// whoami
Hi,
I'm a DFIR & malware analyst, currently working as a senior DFIR & Malware Analyst and previously at Airbus Protect for nearly four years. My day-to-day revolves around incident response, malware reverse engineering and threat hunting. I also teach offensive security and malware analysis at university level.
I'm open to any fruitful (and legal) collaboration related to DFIR, reverse engineering or malware.
// experience
Senior DFIR & Malware Analyst - Freelance - Confidentiel , FR
May 2025 - Present - ▸ Windows & Linux forensic analysis
- ▸ Cold, live and memory analysis
- ▸ Incident response coordination across single or multi-infrastructure incidents
- ▸ Malware analysis for IR and triage: dropper, loader, shellcode, stealer
- ▸ Detection rule creation
- ▸ Threat hunting
- ▸ SOAR deployment and development for automation
- ▸ Security alert triage & log parsing
DFIR & Malware Analyst - Airbus Protect , FR
Jul 2022 - Apr 2025 - ▸ Forensic analysis on Docker, Windows and Linux systems
- ▸ Cold, live and memory analysis
- ▸ Large-scope incident response leadership
- ▸ IR on critical and emergency public infrastructure requiring immediate out-of-hours intervention
- ▸ IR on emergency public infrastructure targeted by a threat actor - collaboration with public services on a European-scale investigation
- ▸ IR on 6 ransomware cases across large perimeters
- ▸ Threat hunting activity on sensitive perimeters
- ▸ Malware analysis for IR, CTI and SOC teams: ransomware, spyware, dropper, loader, shellcode, driver, C2, stealer - including packers (Themida, custom) and obfuscation (PEB parsing, API hashing, direct syscall…)
- ▸ Detection rule creation: Yara, KQL (MDE), XQL (Cortex XDR)
- ▸ Threat hunting on Splunk, MDE and Cortex XDR
- ▸ R&D: malware development, compromise technique research for SOC detection improvement, IR tooling, Splunk dashboard automation, rootkit & bootkit study
SOC Analyst - Airbus Protect , FR
Sep 2021 - Jun 2022 - ▸ Security incident analysis and investigation
- ▸ Alert triage and qualification
- ▸ Built a Splunk application with multiple dashboards for threat hunting automation
- ▸ Technical lead on the N1 analyst task automation project
IT Security Teacher - University & IT schools , FR
Mar 2021 - Present - ▸ Introduction to pentesting
- ▸ Setting up a pentest lab for students
- ▸ Malware analysis courses
- ▸ Development of custom malware for hands-on teaching
// certifications
GIAC GCFA - Certified Forensic Analyst 2025
OSED - OffSec Exploit Developer 2023