INTRODUCTION

I'm Pavel YushkevichThe Guy You Need

I'm a Blue Team specialist who blends hands-on incident response experience with the technical skills to design and manage security infrastructure. From SIEM deployment to detection engineering and SOC workflows — I bring both the strategy and the tools to strengthen your defenses.

Browse Resume

Biography

Cyber Security Engineer currently based in Warsaw, Poland, with a strong focus on Blue Team operations. Experienced in both incident response and security engineering, I combine analytical expertise with technical implementation to strengthen security processes. Native Russian speaker and advanced in English, I bring an international mindset to cybersecurity challenges.

Education

Information Systems and Cybersecurity

Vilnius University, Institute of Applied InformaticsVilnius, Lithuania, 2020 – 2024

Built a strong technical foundation through courses in algorithm theory, data structures, and advanced programming (C++, C#, and Python). Gained in-depth knowledge of cybersecurity fundamentals, including Information System Security, Operational Systems and Their Security, and Methods of Ethical Hacking.

Studied Digital Forensics, Data Security and Cryptography, as well as forensic analysis of malware and digital evidence. The program also covered essential IT disciplines such as Computer Networks and their Security, Virtualization, and Risk Management, combining both the practical and regulatory aspects of modern information security.

Information Systems Management

School of Business of BSUMinsk, Belarus, 2019 – 2020

Focused on Information Systems Management fundamentals, learning the basics of object-oriented programming (OOP) and foundational courses in management, including IT project management and information systems governance.

Work Experience

Cyber Security Engineer

Capital.comJanuary 2025 - Present

As a Cyber Security Engineer, I have been responsible for designing and maintaining Capital.com's security monitoring and automation infrastructure. My experience covers several major areas:

SIEM Engineering & Infrastructure Setup
  • • Contributed to the design and deployment of a distributed OpenSearch-based SIEM cluster to enhance security monitoring across Capital.com
  • • Optimized index lifecycle policies, field mappings, and ingestion pipelines, ensuring seamless data flow and scalability for hundreds of GBs of daily logs
  • • Maintained and optimized nodes, ensuring efficient ingestion and search performance
  • • Worked extensively with Docker to orchestrate deployments and streamline infrastructure management
Data Ingestion & Log Processing
  • • Integrated custom data connectors for both on-prem and cloud sources
  • • Refined ingestion pipelines using Logstash, improving parsing, enrichment, and performance
  • • Wrote multiple enrichment modules for Logstash to cross-reference data with other systems (e.g., identity lookups, IP reputation, geo-IP). Optimized caching mechanisms to keep enrichment efficient at scale
  • • Automated connector updates and Logstash filter management using GitLab, ensuring transparent version control and streamlined updates
  • • Handled hundreds of gigabytes of log data per day, focusing on performance tuning and filter efficiency
Detection Engineering & Rule Management
  • • Developed and updated detection rules for Wazuh and Logstash, ensuring high-quality alerts and effective coverage of security events
  • • Maintained alignment with the MITRE ATT&CK framework to ensure detection of the most frequently used attack techniques
Security Tools & Automation
  • • Optimized Wazuh agent rollout via Ansible, managed tuning for distributed endpoints, and explored automation platforms such as Shuffle and n8n
  • • Gained practical experience with orchestration tools and prepared the groundwork for future implementation
Linux Telemetry & Hardening
  • • Gained hands-on experience researching and selecting Linux telemetry agents, testing options for different environments (standard Linux vs. Kubernetes)
  • • Gained deep understanding of syscalls, kernel-level monitoring, and their integration with tools like Wazuh
  • • Contributed to defining hardening requirements aligned with CIS benchmarks
Monitoring & Observability
  • • Built robust monitoring for the entire security stack: containerized apps, system logs, and infrastructure metrics
  • • Ensured complete auditability of systems with transparent logging and alerting for compliance and investigations

SOC Analyst

Capital.comNov 2023 – Jan 2025

Incident Response & Digital Defense

Led investigations from quick endpoint detections to complex multi-stage attacks. Balanced hands-on remediation, vulnerability patching, and reporting — ensuring systems remained resilient and prepared for future challenges.

Operational Expertise

Worked across the Blue Team toolkit: from SIEM tuning and network monitoring (Zeek, Suricata, Arkime) to honeypots and DLP controls — always focusing on threat visibility and proactive defense.

Shaping the SOC

Helped evolve the SOC by improving workflows, mentoring analysts, and driving automation for faster, smarter responses. Built trust with stakeholders and fostered collaboration to embed security deeply into the company's culture.

SOC Analyst

WargamingOctober 2022 - November 2023

As a SOC Analyst at Wargaming, I gained extensive hands-on experience working in a large, mature Security Operations Center. My work involved:

  • • Triaging alerts and conducting threat hunting based on log analysis
  • • Suggesting and refining alerting logic to improve detection capabilities
  • • Handling a wide range of incidents — from simple tests to complex, multi-stage attacks touching multiple layers of infrastructure
  • • Writing small automation scripts to gather forensic artifacts across macOS, Windows, and Linux hosts
  • • Collaborating with a large SOC team in a shift-based model, which provided real-world, around-the-clock incident response experience
Key Skills

Key Skills

My work focuses on the Blue Team domain — combining hands-on incident response and threat detection with the ability to design and maintain the infrastructure that supports these functions. I bring together analytical expertise, technical implementation, and a clear understanding of how security operations should function.

Holistic Blue Team Mindset

I combine the key elements a modern Blue Team needs: analytical skills, technical implementation, and a clear understanding of how security operations should function. My approach is not limited to reacting — it's about shaping how defense is structured.

Analytical Expertise

I have hands-on experience in Incident Response, Threat Hunting, Digital Forensics, and Log Analysis. This allows me to handle real incidents and shape detection logic that helps a SOC be proactive instead of just reactive.

Technical Foundation

I know how to build and maintain the infrastructure that powers Blue Teams: deploying and tuning SIEM platforms, managing agents for endpoint protection, and implementing security automation and orchestration.

Strategic Perspective

Beyond tools and incidents, I understand how SOC workflows should be structured. I connect analysts, engineers, and processes — translating operational needs into detection rules, response playbooks, and automation flows.

I'm a versatile Blue Team professional who bridges the gap between operations, technology, and process — someone who not only knows what needs to be done to defend an organization, but can also design and build the systems and workflows to make it happen.

Contacts

Get in touch

If you have some questions or want to know more, feel free to do it whenever you want! I'll be glad to meet you.

Location

Warsaw, Poland

Email

career@pavelyushkevich.com