Mateusz Filipczak | Cybersecurity, Security Automation & SecDevOps Engineer

Mateusz Filipczak

Security Automation Engineer & Technical Team Lead · 10+ years in cybersecurity

About

Security automation leader with 10+ years in cybersecurity, specialized in Cortex XSOAR and SOC engineering. At Ørsted's global Cyber Defense Center, I founded and led a 5-person Security Automation & Reporting team and owned the enterprise SOAR program from on-premises rollout to cloud migration. I build the playbooks and API-driven integrations behind the SOC's automated triage, incident response, and vulnerability remediation, and I'm now extending operations into an AI-augmented SOC with agentic workflows and MCP integrations. I set the technical architecture, stay close to the code, and grow the engineers who build it.

Experience

Senior Security Automation Engineer, Team Lead

Mar 2021 – Present

Ørsted

Built and scaled the Security Automation & Reporting team from 0 to 5 engineers, providing full technical leadership, hiring, onboarding, and mentoring across automation, data engineering, and reporting
Owned end-to-end enterprise Cortex XSOAR program: led POC, vendor evaluation, on-prem deployment, and seamless migration to cloud SaaS with zero downtime
Led development and maintenance of comprehensive SOAR automation assets, including numerous playbooks, automation scripts, and custom integrations across key security platforms, resulting in significantly faster alert triage, incident response, and vulnerability remediation
Created a hybrid automation framework combining Cortex XSOAR playbooks and custom integrations with standalone Python scripts in GitHub. Automated identity management, security data enrichment, and response actions across Microsoft cloud platforms using Graph API and least-privilege Azure App Registrations, fully delivered through CI/CD pipelines
Architected end-to-end security data and reporting pipeline from Python ingestion through SQL to Power BI, defining data model and KPIs used by leadership
Currently driving AI-augmented SOC transformation by implementing agentic AI workflows for LLM-assisted alert triage and enrichment, while analyzing historical incident data to identify shadow IT ownership
Mentored security analyst into a high-performing SOAR automation engineer capable of building complex integrations and AI-driven solutions

Senior Information Security Analyst

Jan 2019 – Feb 2021

ViacomCBS (now Paramount)

Conducted hands-on SOC operations, including real-time network monitoring, alert triage, incident response, and containment of compromised hosts using EDR solutions
Owned the end-to-end vulnerability management lifecycle, including assessment, prioritization, remediation tracking, and patching
Designed and implemented automated vulnerability scanning for CBS's mobile broadcast fleet, enabling automatic scans upon vehicle return to base
Created custom YARA rules, tuned IDS/IPS alerting, and deployed deception technology to strengthen detection of lateral movement and advanced threats
Built automation scripts in VBA, Bash, and PowerShell to streamline security operations, including custom DLP logic that flagged sensitive keywords and prioritized users with anomalous data transfers
Executed seamless IDS migration from on-premises to cloud environment while maintaining uninterrupted security monitoring
Performed proactive threat hunting to identify APT activity and anomalous behavior across security platforms

Senior IT Security Analyst

Sep 2016 – Dec 2018

Accenture

Digital Banking Transformation – French Bank

Served as the primary Security Point of Contact (SPOC) for a major digital banking transformation project at a French bank
Hardened ASP.NET MVC applications by implementing Content Security Policy (CSP 2.0), anti-CSRF protections, and essential security headers
Coordinated security testing activities, vulnerability assessments, and remediation tracking while ensuring compliance with OWASP and GDPR requirements

Identity & Access Management Framework – Scandinavian Bank

Designed and built an IAM integration framework on SailPoint IdentityIQ, including onboarding strategy and automated reporting for the client's Architecture Board
Developed PowerShell ETL processes to normalize and integrate access data from heterogeneous systems (Active Directory, SAP, RACF, and HP NonStop)
Created executive dashboards and automated IAM metrics to support governance and compliance reporting

IT Support Associate

May 2015 – Aug 2016

Accenture Services

Provided first-line IT support for a global user base, troubleshooting and resolving issues across PCs, MacBooks, mobile devices, and printers

Skills

Security Automation & SOAR Expert

Cortex XSOAR 8 Python Playbook Development REST APIs GraphQL API Integrations JSON / YAML

SOC & Detection Engineering Advanced

Incident Response Threat Hunting SIEM EDR Detection Engineering Vulnerability Management YARA Deception Technology

Security Data & Analytics Advanced

SQL Power BI KQL / SPL Security Data Pipelines Security Metrics & Reporting

Cloud & DevSecOps Proficient

Azure Microsoft Graph API CI/CD Git Docker DevSecOps Security as Code

AI & Emerging Technologies Active

Agentic AI Workflows MCP Integrations LLM-assisted Security Operations

Technical Leadership Advanced

Team Building & Mentoring Architecture Reviews Technical Strategy Stakeholder Communication

Projects

XSOAR Automation Library

A collection of reusable Cortex XSOAR integrations and playbook components for common SOC workflows.

View on GitHub Coming soon

Security Analytics Dashboard

Real-time SOC metrics dashboard aggregating data from SIEM, ticketing, and threat intelligence sources.

View on GitHub Coming soon

SOC Metrics Framework

Framework for tracking and reporting key SOC KPIs — MTTD, MTTR, alert volume, and analyst workload.

View on GitHub Coming soon

Contact

Let's connect

Have a project in mind, a role to fill, or a security problem worth solving together?

Send a message

filipczak.dev

Warsaw, Poland