Oswaldo Reategui | Security Operations Engineer

Security Operations Engineer

Cloud Security & Detection Operations

Linux-first detection ops. Building signal with Zeek, Splunk, and EDR-aligned telemetry. Hardening containerised infrastructure on AWS, Azure, and GCP.

LinkedIn GitHub

System Status Available

Response Time < 24h

Authorization EU Authorised

Certifications SC-200 & ISO 27001 (In Progress)

Languages EN · ES · DE

Stack Linux · Docker · Python

Compliance ISO 27001 · GDPR · NIS2

Last updated:

Philosophy

I design and operate detection pipelines and hardening controls for cloud-native infrastructure. Hands-on across AWS, Azure, and GCP with Linux and Docker production environments. My MSc research built a Zeek-to-Redis IDS pipeline that scores network flow records within a containerised latency budget. Based in Berlin. EU work authorised.

ISO 27001 Lead Implementer (in progress) Microsoft SC-200 (in progress)

Technical Focus

Security-First Operations

Depth in detection, hardening, and compliance. Lab-tested and production-hardened across Linux, Docker, and cloud-native tooling.

Detection & Hardening

Linux Hardening

Docker Security

Network Telemetry

Log Analysis

MITRE ATT&CK

IDS / IPS

Vulnerability Management

Incident Response

Cloud & Infrastructure

AWS (Foundational)

Azure (Foundational)

GCP (Foundational)

Docker & Compose

WireGuard / VPN

VPS / Self-Hosted

SSH / PKI

AI-Accelerated Automation

Python

Bash

Claude Code

OpenAI / Hugging Face APIs

Git / GitHub Actions

Markdown Runbooks

Cron / Systemd

Compliance & Governance

ISO 27001

GDPR

DORA

Risk Assessment

Access Governance

Audit Documentation

Data Retention

Selected Work

Projects & Research

Hands-on work that demonstrates detection engineering, infrastructure hardening, and AI-assisted security operations.

Cloud-Native Intrusion Detection Pipeline

University of London · MSc Thesis

Detection

Challenge: Cloud-native networks produce high-volume telemetry that traditional IDS cannot process in real time without expensive SIEM licensing. SMEs need a low-cost, open-source alternative.

What I built: A five-stage containerised pipeline: Zeek parses live traffic into structured JSON, Redis Streams buffers telemetry with automatic recovery, and a calibrated XGBoost model scores each flow for anomalies before a policy engine decides the response.

Outcome: 84.2% ROC-AUC on the CICIDS2017 benchmark. After calibrating for a real-world false-alarm budget, the pipeline catches 40% of attacks while keeping false positives below 9%. Every step is fully documented and reproducible on GitHub.

Python Zeek Redis Docker XGBoost

Code Read the Blog

Automated Asset Discovery & Vulnerability Scanning

Security Operations Automation

Automation

Problem: Router admin panels missed ephemeral IoT devices. I had no reliable inventory of what was actually on my network.

What I built: A scheduled four-stage pipeline with arp-scan discovery, nmap fingerprinting, Python CVE enrichment via NVD API, and Telegram alerting. Scanning runs in read-only, least-privilege ephemeral Docker containers.

Outcome: Full baseline in under 3 minutes with no endpoint agents. Weekly JSON diffs automatically surface new devices and vulnerable software.

Python Docker Nmap NVD API Telegram Bot

Code Read the Blog

Hardened Self-Hosted Infrastructure with Network Segmentation

Infrastructure Hardening

Operational

Challenge: Most home labs start as convenience projects and become liabilities. Default passwords, no logging, and services exposed to the open internet create a silent attack surface.

What I built: Three isolated nodes on Linux and Raspberry Pi: a VPN-protected media hub, a hardened Nextcloud file sync stack with Caddy TLS, and an experimental automation node exposed only through Cloudflare Tunnel. Each node has its own firewall rules, least-privilege containers, and no shared credentials.

Outcome: A fully operational self-hosted cloud with documented security boundaries, encrypted SMB shares, and template-first configuration that keeps real secrets out of version control. The network reconnaissance pipeline scans this same LAN weekly and reports new devices or vulnerable software.

Docker VPN TLS SMB

Code Read the Blog

Customer Churn Prediction with Ensemble Methods

Predictive Analytics

Applied ML

Challenge: Credit card portfolios lose 16% of customers to churn, yet most retention campaigns arrive too late. The bank needed a way to spot at-risk customers before they called to cancel.

What I built: A four-model comparison pipeline on 10K customer records: Logistic Regression, Decision Tree, Random Forest, and Gradient Boosting. Applied SMOTE to fix class imbalance, Grid Search for hyperparameter tuning, and evaluated each model on churn recall rather than overall accuracy.

