Hi, I'm Rhodyn Ildefonso

Threat Hunter
& Detection Engineer

I am a cybersecurity professional based in Huaral, Lima, Peru. I focus on Threat Hunting & Detection Engineering , developing hypothesis-based investigations, telemetry analysis, and detection logic to identify adversary behaviors.

I work with Elastic Security, Kibana, KQL, Sysmon, Velociraptor, Python, Docker, and Cloud environments, complementing SOC operations, Incident Response, DFIR, and Cloud Security.

Request CV

Technologies and tools

Elastic Security Elastic Security
Kibana Kibana
Kusto Query Language Kusto Query Language
Microsoft Sentinel Microsoft Sentinel
Sysmon Sysmon
Velociraptor Velociraptor
Wireshark Wireshark
MITRE ATT&CK MITRE ATT&CK
Cyber Kill Chain Cyber Kill Chain
Python Python
PowerShell PowerShell
Docker Docker
Windows Subsystem for Linux Windows Subsystem for Linux
Git Git
Kali Purple Kali Purple
VirusTotal VirusTotal
OTX AlienVault OTX AlienVault
IBM X-Force Exchange IBM X-Force Exchange
Microsoft Defender for Cloud Microsoft Defender for Cloud
AWS GuardDuty AWS GuardDuty
AWS Detective AWS Detective
AWS CloudTrail AWS CloudTrail
Check Point CloudGuard Check Point CloudGuard

What do I do?

  • Threat Hunting
    • Hypothesis-based investigations.
    • Telemetry and adversary behavior analysis.
    • Technical mapping with MITRE ATT&CK and Cyber Kill Chain.
  • Detection Engineering
    • Design of behavior-oriented detection logic.
    • Construction and validation of KQL queries.
    • Event correlation across SIEM and telemetry sources.
  • DFIR & Incident Response
    • Analysis of Windows, Linux, and endpoint activity events.
    • Technical support for triage, investigation, and incident response.
    • Artifact review with Sysmon, Velociraptor, and security logs.
  • Cloud Security
    • Activity analysis in Azure and AWS environments.
    • Review of identity, access, and cloud activity events.
    • Technical support for multi-cloud SOC and IR operations.
  • Security Labs & Engineering
    • Construction of reproducible security labs.
    • Automation and scripting with Python, Docker, Linux, and WSL.
    • Technical documentation of investigations, detections, and procedures.

Technical Portfolio

Projects

Threat Hunting Knowledge Base

cyber-threat-hunting

Active

Technical documentation repository and Threat Hunting lab based on hypotheses, MITRE ATT&CK, and Cyber Kill Chain. It includes investigations, methodologies, analysis, and reference material for Threat Hunting operations.

Threat Hunting MITRE ATT&CK Cyber Kill Chain Documentation Detection
View repository
Threat Hunting Lab Logs

cyber-threat-hunting-lab-logs

Active

Lab repository with controlled logs, PCAP files, queries, analyst notes, and technical evidence to reproduce hypothesis-based Threat Hunting investigations.

Lab Logs PCAP KQL Telemetry Threat Hunting
View repository
Detection Engineering Lab

elastic-security-lab

Active

Local Elastic Security lab for log ingestion, telemetry analysis, Kibana visualization, and development of searches oriented toward Threat Hunting and Detection Engineering.

Elastic Security Kibana Filebeat Docker Detection Engineering
View repository
Technical Knowledge Base

engineering-knowledge-base

Active

Technical knowledge base about tools, automation, and work environment configuration with PowerShell, Git, WSL, Python, and Docker, focused on practical and reusable documentation.

PowerShell Git WSL Python Docker Documentation
View repository
View more repositories on GitHub

Professional Career

Experience

1
Threat Hunting & Detection Engineering Practitioner Independent / Technical Portfolio

Threat Hunting & Detection Engineering Practitioner

Independent / Technical Portfolio

Jan 2026 - Present Huaral, Lima, Peru Self-employed

Independent development of a technical portfolio focused on Threat Hunting, Detection Engineering, SOC Operations, and DFIR, with an emphasis on reproducible investigations, log analysis, structured documentation, and practical security labs.

  • Development of Threat Hunting hypotheses using MITRE ATT&CK and Cyber Kill Chain.
  • Construction of labs with Elastic Security, Elasticsearch, Kibana, Filebeat, Docker, Docker Compose, and WSL.
  • Documentation of KQL queries, log analysis, technical evidence, IoCs, observable artifacts, and reproducible procedures.
  • Continuous DFIR practice and endpoint analysis with Velociraptor, Sysmon, Wireshark, and Windows/Linux artifacts.
Threat Hunting Detection Engineering DFIR Elastic Security KQL Velociraptor
2
Incident Response Engineer - Cloud Security Baufest

Incident Response Engineer - Cloud Security

Baufest / Cencosud Supermercados S.A.

Jan 2023 - Jun 2025 Remote / Santiago, Chile Full-time

Participation in incident response operations across multicloud environments, including Azure, AWS, and OCI, with activities involving detection, triage, investigation, escalation, mitigation, and operational documentation.

