg read 📈 MITRE mapped

View All Articles →

// continuous learning

Never Stop Learning

Consistent hands-on practice beyond work hours. Security isn't a 9-to-5.

Top 1%

Global Ranking

#19,078

World Rank

218

Rooms Completed

39

Badges Earned

193

Day Streak

🥇 OG 🔥 Streak 🔌 Blue Team 📈 SIEM 🛡 Detection 🔎 Web 🌐 Network 🖥 Linux +31 more

Top 1% of all users worldwide

View THM Profile ↗

Learning Focus Areas

📈

SOC Level 1 & 2

Alert triage, log analysis, SIEM workflows, escalation procedures, threat intelligence

🛡

Detection Engineering

MITRE ATT&CK coverage, Sigma rules, detection-as-code pipelines, rule validation

🖥

Linux Privilege Escalation

SUID/SGID abuse, sudo misconfigurations, kernel exploits, Docker escapes

🔎

Web Application Security

OWASP Top 10, Burp Suite workflows, API security testing, IDOR and SSRF

📌

Network Security

Wireshark analysis, Nmap scanning, traffic analysis, firewall bypass techniques

🔀

Threat Hunting

Hypothesis-driven hunting, PEAK methodology, beaconing detection, APT emulation

Verified Certifications

📈

Splunk Core Certified User

Splunk Inc. — Verifiable via Credly

✓ Verified

🎯

TryHackMe Top 1% Rank

TryHackMe — Public profile verifiable

✓ Verify at tryhackme.com/p/Asadnoor

🎯

TryHackMe 39 Badges

TryHackMe — Badges visible on public profile

✓ Public profile verifiable

🔒 Only displaying certifications with verifiable proof. Certifications in progress are not listed.

// contact

Get In Touch

Open to cybersecurity opportunities, SIEM engineering roles, SOC positions, consulting engagements, and collaboration. Response within 24 hours.

💌 asadnoor951@gmail.com

📍 Lahore, Pakistan (Open to Remote & Relocation)

👥 linkedin.com/in/asadnoor951

🐙 github.com/asadnoor951

🎯 TryHackMe Top 1%

Available for opportunities

SOC Analyst / Engineer
SIEM Engineer
Detection Engineer
Security Engineer
Infrastructure Security
Remote / Hybrid roles

AsadNoor.

Who I Am

Tech Stack

By the Numbers

Work Experience

Assistant Manager – Data Center

Technical Skills

📈 SIEM Platforms

🛡 Detection Engineering

🌐 Network & Infrastructure

🔎 Offensive Security

Featured Projects

Enterprise Security Monitoring Platform

Splunk Enterprise SIEM Deployment

Wazuh SIEM + XDR Deployment

Elastic Fleet + Elastic Defend

Detection Rule Engineering Library

Security Onion NSM Deployment

Dockerized Security Stack

Web Application Pentesting Lab

Home Lab Architecture

Bug Bounty Recon Framework

Security Research

Splunk SPL Detection Queries

Sigma Rules Library

Threat Hunting Queries

Elastic Detection Rules

Wazuh Custom Detection Rules

Detection Engineering Blog

Never Stop Learning

TryHackMe

Learning Focus Areas

Verified Certifications

Get In Touch

Asad
Noor.