Outcome: Gradient Boosting Machine achieved 97% accuracy and 89% churn recall after tuning. The model correctly identifies 9 out of 10 customers who actually leave, giving the retention team a ranked list to act on instead of blanket campaigns.

Python scikit-learn SMOTE Jupyter

Code Read the Blog

Current Focus

Currently Building

Active work to close gaps between my current skills and the roles I am targeting in the EU security market.

Microsoft SC-200: Security Operations Analyst

Learning KQL, detection rule authoring, and Sentinel SOAR automation via Microsoft Learn labs.

ISO 27001 Lead Implementer

TÜV SÜD Academy. Risk assessment, control documentation, and audit-ready ISMS design.

Self-Hosted Cloud Security Lab

Terraform IaC, Kubernetes RBAC, GitHub Actions CI/CD, and automated compliance checks on AWS/Azure free tiers.

Detection-as-Code Practice

Writing and testing Sigma / KQL rules against public datasets to build a portable detection rule repository.

Splunk Search & Dashboard Lab

Lab target: deploying Splunk free tier, writing SPL searches, building detection dashboards, and designing alert logic for cloud workload telemetry.

Wazuh EDR & Falco Runtime Security

Lab target: Docker-based Wazuh deployment for endpoint telemetry and Falco for container runtime threat detection with MITRE ATT&CK mapping.

Professional Experience

Career

Security Operations & Systems Coordinator Sep 2023 – Present

Termales Don Grimaldo · Remote

Maintain Linux-hosted production web services with controlled updates, TLS certificate lifecycle management, DNS hardening, and domain security configurations. Cut certificate-related downtime to zero via automated renewal alerts and staging validation.
Operate Docker-based components with service-continuity planning, routine encrypted backups, and quarterly restore validation to ensure integrity and recoverability.
Apply MFA for all privileged accounts, coordinate incident response with non-technical stakeholders, and maintain audit-ready runbooks and change documentation. Achieved 100% MFA coverage across privileged accounts within 30 days of role start.
Maintain security event logs and incident records that enabled full traceability across four post-incident reviews, cutting repeat root-cause analysis time by half.

Linux Docker TLS/DNS Incident Response

Security & Systems Specialist May 2022 – Aug 2023

Termales Don Grimaldo · Remote

Maintained production WordPress infrastructure with attack-surface reduction: removed unused components, applied basic hardening, and enforced controlled update workflows.
Configured a customer-support chatbot with sensible data-retention settings and GDPR-aligned data handling.
Managed Cloudflare DNS and SSL, controlled plugin lifecycle, and documented incident root causes with preventive measures for non-technical stakeholders.

WordPress Hardening GDPR Cloudflare

Earlier Career 2017 – 2022

UNESCO · University · ADETURSA

Information Catalogue Development Intern Sep 2020 – Dec 2020

IGRAC (UNESCO) · Netherlands

Built an interactive web-GIS information catalogue with exact metadata and documentation in a cross-functional, governance-driven UNESCO-affiliated environment.
Performed data quality checks, source verification, and provenance tracking. Discipline that translates directly to security telemetry validation and audit trail design.

Data Governance Provenance Tracking

Lecturer: Surface & Groundwater Resources Aug 2021 – Mar 2022

Universidad Nacional de San Martín · Peru

Designed and delivered modules on structured data handling, reproducibility, and risk-based thinking.
Developed knowledge-transfer, documentation, and stakeholder-communication skills through practical workshops and assessment rubrics.

Technical Documentation Training

Technical Environmental Secretary & Project Coordinator Aug 2017 – Sep 2018

ADETURSA · Peru

Coordinated projects with local government and community organisations, keeping agreements and responsibilities clearly documented.
Set up and maintained a basic organisational website with limited admin access and clear credential ownership.

Technical Documentation Website Administration

Education

Academic Background

2023 – 2025

MSc Computer Science

University of London · Distinction · UK

Thesis: Low-Latency Anomaly Detection in Cloud-Native Environments

2023 – 2024

Intensive German A2-B1

Volkshochschule Pankow · Germany

DTZ. Overall Result: B1

2019 – 2020

MSc Hydrogeology & Water Management

Newcastle University · Chevening Scholar · UK

2011 – 2015

BSc Environmental Engineering

Universidad Nacional de San Martín · First-Class Honours · Peru

Contact

Let's Talk Security

Open to security operations, detection engineering, and cloud infrastructure roles in the EU. Based in Berlin.

[email protected] LinkedIn GitHub

Berlin, Germany

Direct Message