Cybersecurity Manager at EY Belgium with over 11 years of IT experience, specialized in Operational Security (SecOps), SIEM/EDR/XDR architecture, Security monitoring (Log management and Detection engineering), Incident Response, Threat Hunting, Threat Intelligence, and unified vulnerability management within critical, highly regulated environments (NIS2, DORA, ISO 27001). With proven expertise in multi-client and MSP service delivery, he combines a strong technical infrastructure background (system and network hardening) with the ability to collaborate directly with governance stakeholders (CISO, ISM) on policy writing and executive reporting, making him an ideal fit for Testessenderlo group. Based in Brussels, he is available on short notice.
Leadership of SOC/SIEM transformations for enterprise-scale clients
Establishment of monitoring strategies and detection frameworks
Modeling of security operations aligned with business and regulatory requirements
Incident Response: management of incident responses (investigation, containment, remediation, team coordination), development of IR playbooks and post-incident analysis
Conducting advanced threat hunting operations to identify dormant threats and indicators of compromise
Collaboration with client security teams to contextualize sector-specific risks
Backup Management Audit: mandated as external auditor for comprehensive audit of backup infrastructure and business continuity; maturity assessment and compliance recommendations
ISO 27001 Audit: focused on logging and monitoring devices and incident detection, verification of critical domains
Technical support to the GRC team for NIS2 compliance: architecture guidance, definition of technical controls and monitoring
Senior SOC Engineer
ODDO BHF
October 2024
to September 2025
Operational management of the SOC: alert triage, incident analysis, escalations, technical coordination
Development of advanced detection rules and automation playbooks
Proactive threat hunting on production environments
Investigation of suspicious activities (lateral movement, RMM abuse)
Improvement of telemetry coverage and integration of log sources
Management of multi-client SOC engagements: architecture, detection engineering, monitoring
Implementation of security solutions: SIEM (Microsoft Sentinel, Splunk, IBM QRadar), EDR/XDR (Microsoft Defender, CrowdStrike), CTI (OpenCTI) integration into operational detection processes
Hardening and securing client environments: Server security configuration (Windows Server, Linux)
SOC maturity assessments with improvement roadmaps
Design and development of Cyber Threat Watch: Web application for threat intelligence (CTI) aggregating critical vulnerabilities (CVSS), zero-day exploits and threat intelligence to inform clients on proactive detection and prioritization of security risks
SOFTWARE ENGINEER (Prior Experience)
Axians / Alliacom / Pixel Web / Ozone Connect
2015
to 2019
Full-stack Ruby on Rails development with expertise in RESTful APIs, automation scripting
Foundation in software engineering applied to automation & security scripting
Education
Engineering Studies in Computer Science
ESPRIT – Private Engineering School
2015
to 2019
Bachelor's Diploma in Applied Computer Science
Higher Institute of Medical Technologies of Tunis
2008
to 2011
Certifications
Certifications
Microsoft Certifications • SC-200 – Security Operations Analyst Associate • SC-900 – Security, Compliance, and Identity Fundamentals • AZ–104 – Azure Administrator Associate • AZ-900 – Azure Fundamentals Professional Training • QRadar SIEM Administration – IBM Partner Environment • Splunk Cyber Defense Analyst – Hands-on Training • Incident Response – INE Training Platform • Threat Hunting – INE Training Platform • OT CyberSecurity Foundations -netriders academy
Skills
Security Operations
SIEM Administration: Microsoft Sentinel, Splunk, IBM QRadar, ELK
EDR/NDR/XDR: Microsoft Defender, Vectra AI, CrowdStrike
Development of detection rules and alert tuning
Advanced threat hunting and incident investigation
Playbooks and automation workflows (SOAR)
SOC Management: alerts, incidents, escalations, team coordination
Networks & Infrastructure Security
VLANs, VPNs, secure routing and network threat hunting
Windows Server & Linux hardening
Microsoft 365 & Azure security operations
Technical security reviews & remediation plans
OT Fundamentals
Multi-Client / MSP Environments
Configuration and monitoring of outsourced infrastructures