ee Ricardo Rivera Aguilera | Cybersecurity Engineer

Ricardo Rivera Aguilera

Cybersecurity Engineer | SIEM/SOAR Specialist | Security Architect

Dynamic Cybersecurity Engineer with 13+ years of international experience across EU and LATAM. Expert in SIEM/SOAR engineering, incident response, vulnerability management, and aligning security programs with international standards (ISO 27001, IEC 62443) and EU regulatory frameworks (GDPR, NIS2).

Get In Touch View Projects
01101001 01101110 01100110 01101111 01110011 01100101 01100011

About Me

I’m Ricardo — a Cybersecurity Engineer with more than 13 years of experience across Europe and Latin America. My journey began in Chile, where I graduated as a Telecommunications Technician from a public school in Santiago at the age of 18.

Since I was a kid, I’ve been fascinated by computers. At 15, I took my first course in assembling and disassembling PCs, and that curiosity set the foundation for everything that came after. My first big step was diving deep into perimeter cybersecurity — firewalls, antivirus, and network protection — leading dozens of migrations and implementations across LATAM.

When I moved to Spain, everything clicked. I discovered the emerging world of SIEM and the impact of frameworks like GDPR, bringing together all those security layers into intelligent, correlated visibility. Since then, I’ve specialized in SIEM/SOAR engineering, incident response, and security architecture, helping organizations design resilient, human-centered security.

Recently, I took one of the most challenging steps in my life: moving from Spain to Zürich — a radical change in environment, language, and culture. I’m eager to join a project aligned with my background and future goals, embracing the complexity of this new stage while bringing both my technical expertise and the human side I’ve built along the way.

This year I decided to focus on professional development: I completed several certifications (CISM, CEH, CASP+, AZ-500) and I’m actively pursuing the CISSP as my main goal for 2025. I also spent three months in Dublin studying English intensively to strengthen my communication for this new chapter.

Ricardo Rivera Aguilera
ricardo.rivera.aguilera@gmail.com
+41 77 276 17 09
Zürich, Switzerland
EU Citizen | Swiss Residence Permit (B)
Spanish & Chilean Nationality

My Skills

Cybersecurity & SOC Architecture

SIEM/SOAR Engineering
Incident Response
Threat Hunting
Security Operations
SOC Architecture

Security Technologies & Tools

Splunk Enterprise
IBM QRadar
Elastic SIEM
LogRhythm
Sophos XDR
Nessus
Qualys
Ansible
SonarQube
Check Point
MISP
Firewall's NGF

Cloud & Infrastructure Security

AWS Security
Azure Security
Cloud Security
SecDevOps
Kubernetes Security
Docker Security

Compliance & Standards

ISO 27001
IEC 62443
GDPR
NIS2
NIST Framework
Risk Assessment

Programming & Automation

Python
Bash
PowerShell
Jenkins
API Integration
Machine Learning
SIEM Data Pipeline Enrichment
eBPF
Detection-as-Code
ML for SecOps

Professional Skills

Team Leadership
Project Management
Stakeholder Communication
Multicultural Collaboration
Critical Thinking
Problem Solving
Mentoring
Training Delivery
Risk Management

Projects

Grupo MOK EU Infrastructure

Led the design and implementation of Grupo MOK's first European cybersecurity hybrid infrastructure across Frankfurt & Amsterdam data centers, protecting 120+ critical servers and 1,500 users. Enabled ISO 27001 audit readiness and certification, processing 1M+ operations/day across interconnected systems.

Splunk SIEM Sophos XDR PAM NAC WAF ISO 27001

SEAT SIEM Migration

Directed a $3M multi-SIEM ecosystem project for Spain's largest automotive manufacturer (SEAT, Volkswagen Group), integrating Elastic and IBM QRadar to strengthen threat detection across hybrid environments. Migrated vulnerability management from McAfee MVM to Nessus across 1,500 production servers.

Elastic SIEM IBM QRadar Automotive Hybrid Cloud Nessus McAfee MVM

LogRhythm to QRadar Migration

Led large-scale SIEM migration for international SOC services major energy provider in Germany, integrating 250 log sources and redesigning 150+ use cases aligned with business critical policies.

LogRhythm QRadar Energy Sector SOC

Threat Intelligence Pipeline

Implemented enrichment data strategy with Logstash (MISP dictionary plugin) and Splunk Ingest Actions, using Python scripts and Jenkins pipeline to automate API-based IOC enrichment for threat-context tagging.

