About | Josh

Josh

Threat Hunter • Detection Engineer • SOC

Location South Carolina

Current Role Detection Engineer

Company Secnap Network Security

GitHub NovaSky0x1

How I Got Here

I started at the help desk. Moved through systems engineering and network security, then into the SOC. I love all of it. Working alerts, hunting through telemetry for things that tools miss, writing detection rules that actually catch real threats. I'm not trying to pick one lane. Threat hunting, detection engineering, SOC operations, they all feed each other and I want to be good at all of them.

At Red Canary I hunted full time across major EDR platforms. Found a threat actor with a 2-month undetected VPN compromise running AD brute force. Identified FIDO downgrade attacks in Entra ID, malicious LNK files pointing to C2, and infostealers like Chihuahua Stealer. I got to take real hunts and work with the detection engineering team to convert them into production rules.

Now I'm at Secnap Network Security where I wear a lot of hats. I write custom detection rules for Windows, M365, Entra ID, and Google Workspace in LimaCharlie, converting Sigma rules into the platform and writing new ones from scratch. Mac and Linux coverage is next. I've built the entire customer portal, SOC dashboard, workflow system, and response processes using PHP, MySQL, and the LimaCharlie API. I lead the SOC team handling incidents and escalations, I'm building out the threat hunting function, and I run customer-facing product demos and work directly with customers on incidents and questions.

I'm not a developer by background, but I've gotten hands-on building the tools our team needs. I like solving problems and I like building things that make security operations better.

Experience

Career Timeline

AUG 2025 - PRESENT

Detection Engineer

Secnap Network Security

Custom detection rules for Windows, M365/Entra ID, and Google Workspace in LimaCharlie (Mac and Linux coming next)
Converting Sigma rules into LimaCharlie D&R format and writing custom detections from scratch
34 custom LimaCharlie D&R rules, 27 Fibratus detection rules
Detected ClickFix attack via callstack analysis, prevented NetSupport RAT deployment
Built the entire customer portal, SOC dashboard, workflow system, and response processes
Hands-on with PHP, MySQL, and the LimaCharlie API
Leading the SOC team: incident handling, escalation, and operations strategy
Building the threat hunting function from the ground up
Customer-facing product demos and direct customer support for incidents
Threat hunting using raw EDR telemetry across customer environments

APR 2025 - AUG 2025

Threat Hunter

Red Canary

Hunted across SentinelOne, CrowdStrike, MDE, Carbon Black, Palo Alto Cortex
Found 2-month undetected VPN compromise with AD brute force
Identified FIDO downgrade attacks, malicious LNKs, Chihuahua Stealer
Surveyor + Jupyter notebooks + Pandas for cross-environment queries at scale
Converted threat hunts into production detections with the DE team
Primary customer contact during declared incidents

AUG 2024 - APR 2025

SOC Analyst

Secnap Network Security

24/7 SOC for small businesses and MSPs: triage, blocking, isolation
Threat hunting with Velociraptor and Fibratus for kernel-level detection
Built ransomware detection rules using File I/O patterns from Windows kernel events
Built unified MDR agent as a Windows service
Automated MDR build process using PowerShell and Bash scripting

DEC 2023 - AUG 2024

Cybersecurity Analyst

Intelli-NET

Fortinet firewalls, Ubiquiti, ThreatLocker, Huntress EDR
NIST 800-171/800-61 alignment, IR policies, DR plans
PowerShell automation for security configs (SMB Signing, LLMNR/NetBIOS)

AUG 2023 - DEC 2023

System Engineer

Intelli-NET

Domain Controllers, Azure Cloud Sync, hybrid identity management

MAR 2023 - AUG 2023

Help Desk Specialist

EIT Networks

Where it all started. AD, O365, vulnerability assessments.

About Me

How I Got Here

Career Timeline

Certs

Want to connect?