JOSE L TORRICO_

Cloud Security Lead & Azure SME

// Defending Digital Frontiers in the Cloud

Initialize Connection

About

JOSE L TORRICO Profile Picture

whoami.exe

I'm a seasoned cloud security professional with over a decade of IT experience, specializing in Azure Cloud Security and Microsoft XDR technologies. I thrive on complex challenges and continuously adapt to the evolving cybersecurity landscape.

Currently serving as a Cloud Security Lead, I've spearheaded major cloud migration projects, implemented cutting-edge security measures, and trained teams on best practices for securing cloud infrastructures. My expertise spans from SIEM migrations to automation-based security operations.

I'm passionate about proactive security measures and believe every configuration matters when protecting critical government and enterprise systems.

Resume

Experience

Cloud Security Lead

NetCentrics/OneZero (CDM Defend Group A)
Dec 2022 - Present
  • Implemented Microsoft XDR technologies to enhance security measures for USCG CSOC
  • Spearheaded design and implementation of RBAC roles for cloud security-based tools
  • Trained CSOC analysts on tools and best practices for incident management and administration
  • Developed comprehensive documentation to support CSOC analysts and operations
  • Served as Subject Matter Expert for Microsoft Defender XDR with cross-team collaboration
  • Engineered automation-based rules, playbooks, and workbooks to reduce alert fatigue
  • Conducted cloud security assessments for customer onboarding into Azure/AWS environments
  • Facilitated brown bag and brainstorm sessions for continuous environment improvement
  • Advised CGCYBER leadership on automation strategies for security operations efficiency

Cloud Security Architect

Booz Allen Hamilton
May 2022 - Dec 2022
  • Led as Azure SME for Cloud Migration Project for Government Customer
  • Designed and implemented security recommendations based on customer requirements
  • Guided internal teams as lead Azure Cloud Security Subject Matter Expert
  • Contributed to internal CTO investment projects creating terraform modules for deployments
  • Conducted Technical Exchange Meetings with customers and internal teams
  • Tested and researched new service offerings within Microsoft Security ecosystem

Senior Information Security Engineer

ManTech
Apr 2018 - May 2022
  • Served as SME for Azure Cloud Migration project implementation
  • Led SIEM migration project to Azure Sentinel for multi-tenancy logging
  • Advised customers on best practices for securing customer tenants
  • Managed Microsoft security products: Defender for Endpoint, Defender for O365, Endpoint Manager
  • Executed Proof of Concept projects evaluating products for security infrastructure needs
  • Provided Tier 3/Enterprise support for all security infrastructure related issues
  • Documented SOPs and performed disaster recovery planning of security products
  • Supported SOC for Incident Response and summarized events during daily debriefs

Help Desk Specialist, Staff

ManTech
Nov 2015 - Apr 2018
  • Supervised team of four Help Desk analysts overseeing deployment of enterprise equipment
  • Managed equipment tracking and documentation for monthly accruals to accounting department
  • Resolved day-to-day user issues ensuring high levels of customer satisfaction
  • Analyzed metrics and ticket data to ensure SLA compliance and performance standards
  • Documented information and updates in KB article database for future reference
  • Configured and maintained ManTech's first Imaging Lab network for laptop deployment

Desktop Support Specialist Tier II

DRS Technical Services
Feb 2010 - Nov 2015
  • Assisted staff with installation, configuration, and usability of desktop systems and software
  • Ensured seamless interconnection of systems including validation, file, email, and application servers
  • Assumed procurement specialist responsibilities during organizational transition with asset management
  • Provided project support phasing out RSA tokens ensuring smooth security transition
  • Managed and implemented Symantec Ghost solution for enterprise deployment efficiency

Education

CARTP: Certified Azure Red Team Professional

Altered Security
May 2024

Advanced certification in Azure cloud penetration testing and red team operations

SEC560: Enterprise Penetration Testing

SANS
August 2021

Advanced penetration testing methodologies for enterprise environments

SEC504: Hacker Tools, Techniques, and Incident Handling

SANS
October 2020

Hands-on training in attack techniques and incident response procedures

SEC503: Network Monitoring and Threat Detection In-Depth

SANS
December 2018

Advanced network security monitoring and threat hunting techniques

Computer Network Systems

ITT Technical Institute
2009 - 2010

Focused on network infrastructure and systems administration. Complemented by extensive professional development in cloud security and Microsoft technologies.