Logstash MISP Python Jenkins

Vulnerability Management Transformation

Migrated vulnerability management system from McAfee MVM to Nessus across 1,500 production servers, improving scan coverage and aligning with ISO/IEC 27001 and NIST CSF frameworks.

Nessus McAfee MVM ISO 27001 NIST CSF

eBPF Runtime Security Integration

Integrated eBPF-based runtime security (Tetragon) with SIEM pipelines to provide kernel-level visibility in Docker/Kubernetes environments, enabling critical business use cases for detection and compliance.

eBPF Tetragon Kubernetes Docker

AWS Security Hub Integration

Implemented and integrated AWS security findings (GuardDuty, Security Hub) with SOC processes, aligning cloud-native posture with SIEM correlation, incident response workflows, and compliance frameworks.

AWS GuardDuty Security Hub Cloud Security SOC

ML-Driven Security Analytics

Implemented ML-driven analytics in Elastic SIEM to monitor 40+ production Jump Servers, enhancing anomaly detection and delivering high-value detection use cases for threat hunting and compliance. Integrated QRadar Risk Manager with 30+ Check Point firewalls for automated policy analysis.

Machine Learning Elastic SIEM Anomaly Detection QRadar Risk Manager Check Point

SIEM Use Case Maturity Model

Defined and implemented SIEM Use Case Maturity Model (UCMM) to classify detection rules by validation level, ensuring structured promotion from testing to production with quarterly KPIs on detection efficiency and 100% contractual SLA compliance.

SIEM Use Cases Maturity Model KPI SLA

Experience

Cybersecurity Engineer

Grupo MOK - Madrid, Spain

Apr 2023 – Dec 2024
  • Led design and implementation of Grupo MOK's first European cybersecurity hybrid infrastructure across Frankfurt & Amsterdam data centers
  • Protected 120+ critical servers and 1,500 users with comprehensive security stack integration
  • Integrated Splunk/Elastic SIEM, Sophos XDR, PAM, NAC, and WAF for enhanced monitoring and threat detection
  • Enabled ISO 27001 audit readiness and certification through comprehensive security implementation
  • Designed and deployed scalable log ingestion pipelines processing 1M+ operations/day
  • Implemented secure development workflows using Ansible, SonarQube, and Qualys across hybrid infrastructure

SIEM Architect

CyberProof - Barcelona, Spain

May 2021 – Apr 2023
  • Led large-scale SIEM migration (LogRhythm to QRadar) for international SOC services major energy provider in Germany
  • Integrated 250 log sources and redesigned 150+ use cases aligned with business critical policies
  • Developed scalable log ingestion pipelines processing over 20K EPS with structured alert validation across CTI, Threat Intel, and Vulnerability Management teams
  • Improved detection accuracy by 40% and reduced false positives through continuous tuning, mapping detections to MITRE ATT&CK techniques
  • Collaborated with global cross-functional teams (Israel, UK, EU, USA) to align SOC operations with business objectives and SLA compliance
  • Integrated eBPF-based runtime security (Tetragon) with SIEM pipelines for kernel-level visibility in Docker/Kubernetes environments
  • Provided mentorship to Tier 1 and Tier 2 analysts, overseeing 25+ member SOC team and serving as Tier 3 escalation point

Senior IV Security Specialist

EY (Ernst & Young) - Barcelona, Spain

Jun 2018 – May 2021
  • Directed $3M multi-SIEM ecosystem project for SEAT (Volkswagen Group), integrating Elastic and IBM QRadar to strengthen threat detection across hybrid environments
  • Migrated vulnerability management system from McAfee MVM to Nessus across 1,500 production servers, improving scan coverage and aligning with ISO/IEC 27001 and NIST CSF
  • Implemented threat intelligence workflow aligned with ENISA framework using MISP clusters, applying structured lifecycle to validate and contextualize IOCs
  • Designed specific taxonomies to standardize diverse log sources intake and normalization, establishing dedicated framework to unify data ingestion
  • Implemented ML-driven analytics in Elastic SIEM for 40+ production Jump Servers monitoring, enhancing anomaly detection and delivering high-value detection use cases
  • Integrated QRadar Risk Manager with 30+ Check Point firewalls, enabling automated policy analysis and real-time compliance alignment
  • Developed cyber threat heatmap dashboard for largest automotive plant in Spain, offering C-level visibility by physical site
  • Led team of 5 security engineers delivering critical cybersecurity projects for Government of Catalonia (CESICAT)

