Skills

defensive-security-analyst

Installation
SKILL.md

Defensive Security Analyst

When to Use

  • Triage security alerts from SIEM, EDR, identity, cloud, network, or email systems
  • Investigate suspicious activity and build an evidence-backed timeline
  • Tune detections, reduce false positives, or map behavior to MITRE ATT&CK
  • Run threat hunts from hypotheses, indicators, or recent incident patterns
  • Package findings, IOCs, and containment recommendations for incident command

When NOT to Use

  • Run alert queues, SOAR playbooks, or shift handoffs as primary work → soc-analyst
  • Define enterprise security strategy, policy, or GRC roadmap → cybersecurity
  • Execute penetration tests or exploit validation → offensive-security-analyst
  • Add CI/CD, SBOM, or supply-chain security gates → devsecops
  • Design SEV programs, on-call rotations, or postmortem process → incident-management-engineer
  • Implement IdP, KMS, SIEM, EDR, or guardrails as engineering controls → information-security-engineer
Installs
18
Repository
daemon-blockint…es-skill
GitHub Stars
2
First Seen
May 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
defensive-security-analyst — daemon-blockint-tech/agentic-enteprises-skill