shield_person Ivan Kuznetsov

Ivan Kuznetsov

Cybersecurity Engineer · BSc Cyber Security Engineering (TalTech) · SIEM/XDR & Detection Engineering · Automation

person About me

I am a Cybersecurity Engineer with hands-on experience in SIEM/XDR operations, incident response, and detection engineering.

I'm responsible for core security operations, working across infrastructure, development, and business teams to investigate incidents, analyze security data, and support infrastructure-level security decisions - regularly collaborating with senior engineers, technical leads, and C-level stakeholders.

My experience spans threat detection, vulnerability management, identity security (Microsoft Entra ID), and application security reviews, including vendor risk assessments. I also bring a background in software development, applying engineering skills to build internal tools and automate security workflows using scripting and AI-based solutions.

Languages: English (Fluent) · Estonian (Fluent) · Russian (Native)

history_edu Work experience

Admirals
Full-time · 01/2026 – Present · Tallinn, Estonia
  • Cyber Security Engineer

    06/2026 – Present
    • Working as a key Cybersecurity Engineer, reporting directly to the CISO and collaborating closely with department heads and senior technical leads to secure corporate infrastructure and guide security decisions.
    • Conducted deep-dive investigations into diverse security cases, analyzing telemetry and data sources and writing actionable technical reports for cross-functional teams and C-level management.
    • Engineered and rolled out CIS Benchmark-aligned security baselines for Windows endpoints.
    • Streamlined patch management by developing automated scripting for secure, background deployment of critical security updates.
  • Junior Cybersecurity Engineer

    01/2026 – 06/2026
    • Executed incident response and threat hunting within the corporate environment, utilizing Cortex XDR for advanced detection and remediation.
    • Used Microsoft Entra ID telemetry for identity-based investigations and identity/access management.
    • Evaluated software requests for security compliance, performed vendor due diligence, and completed security questionnaires.
    • Orchestrated company-wide phishing simulation campaigns to improve security awareness.
Cybertex Security OÜ
12/2024 – Present · Tallinn, Estonia
  • Cyber Security Specialist

    Contract · 06/2026 – Present
    • Managed email security, planned and executed phishing simulation and security awareness campaigns, improving the organization's resilience against social engineering attacks.
  • Junior Cybersecurity Engineer

    Part-time · 11/2025 – Present
    • Progressed from Intern to Junior Cybersecurity Engineer, and since 06/2026 also contribute as a Cyber Security Specialist on contract, working on diverse cybersecurity projects.
  • Cyber Security Intern

    Internship · 12/2024 – 11/2025
    • Built a SIEM/XDR platform using Wazuh, deploying custom detection rules and automated incident response scenarios.
    • Developed an AI assistant for sales and operations automation leveraging n8n, RAG, and OpenAI.

Junior Software Developer

Saule IT Services OÜ · Full-time · 09/2025 – 01/2026 · Tallinn, Estonia
  • Developed a PHP-based backend solution with secure data validation.
  • Improved the legacy CAPTCHA implementation to enhance both security and user experience.

school Education

Tallinn University of Technology (TalTech)

BSc Cyber Security Engineering

09/2023 – 06/2026 · Graduated

Bachelor's thesis: LLM-Enhanced SAST — Reducing False Positives in Detection of Vulnerabilities in Source Code, using a local, uncensored small language model to double vulnerability detection recall while keeping source code private.