Certifications

GIAC Penetration Tester (GPEN)

GIAC
2022

GIAC Certified Incident Handler (GCIH)

GIAC
2021

Security, Compliance, Identity Fundamentals (SC-900)

Microsoft
2022

Azure Fundamentals (AZ-900)

Microsoft
2020

Carbon Black EDR Associate

VMware Carbon Black
2020

Carbon Black App Control Associate

VMware Carbon Black
2020

Skills

โ˜๏ธ

Cloud Security

AWS GuardDuty AWS Security Hub AWS IAM / SCPs CloudTrail / CloudWatch Azure Defender for Cloud Azure AD / Entra ID Conditional Access Privileged Identity Management (PIM) Azure Bastion Logic Apps / Playbooks Azure Firewall Network Security Groups Azure Policies Private Link / Service Endpoints Multi-VNet Architecture Hybrid Connectivity Security
๐Ÿ›ก๏ธ

Microsoft Security Stack

Defender for Endpoint Defender for Cloud Defender for Identity Defender for Cloud Apps Microsoft XDR Secure Score / Compliance Manager Microsoft Sentinel Endpoint Manager (Intune) Microsoft Information Protection Purview (Data Governance) Identity Protection / Risk Policies
๐ŸŽฏ

Security Operations

SIEM Management Incident Response Threat Hunting MITRE ATT&CK Penetration Testing Security Assessment SOAR Integration Threat Intelligence Platforms Attack Surface Reduction Kill Chain Mapping Security Playbook Design
โšก

Infrastructure & Automation

ARM Templates Bicep Terraform PowerShell Python Azure DevOps GitHub Actions / CI Pipelines Infrastructure as Code Policy-as-Code Secrets Management (Azure Key Vault / AWS Secrets Manager) RBAC Automation Immutable Infrastructure
๐Ÿ”

Additional Security Tools

Carbon Black (EDR/App Control) CrowdStrike Falcon McAfee (DLP/ENS/FRP) RSA Authentication Okta / Ping Identity Nexpose ArcSight Splunk / ELK Stack EnCase Endpoint Sysmon / Windows Event Forwarding
๐Ÿ“‹

Compliance & Frameworks

Zero Trust Architecture Defense-in-Depth CMMC NIST Framework FedRAMP Regulatory Compliance Mapping Risk Assessment TS/SCI Clearance Government Standards Security Control Mapping Documentation

Projects

๐Ÿ—๏ธ

ATT4CKQL

Comprehensive collection of Kusto Query Language (KQL) queries specifically designed for Microsoft Sentinel. These queries are mapped to MITRE ATT&CK techniques and are optimized to detect sophisticated threats across multiple detection sources.

Kusto Analytic Rules Hunting Rules
๐Ÿš€

KQLified

Master threat detection and investigation with hands-on KQL scenarios across Microsoft 365, Azure, AWS, and Kubernetes environments

Kusto Lab
๐Ÿ›ธ

HelloNavigator

Flight of the Navigator themed CTF that engages a user with real world challenges that feature real commands from well known tools.

CTF Retro
๐Ÿงช

Jekyll and Hire

A modern, interactive portfolio website built with Jekyll, featuring a sleek tech-themed design perfect for developers and tech professionals (or anyone interested!). The idea is to, well, get hired!

GitHub Jekyll

Contact

Establish Connection

@
Email
Jose.L.Torrico@outlook.com
๐Ÿ“
Location
Washington, DC
๐Ÿ”—
LinkedIn
www.linkedin.com/in/jltorrico/