Summary
Overview
Work History
Education
Languages
Certification
Consulting Experience
Courses
Courses
BusinessAnalyst
David Castro

David Castro

Sr. Cybersecurity Threat Detection & Response Specialist
Costa Rica

Summary

Cybersecurity Specialist with 5+ years of experience in threat detection engineering, incident response, and CTI integration across cloud and enterprise environments. Proven ability to optimize SIEM content, automate detection logic, and align alerts with MITRE ATT&CK and adversary TTPs. Skilled in leading SOC teams, mentoring analysts, and conducting training to improve detection and response maturity.

Experienced in collaborating with Purple Teams and vulnerability management to enhance visibility and tune detection rules. Proficient in CTI platforms, creating tailored threat bulletins, and supporting detection engineering initiatives. Strong communication, analytical thinking, and decision-making under pressure, with a focus on cross-functional teamwork and continuous improvement.

Overview

8
8
years of professional experience
6
6
Certificates
1
1
year of post-secondary education

Work History

Sr Cybersecurity Threat Detection & Response

Kimberly Clark
Heredia, Remote
04.2023 - Current
  • Conducted proactive threat hunting using TIP platforms and OSINT tools, applying MITRE ATT&CK to uncover advanced threats.
  • Acted as a team lead escalation point, performing in-depth analysis of suspicious events via network telemetry, logs, and EDR data.
  • Reduced false positives by 30% by fine-tuning SIEM rules and automating alert logic, enhancing detection accuracy and analyst efficiency.
  • Partnered with purple teams and security engineering to design custom detections and architecture improvements.
  • Authored and maintained standardized playbooks and global knowledge base entries.
  • Organized and delivered technical training sessions and knowledge-sharing initiatives, tabletop, improving SOC response times and detection maturity.
  • Led the adoption of CTI practices within the SOC, collaborating with Cyber Threat Intelligence teams to handle threat actor TTPs, integrate intelligence into detection pipelines, and create internal threat bulletins aligned with the organization’s risk profile and global threat landscape.

Cyber-Security Specialist Analyst

3M
Heredia, Remote
09.2021 - 04.2023
  • Built and deployed custom SIEM dashboards, improving visibility into threat trends and decreasing triage time by 40%.
  • Analyzed PCAPs using Wireshark and correlated data from multiple tools (EDR, IDS/IPS, firewalls) to detect lateral movement and advanced attacks.
  • Applied Cyber Kill Chain methodology to trace attacker paths and propose mitigation strategies.
  • Provided mentorship and escalation support during critical security incidents and Purple Team exercises.
  • Worked with cloud-based environments (AWS, Azure) and integrated logs from various sources for comprehensive analysis.
  • Supported documentation of detection use cases, alert tuning, and threat modeling processes.

Cyber-Security CSIRT Incident Response Analyst

DXC Technology
Heredia, Remote, Provincia de Heredia
07.2020 - 09.2021
  • Managed IR processes based on NIST framework; collaborated with legal and forensics.
  • Created detection automation for common incidents and integrated threat feeds.
  • Investigated malware and phishing incidents, using OSINT tools to support threat attribution and IOC enrichment.
  • Developed standardized incident classification and escalation criteria, improving case prioritization accuracy and reducing false positives by 15%.

DevOps SAP Consultant

DXC Technology
Heredia, Remote, Provincia De Heredia
04.2018 - 07.2020
  • Maintained strong customer relationships and delivered solutions across 10+ enterprise projects, translating business needs into SAP solutions.
  • Led agile deployments for SAP and infrastructure projects, using Scrum and Kanban methodologies in JIRA, improving sprint delivery predictability by 30%.
  • Designed and implemented ETL data pipelines and infrastructure monitoring scripts using PowerShell and KNIME, reducing manual workload by 40%.

Web Developer Intern

Ex2 Outcoding
06.2017 - 11.2017
  • Troubleshooted and debugged code ensuring compatibility with devices, browsers, and operating systems
  • Developed user interfaces with modern JavaScript frameworks, HTML5 and CSS3
  • Adhered to best practices for software development methodology
  • Partnered with business stakeholders and experts regarding research and productivity to achieve goals.

Education

MBA - Information Technology Management

Tecnologico De Costa Rica
Costa Rica
02.2024 - Current

Master of Science - Big Data & Business Intelligence

Universidad Católica San Antonio De Murcia
Spain
05.2019 - 2020.02

Bachelor of Science - IT Systems Engineering

Universidad Nacional De Costa Rica
Heredia
05.2001 -

Associate of Science - Software Development

Universidad Nacional De Costa Rica
Heredia
05.2001 -

Associate - IT Telecommunications

Universidad Estatal A Distancia
Puntarenas
03.2014 - 2015.03

Languages

English (Full Professional)
Spanish (Native Language)

Certification

CISSP - Certified Information System Security Professional - ID: 1137369

Consulting Experience

Independent Cybersecurity Consultant (Part-Time / Freelance)

Remote | Feb 2024 – Dec 2024

  • Advised small and mid-sized organizations on selecting and implementing EDR solutions, balancing budget constraints with technical and operational capabilities.
  • Supported incident response (IR) efforts based on the NIST framework, assisting with incident triage, containment, eradication, and recovery phases.
  • Helped optimize internal IR processes, including refining IR documentation, incident classification criteria, escalation matrices, and reporting templates.
  • Provided hands-on support for IR tool configuration, tuning alert thresholds, and improving analyst workflows within ticketing and SOAR platforms.
  • Guided teams on enhancing endpoint visibility, improving telemetry usage, and aligning IR efforts with compliance and audit expectations.

Courses

Working and Communicating with Different Personalities - Pluralsight

Effective Communication - Pluralsight

CySA+ CompTIA Cybersecurity Analyst - Pluralsight

Courses

Working and Communicating with Different Personalities - Pluralsight

Effective Communication - Pluralsight

CySA+ CompTIA Cybersecurity Analyst - Pluralsight

David CastroSr. Cybersecurity Threat Detection & Response Specialist