Fotios Deligiannis

• Developed, tuned, and maintained advanced UEBA detection rules and models, leveraging behavioral analytics to identify anomalous user and entity activities

• Integrated UEBA insights into SIEM/XDR platforms (e.g., Splunk, Microsoft Sentinel, Exabeam), enhancing the organization's ability to detect insider threats, compromised credentials, and lateral movement

• Designed custom correlation rules, leveraging identity context, authentication logs, and application telemetry to reduce false positives and improve detection fidelity

• Led incident investigations triggered by UEBA alerts, collaborating with SOC and IR teams to validate true positives and refine detection logic

• Stayed current on threat actor TTPs, integrating MITRE ATT&CK techniques into behavioral use case development

• Familiarized with logs from several data sources like Windows, Unix, Citrix, Juniper, Printing, DLP, VPNs, EDR

• Contributed to continuous improvement by building dashboards, runbooks, and documentation, and mentoringjunior analysts on behavioral threat detection

• Rotated across multiple security teams, contributing to detection engineering, SIEM management, and threat hunting across large-scale enterprise environments

• Configured, maintained and optimized Splunk infrastructure; created Splunk alerts, dashboards and reports for internal stakeholders to improve operational and security monitoring

• Used Tanium for endpoint-based threat hunting, performing investigations into anomalous activity and enhancing threat detection strategies

• Developed and fine-tuned QRadar use cases and SOAR playbooks for the SOC to improve detection of malicious activities and attakcs

• Contributed to use case lifecycle management, working closely with the SOC and platform teams to improve alert fidelity and reduce false positives