Mateusz Filipczak | Cybersecurity, Security Automation & SecDevOps Engineer

About

Security automation leader with 10+ years in cybersecurity, specialized in Cortex XSOAR and SOC engineering. At Ørsted's global Cyber Defense Center, founded and led a 5-person Security Automation & Reporting team and owned the enterprise SOAR program from on-premises rollout to cloud migration. Builds the playbooks and API-driven integrations behind the SOC's automated triage, incident response, and vulnerability remediation, now extending operations into an AI-augmented SOC with agentic workflows and MCP integrations. Sets the technical architecture, stays close to the code, and grows the engineers who build it.

Experience

Senior Security Automation Engineer, Team Lead

Mar 2021 – Present

Ørsted

Founded and scaled the Security Automation & Reporting team from 0 to 5 engineers, owning hiring, onboarding, mentoring, and technical direction across automation, data engineering, and reporting
Owned the enterprise Cortex XSOAR program end to end: POC, vendor evaluation, on-prem deployment, and migration to cloud SaaS with zero downtime
Built and maintained 30+ playbooks, 50+ automation scripts, and 4 custom integrations across SIEM, EDR, XDR, IAM, and threat intel platforms, automating core SOC operations including alert triage, phishing investigation, incident response, vulnerability remediation, and security advisory processing
Engineered the SOC's Microsoft cloud automation in Python, configuring Azure App Registrations with least-privilege admin consent and integrating with Azure and Entra services via the Graph API for identity and group lookups and account actions such as password resets and session termination, with automation deployed and maintained through Git CI/CD pipelines
Architected the team's security data and reporting pipeline, from Python ingestion through SQL to Power BI, defining the data model and analytics requirements behind the SOC KPI dashboards used by leadership
Currently extending the SOC into AI-augmented operations, deploying agentic AI workflows and MCP integrations for LLM-assisted alert triage and enrichment, and analyzing historical incident data to identify shadow IT ownership
Mentored an analyst with a security and coding background into a strong SOAR automation engineer building integrations and AI use cases

Senior Information Security Analyst

Jan 2019 – Feb 2021

ViacomCBS (now Paramount)

Ran hands-on SOC operations: monitored network traffic, triaged alerts, and performed live incident response, blocking malicious activity and containing compromised hosts via EDR
Built automated vulnerability scanning for CBS's mobile broadcast fleet, scripting scans that triggered automatically when vehicles rejoined the network at base
Owned the vulnerability management lifecycle: assessment, prioritization, and remediation tracking
Created custom YARA rules, tuned automated IDS alerting, and deployed deception technology to detect lateral movement
Reviewed enterprise DLP alerts and configured web security policies, and built an automation script that flagged sensitive keywords and prioritized users with unusually high data transfer volumes
Performed proactive threat hunting for APT activity and anomalies across SIEM and NDR platforms

Senior IT Security Analyst

Sep 2016 – Dec 2018

Accenture

Security point of contact for a digital banking transformation (French bank): hardened ASP.NET MVC applications (CSP 2.0, anti-CSRF, security headers), coordinated security testing, and reviewed systems against OWASP and GDPR
Built an IAM integration framework for a Scandinavian bank on SailPoint IdentityIQ: onboarding strategy, automated IAM reporting and dashboards for the client Architecture Board, and PowerShell ETL normalizing access data across AD, SAP, RACF, and HP NonStop

IT Support Associate

May 2015 – Aug 2016

Accenture

Provided first-line IT support for a global user base, troubleshooting and resolving issues across PCs, MacBooks, mobile devices, and printers

Skills

Security Automation & SOAR Engineering

Cortex XSOAR Python REST APIs / API Integrations Playbook Development & Orchestration JSON / YAML

Detection & Security Analytics Engineering

SIEM (Splunk, etc.) Detection Engineering Log Analysis Threat Intelligence KQL / SPL Security Metrics & Reporting SQL

Security Data & Integration Engineering

Security Data Pipelines API-driven Integrations (XDR, ServiceNow, LDAP, etc.) Data Processing & Normalization

SecDevOps & Security Engineering

CI/CD Pipelines Git Docker Infrastructure as Code Security as Code

Technical Leadership

Technical Leadership Team Mentoring Architecture & Design Reviews Stakeholder Communication

Projects

XSOAR Automation Library

A collection of reusable Cortex XSOAR integrations and playbook components for common SOC workflows.

Security Analytics Dashboard

Real-time SOC metrics dashboard aggregating data from SIEM, ticketing, and threat intelligence sources.

SOC Metrics Framework

Framework for tracking and reporting key SOC KPIs — MTTD, MTTR, alert volume, and analyst workload.

Contact

Email [email protected]

Web filipczak.dev

Location Warsaw, Poland