  • Cloud incident management, advanced triage, event analysis, operational escalation, and technical documentation.
  • Investigation and correlation of events using Microsoft Sentinel, KQL, Microsoft Defender, Defender for Cloud, AWS GuardDuty, AWS Detective, and AWS CloudTrail.
  • Analysis of IoCs, anomalous behaviors, attack patterns, cloud events, and security findings.
  • Operational validation and tuning of alerts to reduce false positives and improve SOC / Cloud Security workflows.
  • Coordinated work with Security, IaaS, Development, Networking, IAM, and Architecture teams.
Incident Response Cloud Security Microsoft Sentinel KQL AWS GuardDuty Defender for Cloud
3
Operations Specialist - Cybersecurity Baufest

Operations Specialist - Cybersecurity

Baufest

Oct 2022 - Jun 2025 Miraflores, Lima, Peru Full-time

Initial and later complementary role focused on Secure SDLC, application security testing, vulnerability analysis, and Linux hardening, with occasional participation in AppSec and pentesting projects.

  • Execution of security testing on applications and services using OWASP ZAP, Burp Suite, and Nessus.
  • Identification, validation, and documentation of vulnerabilities aligned with the OWASP Top Ten and Secure SDLC best practices.
  • Support in hardening analysis and review of security configurations on Linux systems.
  • Preparation of technical and executive reports to communicate findings, risks, impact, and remediation recommendations.
AppSec Vulnerability Assessment OWASP Burp Suite Nessus Linux Hardening
4
PEI DevSecOps / Cloud Security Baufest

PEI DevSecOps / Cloud Security

Baufest

May 2022 - Oct 2022 Miraflores, Lima, Peru Training Contract

Participation in a training program focused on developing technical skills in DevSecOps, Cloud Security, automation, secure operations, and collaborative work in technology environments.

  • Practical training in DevSecOps fundamentals, Cloud Security, automation, and secure operations.
  • Development of initial automations with Bash and Python.
  • Introduction to technical documentation, continuous improvement, change control, and collaboration with technical teams.
  • Strengthening of technical foundations in Linux, scripting, applied security, and workflows oriented toward technology services.
DevSecOps Cloud Security Python Linux Automation

Professional Education

Education

1 Formal Education

Bachelor's Degree in Computer Engineering

Universidad Nacional José Faustino Sánchez Carrión

Mar 2022 - Feb 2023

University education focused on engineering, information technologies, systems, and applied technical fundamentals.

Undergraduate Studies in Computer Engineering

Universidad Nacional José Faustino Sánchez Carrión

Apr 2016 - Dec 2021

Completion of the Computer Engineering academic program with a foundation in systems, programming, infrastructure, and technical analysis.

2 Certifications

Microsoft SC-200: Security Operations Analyst

Microsoft

2023

Certification focused on security operations, Microsoft Sentinel, Microsoft Defender, and threat analysis.

Microsoft SC-900: Security, Compliance, and Identity Fundamentals

Microsoft

2022

Fundamentals of security, compliance, identity, and security services within the Microsoft ecosystem.

3 Complementary Studies

Specialization in Digital Forensics & Incident Response

Academia de Ciberseguridad

2026

Practical DFIR training focused on the incident response lifecycle, evidence preservation, chain of custody, endpoint forensic analysis, review of Windows/Linux artifacts, network analysis, and technical/executive documentation.

Cyber Threat Hunting (CTH)

Academia de Ciberseguridad

2026

Practical Threat Hunting training focused on formulating hypotheses based on CTI and MITRE ATT&CK, telemetry analysis in SIEM/EDR platforms, endpoint and network hunting, findings documentation, and conversion into SOC use cases.

Cyber Threat Intelligence (CTI)

Academia de Ciberseguridad

2026

Practical Cyber Threat Intelligence training focused on the intelligence lifecycle, threat actor analysis, TTPs, MITRE ATT&CK, Cyber Kill Chain, OSINT, ASM, and the development of technical and executive reports for SOC environments.

TryHackMe Roadmap: Security Engineer

TryHackMe

2025

Practical path focused on security engineering fundamentals, technical analysis, and defensive operations.

TryHackMe Roadmap: Security Analyst

TryHackMe

2025

Practical path focused on security analysis, event investigation, SOC fundamentals, and initial response.

TryHackMe Roadmap: Cyber Security Foundations

TryHackMe

2025

Complementary training in cybersecurity fundamentals, threats, defensive controls, and operational concepts.

TryHackMe Roadmap: Computer Science Basics

TryHackMe

2025

Foundational path in computer science concepts applied to technical learning in cybersecurity.

4 Upcoming Certifications

eCTHP: eLearnSecurity Certified Threat Hunting Professional

INE / eLearnSecurity

Planned

Certification focused on Threat Hunting, threat analysis, hypothesis-based investigation, and detection.

eCIR: eLearnSecurity Certified Incident Responder

INE / eLearnSecurity

Planned

Certification focused on incident response, technical analysis, investigation, and DFIR procedures.

Let's Talk

Contact

If you would like to contact me regarding job opportunities, cybersecurity projects, technical collaboration, or to request my updated CV, you can reach me through this form.

Location: Huaral, Lima, Peru
GitHub
LinkedIn