Leckovich Gurdian — SOC Engineer

Senior SOC Engineer · Costa Rica

Leckovich

Gurdian

Senior Security Operations Engineer // MSSP

Building enterprise-grade security infrastructure for organizations across Central America. Threat detection, SIEM architecture, and SOC automation — from design to production.

Get in touch ↗ View projects →

leckovich@seclab — profile.json

{

"identity": {

"name": "Leckovich Gurdian",

"role": "SOC Engineer",

"location": "Costa Rica",

"available": true

},

"stack": [

"Elasticsearch", "Wazuh",

"FortiGate", "Python",

"Trellix EDR", "TheHive"

],

"experience_yrs": 5,

"clients_served": 10,

"siem_clusters": 5,

"coverage": "24/7"

}

$

01 — About

Who I am

I'm a Senior Security Operations Engineer based in Costa Rica with over 5 years of experience building and operating security infrastructure for Techpro — a Managed Security Service Provider serving enterprise clients across Central America.

My work spans the full security stack: designing multi-node Elasticsearch SIEM clusters, deploying EDR solutions across client environments, engineering SOAR playbooks that reduce response time, and writing Python automation that ties it all together.

What sets me apart is the business angle — I'm also pursuing a Bachelor in Business Administration, which means I translate security risk into executive language, not just technical jargon.

When I'm not in the terminal I enjoy deep-strategy board games — Pipeline and Food Chain Magnate — where the same systems-thinking mindset applies.

5+

Years in Security Ops

10+

Enterprise Clients

5

SIEM Clusters Built

24/7

SOC Coverage

02 — Skills

Technical arsenal

SIEM & Monitoring

Elasticsearch / Kibana
Logstash / Beats / Fleet
Wazuh SIEM
ILM Policy Design
ElastAlert2
Hot / Warm / Cold Architecture

Security Tools

FortiGate / FortiWeb
Trellix / FireEye EDR
TheHive · Cortex
Shuffle SOAR
Nessus Security Center
Sigma / YARA Rules

Engineering & Dev

Python Automation
Linux (Oracle / Ubuntu)
Docker / VM Infrastructure
REST API Integration
GLPI · Jira · TheHive APIs
Bash Scripting

03 — Experience

Where I've worked

Techpro MSSP

Senior SOC Engineer

Techpro MSSP · Costa Rica · 2021 — Present

Building the Security Operations Center from the ground up for a Managed Security Service Provider serving enterprise clients across Central America. Full responsibility for the security infrastructure stack — architecture through daily operations.

Designed and deployed multi-node Elasticsearch 8.x SIEM clusters with tiered hot/warm/cold storage, TLS encryption, and custom ILM policies. Built SOAR automation in Shuffle, deployed Trellix/FireEye EDR across client endpoints, authored Wazuh detection rules, and developed Python tooling for log correlation, fraud detection, and automated ticket management across GLPI and Jira.

Conducted security audits and consulting engagements for clients across Central America — assessing security posture, identifying gaps in compliance frameworks (PCI-DSS, SOC 2, ISO 27001), and delivering actionable remediation roadmaps. Served as technical advisor on security architecture decisions for new deployments.

Authored a 25-part MSSP business plan targeting SMBs in the region, covering open-source security architecture, pricing models, and compliance frameworks.

ElasticsearchWazuh FortiGatePython Trellix EDRTheHive Shuffle SOARGLPI JiraNessusSecurity AuditsConsulting

04 — Projects

Things I've built

01

Multi-Source SOC Dashboard

Self-contained HTML dashboard aggregating tickets from multiple GLPI instances and Jira into a unified view. Real-time filtering, paginated results, live queue monitoring, and Chart.js visualizations across all sources.

PythonGLPI API Jira APIHTML/JS Chart.js

02

Production Elasticsearch SIEM Cluster

10-node Elasticsearch 8.x cluster on Oracle Linux 8.9 with hot/warm/cold tiered architecture, mutual TLS, Fleet Server, Logstash pipelines, and ILM policies — processing security telemetry for financial services clients.

Elasticsearch 8.xKibana LogstashFleet Oracle LinuxTLS/PKI

03

Fraud Detection Automation Pipeline

Python pipeline correlating CDN logs to surface fraud patterns. Enriches suspicious IPs via AbuseIPDB, cross-references Elasticsearch alerts, and auto-creates GLPI tickets — significantly reducing manual investigation time.

PythonCloudflare API AbuseIPDBElasticsearch GLPI API

04

MSSP Business Plan

25-part business plan for launching a Managed Security Service Provider targeting SMBs in Central America. Covers open-source security stack, multi-tenant architecture, pricing models, and compliance frameworks.

WazuhTheHive ShufflePCI-DSS SOC 2ISO 27001

05 — Contact

Let's work
together

Open to discussing security architecture, consulting opportunities, or just talking shop about SIEM clusters and SOC automation. Based in Costa Rica — available remotely.

inLinkedIn — /in/leckovich-gurdian

→

ghGitHub — /leckovichgurdian

→

@leckovich@yourdomain.com

→