David Castro
Sr. Cybersecurity Threat Detection & Response Specialist
Costa Rica
Summary
Cybersecurity Specialist with 5+ years of experience in threat detection engineering, incident response, and CTI integration across cloud and enterprise environments. Proven ability to optimize SIEM content, automate detection logic, and align alerts with MITRE ATT&CK and adversary TTPs. Skilled in leading SOC teams, mentoring analysts, and conducting training to improve detection and response maturity.
Experienced in collaborating with Purple Teams and vulnerability management to enhance visibility and tune detection rules. Proficient in CTI platforms, creating tailored threat bulletins, and supporting detection engineering initiatives. Strong communication, analytical thinking, and decision-making under pressure, with a focus on cross-functional teamwork and continuous improvement.
Overview
8
8
years of professional experience
6
6
Certificates
1
1
year of post-secondary education
Work History
Sr Cybersecurity Threat Detection & Response
Kimberly Clark
Heredia, Remote
04.2023 - Current
- Conducted proactive threat hunting using TIP platforms and OSINT tools, applying MITRE ATT&CK to uncover advanced threats.
- Acted as a team lead escalation point, performing in-depth analysis of suspicious events via network telemetry, logs, and EDR data.
- Reduced false positives by 30% by fine-tuning SIEM rules and automating alert logic, enhancing detection accuracy and analyst efficiency.
- Partnered with purple teams and security engineering to design custom detections and architecture improvements.
- Authored and maintained standardized playbooks and global knowledge base entries.
- Organized and delivered technical training sessions and knowledge-sharing initiatives, tabletop, improving SOC response times and detection maturity.
- Led the adoption of CTI practices within the SOC, collaborating with Cyber Threat Intelligence teams to handle threat actor TTPs, integrate intelligence into detection pipelines, and create internal threat bulletins aligned with the organization’s risk profile and global threat landscape.
Cyber-Security Specialist Analyst
3M
Heredia, Remote
09.2021 - 04.2023
- Built and deployed custom SIEM dashboards, improving visibility into threat trends and decreasing triage time by 40%.
- Analyzed PCAPs using Wireshark and correlated data from multiple tools (EDR, IDS/IPS, firewalls) to detect lateral movement and advanced attacks.
- Applied Cyber Kill Chain methodology to trace attacker paths and propose mitigation strategies.
- Provided mentorship and escalation support during critical security incidents and Purple Team exercises.
- Worked with cloud-based environments (AWS, Azure) and integrated logs from various sources for comprehensive analysis.
- Supported documentation of detection use cases, alert tuning, and threat modeling processes.
Cyber-Security CSIRT Incident Response Analyst
DXC Technology
Heredia, Remote, Provincia de Heredia
07.2020 - 09.2021
- Managed IR processes based on NIST framework; collaborated with legal and forensics.
- Created detection automation for common incidents and integrated threat feeds.
- Investigated malware and phishing incidents, using OSINT tools to support threat attribution and IOC enrichment.
- Developed standardized incident classification and escalation criteria, improving case prioritization accuracy and reducing false positives by 15%.
DevOps SAP Consultant
DXC Technology
Heredia, Remote, Provincia De Heredia
04.2018 - 07.2020
- Maintained strong customer relationships and delivered solutions across 10+ enterprise projects, translating business needs into SAP solutions.
- Led agile deployments for SAP and infrastructure projects, using Scrum and Kanban methodologies in JIRA, improving sprint delivery predictability by 30%.
- Designed and implemented ETL data pipelines and infrastructure monitoring scripts using PowerShell and KNIME, reducing manual workload by 40%.
Web Developer Intern
Ex2 Outcoding
06.2017 - 11.2017
- Troubleshooted and debugged code ensuring compatibility with devices, browsers, and operating systems
- Developed user interfaces with modern JavaScript frameworks, HTML5 and CSS3
- Adhered to best practices for software development methodology
- Partnered with business stakeholders and experts regarding research and productivity to achieve goals.
Education
MBA - Information Technology Management
Tecnologico De Costa Rica
Costa Rica 02.2024 - Current
Master of Science - Big Data & Business Intelligence
Universidad Católica San Antonio De Murcia
Spain 05.2019 - 2020.02
Bachelor of Science - IT Systems Engineering
Universidad Nacional De Costa Rica
Heredia 05.2001 -
Associate of Science - Software Development
Universidad Nacional De Costa Rica
Heredia 05.2001 -
Associate - IT Telecommunications
Universidad Estatal A Distancia
Puntarenas 03.2014 - 2015.03
Languages
English (Full Professional)
Spanish (Native Language)
Certification
CISSP - Certified Information System Security Professional - ID: 1137369
Consulting Experience
Independent Cybersecurity Consultant (Part-Time / Freelance)
Remote | Feb 2024 – Dec 2024
- Advised small and mid-sized organizations on selecting and implementing EDR solutions, balancing budget constraints with technical and operational capabilities.
- Supported incident response (IR) efforts based on the NIST framework, assisting with incident triage, containment, eradication, and recovery phases.
- Helped optimize internal IR processes, including refining IR documentation, incident classification criteria, escalation matrices, and reporting templates.
- Provided hands-on support for IR tool configuration, tuning alert thresholds, and improving analyst workflows within ticketing and SOAR platforms.
- Guided teams on enhancing endpoint visibility, improving telemetry usage, and aligning IR efforts with compliance and audit expectations.
Courses
Working and Communicating with Different Personalities - Pluralsight
Effective Communication - Pluralsight
CySA+ CompTIA Cybersecurity Analyst - Pluralsight
Courses
Working and Communicating with Different Personalities - Pluralsight
Effective Communication - Pluralsight
CySA+ CompTIA Cybersecurity Analyst - Pluralsight
Similar Profiles
Samara StockwellSamara Stockwell
Crew Leader Relief at Kimberly ClarkCrew Leader Relief at Kimberly Clark
Brian WallenBrian Wallen
Machine Operator at Kimberly ClarkMachine Operator at Kimberly Clark
Ryan GreavesRyan Greaves
Manufacturing Team Member at Kimberly ClarkManufacturing Team Member at Kimberly Clark
Allan Ramirez CAllan Ramirez C
Information Security Lead at PHILIPSInformation Security Lead at PHILIPS
Sebastian MurilloSebastian Murillo
Lead Recruiter at MicrosoftLead Recruiter at Microsoft