[ ]

Patryk Rudnik

Threat Detection & Response

Protecting digital infrastructure through intelligent threat detection, SIEM engineering, and cloud security operations. Specialized in Azure environments and advanced KQL analytics.

Get in Touch View Experience
hunt_lateral_movement.kql
// Hunt: lateral movement via PsExec
SecurityEvent
| where TimeGenerated > ago(7d)
| where EventID == 4688
| where Process has_any (
    "psexec","wmic","powershell")
| where ParentProcessName !has
    "explorer.exe"
| extend RiskScore = case(
    Process has "psexec", 90,
    Process has "wmic", 70, 50)
| where RiskScore >= 70
| summarize Events=count(),
    Hosts=dcount(Computer)
    by Account, Process
| order by Events desc
 
// ✓ 4 high-risk sessions detected
SIEM · XDR · AZURE · KQL
WINDOWS · LINUX · SOC
01

About

I'm a Security Analyst with a passion for hunting threats before they become incidents. My work lives at the intersection of data, detection engineering, and cloud security.

Day-to-day I operate across SIEM platforms and XDR solutions, building detection rules, triaging alerts, and conducting investigations. My Azure expertise lets me secure cloud-native workloads from the ground up.

I'm fluent in KQL — writing complex analytics queries that turn raw telemetry into actionable intelligence. Whether it's a Windows endpoint or a Linux server, I know where adversaries hide.

SOC
Operations focus
24/7
Threat monitoring
KQL
Advanced analytics
☁️
Azure cloud security
02

Core Skills

🔍
SIEM Engineering

Building, tuning, and managing security information and event management platforms. Detection rule creation, log ingestion, and alert optimization.

Detection Rules Log Management Alert Tuning
🛡️
XDR Response

Extended detection and response across endpoints, network, and cloud. Correlating telemetry sources to identify and contain threats fast.

Endpoint Security Threat Correlation Incident Response
☁️
Azure Security

Securing Microsoft Azure environments using Defender for Cloud, Sentinel, Entra ID, and native security controls across subscriptions.

Sentinel Defender for Cloud Entra ID
📊
KQL Analytics

Advanced Kusto Query Language for threat hunting, detection engineering, and security dashboards in Microsoft Sentinel and Log Analytics.

Threat Hunting Log Analytics Dashboards
🪟
Windows Security

Deep understanding of Windows internals, event logs, Active Directory security, and endpoint hardening against common adversary techniques.

Event Logs Active Directory Hardening
🐧
Linux Security

Linux system monitoring, log analysis, privilege escalation detection, and securing server workloads against lateral movement and persistence.

Syslog Auditd Privilege Escalation
03

Tech Stack

Platforms & SIEM
Microsoft Sentinel
Splunk
Elastic SIEM
QRadar
XDR & Endpoint
Microsoft Defender XDR
Defender for Endpoint
CrowdStrike
Cloud & Identity
Azure
Entra ID
Defender for Cloud
Azure Monitor
Languages & Query
KQL
PowerShell
Bash
Python
04

Experience

PRESENT
Security Analyst
— SOC / Security Operations
  • Monitor, triage, and investigate security alerts across SIEM and XDR platforms daily
  • Author and tune KQL detection rules in Microsoft Sentinel to reduce false positives and improve coverage
  • Respond to and contain endpoint threats using Microsoft Defender XDR
  • Analyze Windows and Linux event logs to trace adversary activity and build incident timelines
  • Conduct proactive threat hunts across Azure-hosted workloads and on-premises infrastructure
PREVIOUS
Junior Security Analyst
— Security Operations Center
  • First-line alert triage and escalation following runbook procedures
  • Supported deployment and configuration of SIEM data connectors and log sources
  • Assisted in vulnerability assessment and patch tracking across Windows and Linux fleets
  • Built introductory KQL queries for log visibility and basic detection use cases
05

Contact

Open to security roles, consulting, and collaboration on detection engineering projects. Reach out through any of the channels below.

patryk.rudnik@email.com in linkedin.com/in/patrykrudnik github.com/patrykrudnik
sentinel_query.kql
// Threat hunt — suspicious logins
SigninLogs
 | where TimeGenerated > ago(1d)
 | where ResultType == "0"
 | where RiskLevelDuringSignIn in ("high", "medium")
 | summarize count() by
    UserPrincipalName, IPAddress,
    Location, AppDisplayName
 | order by count_ desc
 
// Results: 3 anomalous sessions flagged
Running query...