Open to opportunities

Ehsaan Mehar

[Security Researcher Β· Threat Intelligence Β· Detection Engineering Β· Security Operations]

Security professional specialized in threat intelligence, detection engineering, and SIEM operations. Focused on automating security workflows and reducing organizational attack surface.

↓ Resume GitHub β†’ Posts β†’

// arsenal

Skills & Tools

Technologies and frameworks across security operations and engineering.

Languages

PythonCC++x86-64 Assembly

Security

Threat IntelligenceSIEMDetection EngineeringMalware AnalysisMITRE ATT&CK

Tools

IDA ProWiresharkCalderaVirusTotalYARASnortSigmaELK StackGit

Platforms

GNU/LinuxWindows

// work

Experience

Building detection capabilities and automating threat intelligence workflows in SOC-focused security products.

β€’ StrikeReady From: 2024 β€” Present Remote Full-time

Security Researcher β€” CTI & Detection

  • Conducted threat hunting and profiling by analyzing vendor reports, CERT advisories, and global intelligence feeds, tracking adversary campaigns and evolving TTPs.
  • Analyzed emerging adversary campaigns and recreated end-to-end attack flows using IOCs to build realistic simulation packages (strike) for customer detection validation.
  • Automated full attack simulation with Python-based pipelines using LLMs to generate simulation packages, enrich IOCs via external sources, and ingest intelligence into the product.
  • Developed escalation and tagging Sigma rules, mapping event behavior to MITRE ATT&CK, enabling precise behavioral detection across the platform.
  • Built and operated controlled lab environments to detonate malware, observe behavioral patterns, and simulate multi-stage SIEM attack scenarios across email, endpoint, and network layers.
  • Supported multi-source detection by analyzing diverse log sources and enabling correlation of malicious behavior across complex event streams within defined timeframes.