SOC Lead / Operations Engineer

If Your Goals Do Not Scary You, You Are Not Big Enough

Security Operations Engineer specializing in Microsoft E5. I detect threats, automate responses, and engineer resilience across enterprise environments.

View Projects Contact Me

locAleppo, Syria

roleBlue Team / SecOps

since2023

stackSentinel · Defender XDR · KQL · Logic Apps

live · threat intel

🛡️SOC Lead at Omarino IT Services (Germany)Security Operations Engineer at VCG Markets (Dubai)Cyber Security Analyst at DefendLap (Dubai)Blue Team OperationsIndicdent ResponderSecurity EgnineerMicrosoft SentinelMicrosoft Defender XDRMicrosoft Purview🛡️SOC Lead at Omarino IT Services (Germany)Security Operations Engineer at VCG Markets (Dubai)Cyber Security Analyst at DefendLap (Dubai)Blue Team OperationsIndicdent ResponderSecurity EgnineerMicrosoft SentinelMicrosoft Defender XDRMicrosoft Purview

01ABOUT3+ YRS · BLUE TEAM

Security Operations Engineer focused on the parts of blue-team work that hold up under pressure — durable detections, tight response workflows, and data-protection policies that actually fit how people work.

Microsoft E5 stack: Sentinel, Defender XDR, Defender for Endpoint, Identity, Cloud Apps, Purview DLP and Insider Risk. Three years of frontline SOC work — triage, KQL detection engineering, vulnerability management, and the patch cycles that keep an attack surface honest.

Most interested in detection engineering at the cloud edge, identity-centric threat models, and using automation to shorten the gap between alert and decision.

02NOWWK 05 · 2026

Currently focused on

WORK

SOC Lead

Lead SOC operations and security engineering for a multi-tenant portfolio in a growing MSP/MSSP. Drive strategy and execution of cyber defense, threat detection, and incident response workflows to protect critical client infrastructure. Bridge the gap between security monitoring and infrastructure hardening to maintain a strong security posture for all clients.

03SELECTED WORK00 / SELECTED

Things I built and shipped

All projects

04TOOLS & STACK5 GROUPS · 14+ TOOLS

What I reach for

SIEM & XDR

Microsoft Sentinel
Defender XDR
Splunk

ENDPOINT

Defender for Endpoint
CrowdStrike Falcon
Intune

IDENTITY

Entra ID
Entra ID Protection
Entra PIM

DLP & COMPLIANCE

Purview DLP
Insider Risk Mgmt
ISO 27001

CLOUD & CASB

Microsoft Azure
Defender for Cloud Apps

05DISCLOSURES00 PUBLIC · DETAILS REDACTED

CVEs & research

IDProductSeverityCVSSStatus

// identifiers redacted until coordinated disclosure windows close. full list lives on /cves.

06WRITING00 RECENT · /blog

Notes from the SOC

07CERTIFICATIONS00 ACTIVE

Receipts

08ACTIVITYLAST 7 DAYS

Recent moves

IR — Entra ID Privilege EscalationAleppo, Syria (Remote)Investigated a Sentinel alert flagging anomalous sign-in behavior from an Entra ID privileged account. Correlated with MDE telemetry, confirmed lateral movement attempt, and contained the threat via PIM role revocation and Conditional Access policy enforcement within 35 minutes.3w

09STATUSUPTIME · 30D

Live

Open to Opportunities99%

30d agotoday

Current RoleSecOps Engineer @ VCG Markets

Side RoleSOC Lead @ Omarino IT Services

Response Time< 24 hours

10CONTACT< 24 hours

Let's build stronger defenses. _

contact@yousef-fallaha.com linkedin / yousef-fallaha github / yousef-fallaha telegram / yousef-fallaha