Iyanu Aworanti

Architected and deployed an intelligent SOC analyst agent leveraging multiple Model Context Protocols (MCPs) and OpenAI GPT models integrated with N8N workflow automation. The system autonomously performs alert triage, threat assessment, and incident classification with human-in-the-loop validation, reducing alert fatigue by 40% and enabling security analysts to focus on complex investigations. Implemented context aggregation from multiple threat intelligence sources and automated response recommendations based on organizational risk tolerance.

Established a Detection-as-Code (DaC) practice using Panther SIEM and PyPanther SDK, enabling security teams to version-control and peer-review detection logic. Developed 200+ correlation rules and scheduled queries covering threat patterns across cloud, network, and endpoint domains. Implemented CI/CD automation for detection validation and staged deployments, achieving 99.2% detection accuracy while reducing false positives by 35% through iterative tuning and community threat intelligence integration.

Orchestrated enterprise-wide managed Chrome deployment across 5,000+ endpoints with centralized policy enforcement. Configured granular security policies including certificate pinning, extension allowlisting, and safe browsing controls. Implemented automated compliance monitoring and real-time reporting dashboards. Reduced browser-based attacks by 67% through policy-driven hardening while maintaining user productivity and minimizing help desk tickets.

Built and operationalized a comprehensive vulnerability management program managing 50,000+ assets across cloud and on-premises infrastructure. Developed risk-based prioritization algorithms that rank vulnerabilities using CVSS scores, exploit availability, and asset criticality. Orchestrated remediation workflows in ServiceNow with SLA-driven escalation and executive reporting. Achieved 87% remediation rate for critical vulnerabilities within 30 days and reduced overall vulnerability exposure by 62% year-over-year.

Led enterprise endpoint security strategy consolidation from multiple EDR platforms to a unified CrowdStrike and Microsoft Defender architecture. Implemented behavioral threat detection rules, YARA signatures, and custom threat hunting playbooks to detect advanced persistent threats. Configured kernel-level monitoring and response automation for malware, fileless attacks, and lateral movement. Conducted proactive threat hunts identifying 23 previously undetected compromises and enabled incident response to contain threats within 2 hours of detection.

Architected a Security Orchestration, Automation, and Response (SOAR) platform using Tines and N8N to automate 60+ routine security processes. Built playbooks for incident response, user access provisioning/deprovisioning, threat intelligence enrichment, and compliance scanning. Integrated 40+ security tools and cloud services through native connectors and custom APIs. Achieved 85% reduction in manual security operations workload and 50% faster incident response time through systematic automation of repeatable workflows.

Deployed and optimized a comprehensive DLP solution using Netskope to protect sensitive data across SaaS applications, cloud storage, and web channels. Configured content inspection policies using regex patterns and machine learning to identify PII, PHI, and intellectual property. Implemented graduated enforcement ranging from logging and alerting to blocking and quarantining based on data classification and user context. Reduced unauthorized data exfiltration incidents by 78% and achieved 99.1% detection accuracy while maintaining business continuity through context-aware policy exceptions.