grid_view Skills

code Programming & Databases
Python JavaScript HTML/CSS PostgreSQL REST API Git PHP MySQL
security Cybersecurity
SIEM (Wazuh) XDR (Cortex) Threat & Vulnerability Management Incident Response YARA SOAR CVSS CIS Benchmarks MITRE ATT&CK Cyber Kill Chain
dns Systems & Networking
Linux (Red Hat, Ubuntu) Windows Server (AD, GPO, PowerShell-V) Bash/CLI Azure Entra ID IaC (Ansible) Cisco IOS TCP/IP VPN VLANs/NAT/WAN/QoS Cisco ASA
build_circle Tools & Platforms
Wireshark Nmap Elastic Stack Syslog KnowBe4 VirusTotal API Performance Monitor
hub Blockchain & Automation
n8n LLM Integrations Open-source Automation Retrieval-augmented generation (RAG) Smart Contracts Node Deployment & Hardening

workspaces Portfolio

LLM-Enhanced SAST

Bachelor's Thesis · TalTech

An automated DevSecOps pipeline that eliminates SAST alert fatigue and prevents data leakage by triaging vulnerabilities locally on consumer-grade hardware. A custom semantic parser paired with an "abliterated" (uncensored) 4B small language model bypasses AI safety refusals on security-audit code, doubling vulnerability detection recall while keeping source code fully private.

Tech: Python, Local LLM, Semantic Parsing, SAST

CIS Benchmark-Based Endpoint Hardening

Security Engineering · Admirals

Engineered and rolled out CIS Benchmark-aligned security baselines for Windows endpoints, and streamlined patch management with automated scripting for secure, background deployment of critical security updates.

Tech: Windows, CIS Benchmarks, Audit Controls, Automated Patch Management

PHP CLI Password Manager

University Project · Secure Programming

Developed a secure, interactive command-line vault. Features libsodium encryption (Argon2id, XChaCha20-Poly1305), strict data validation, and Linux clipboard integration.

Tech: PHP 8.4, Symfony Console, libsodium

Ansible Infrastructure as Code

University Project · IT Infrastructure Services

Single Ansible playbook that turns three bare Ubuntu VMs into a highly available web setup: dynamic DNS with BIND9, replicated MySQL, a Dockerized app tier behind HAProxy with Keepalived VIP failover, plus a full Prometheus/Loki/Grafana monitoring stack and scheduled offsite backups via Duplicity. Secrets are encrypted with Ansible Vault, and config changes to Prometheus/Loki are validated with automatic rollback on failure.

Tech: Ansible, BIND9, MySQL, Docker, HAProxy, Keepalived, Prometheus, Grafana, Loki, Duplicity

Wazuh SIEM/XDR

Security Engineering

Built a robust SIEM/XDR platform using Wazuh, integrating custom YARA-based detection rules for advanced malware analysis and threat alerting.

Tech: Wazuh, YARA, Linux, Windows, Syslog

AI Sales Assistant

AI Automation · Cybertex Security

Full-stack AI sales assistant with a ChatGPT-style interface, backed by an n8n workflow that coordinates multiple AI agents, contextual reasoning, and RAG-based memory over a PostgreSQL catalog of several hundred products to deliver accurate, context-aware recommendations.

Tech: HTML/CSS/JS, n8n, OpenAI API, PostgreSQL, RAG

FinCheck - Personal Finance Tracker · Web Technologies

University Project

Full-stack web app for budgeting, categorization, and charts with strong security controls against XSS and SQL injection.

Tech: PHP, JavaScript, MySQL, HTML/CSS

Orbital Signal Deception Planner

Defence AI Hackathon 2025

AI-based counter-SIGINT prototype that forecasts 24-hour satellite trajectories over target zones and uses a local LLM to generate rule-based deception tactics against SIGINT surveillance.

Tech: Python, Local LLM, Skyfield, JavaScript

CyberBazaar 2024 - Email Security & Governance

Cybersecurity Hackathon · 4th place

Co-developed EUMTP (European Union Mail Trust Policy), a proposed EU-wide regulation enforcing SPF, DKIM, DMARC, DNSSEC, and TLS across email services to curb spoofing-driven fraud, with GDPR-inspired compliance audits and phased implementation.

Tech: Email Security, SPF/DKIM/DMARC, Policy Design

verified Certifications

chat Contact

Let’s build secure and intelligent systems together.