Senior Security Specialist

NECSIA - Barcelona, Spain

Mar 2018 – Jun 2018
  • Specialized in SIEM implementation and optimization using IBM QRadar and Splunk
  • Provided cybersecurity consulting services focusing on security tools and processes alignment
  • Supported Splunk Enterprise deployments including indexer clusters and search head clusters

IT Security Consultant

Davinci - Barcelona, Spain

Dec 2017 – Feb 2018
  • Conducted SIEM audits (QRadar, RSA, Splunk) ensuring best practices compliance
  • Provided GDPR technical consulting services

Infrastructure and Systems Technician

Ibermática - Barcelona, Spain

May 2017 – Jul 2017
  • Managed and supported security solutions (L3)
  • Ensured integrity and reliability of distributed system infrastructures

Security Specialist Engineer

Makros SPA - Santiago, Chile

Jan 2013 – Dec 2016
  • Delivered security network infrastructure projects across Latin America
  • Specialized in design, deployment, and management of NGFWs, endpoint protection, and IDS/IPS systems
  • Worked in complex enterprise and government environments

Education

Bachelor's of Science in Telematics Engineering

Institute of Technical Studies CIISA

2010 – 2014

Comprehensive engineering program covering telecommunications, networking, and information technology fundamentals.

Mid-Level Telecommunications Technician

School of Science and Technology

2006 – 2009

Technical foundation in telecommunications systems, network infrastructure, and electronic communications.

Certifications

CISM (Certified Information Security Manager)

ISACA - 2025

CEH (Certified Ethical Hacker)

EC-Council - 2025

CASP+ (CompTIA Advanced Security Practitioner)

CompTIA - 2024

AZ-500 (Azure Security Engineer Associate)

Microsoft - 2025

Splunk Enterprise Security Certified Admin

Splunk - 2025

Splunk Core Certified User

Splunk - 2025

Splunk Core Certified Power User

Splunk - 2025

Intensive Plus Speaking English Skills

Emerald Institute, Dublin - 2025

IBM Security QRadar SIEM V7.2.8

IBM - 2018

Achievements

Masterclass Delivery at IEBS Institute

Delivered a comprehensive masterclass on "How to generate an attack and how to detect IT from the SOC" at IEBS Institute, sharing advanced cybersecurity knowledge with students and professionals.

Technical Volunteer - WAF Open Source Coraza

Contributing as a technical volunteer to the WAF Open Source Coraza solution, helping develop and maintain this critical web application firewall technology for the cybersecurity community.

Research in Cybersecurity Trends

Actively researching new trends in cybersecurity, AI, and IT generally, staying at the forefront of emerging technologies and security challenges in the rapidly evolving digital landscape.

International Project Leadership

Successfully led cybersecurity projects across multiple countries (Spain, Germany, Chile) and continents (EU, LATAM), demonstrating expertise in multicultural collaboration and international compliance frameworks.

Team Leadership & Mentorship

Led teams of up to 25+ security professionals, providing mentorship to Tier 1 and Tier 2 analysts while serving as Tier 3 escalation point, enhancing detection maturity and analyst career development.

Trainings & Courses

IEBS Institute Masterclass

  • How to generate an attack and how to detect IT from the SOC

Open Source Contributions

  • WAF Open Source Coraza solution - Technical volunteer

Research & Development

  • New trends in cybersecurity
  • AI and IT research

Publications & Thought Leadership

IEBS Institute Masterclass

Topic: "How to generate an attack and how to detect IT from the SOC"

Delivered comprehensive training on advanced cybersecurity attack methodologies and SOC detection strategies to students and professionals.

🎥 Watch the full Masterclass on Vimeo

Open Source Contributions

Project: WAF Open Source Coraza Solution

Active technical volunteer contributing to the development and maintenance of critical web application firewall technology for the cybersecurity community.

Research & Development

Focus Areas: Cybersecurity Trends, AI Security, Emerging Technologies

Continuously researching new trends in cybersecurity, AI, and IT to stay at the forefront of emerging technologies and security challenges.

Industry Leadership

Expertise: SIEM/SOAR Architecture, Enterprise Security, Compliance

Recognized thought leader in SIEM/SOAR engineering, security architecture, and enterprise compliance frameworks across international markets.

Languages

Spanish

Native

English

Proficient (B2)

Italian

Proficient

Catalan

Intermediate

German

Currently Learning (A1)

Get In Touch

Email

ricardo.rivera.aguilera@gmail.com

Phone

+41 77 276 17 09

LinkedIn

Connect with me

Location

Zürich, Switzerland

Work Authorization

EU Citizen | Swiss Residence Permit (B)