Valerii Serkin
Security Operations & Engineering Leader. I build and run SOCs, detection engineering, threat hunting and security automation — from the ground up.
I'm a security operations leader who is happiest standing things up where nothing existed before. Across TradingView, Malcrove and Kaspersky, I've established SOCs from scratch — monitoring, detection, response, and the threat-intelligence functions that make them intelligence-led.
I lead teams, but I never stopped being an engineer. I architect SOAR automation, tune EDR for real detection coverage, and write internal tooling and microservices in Python, Go, Rust and .NET Core to take the manual work off analysts' plates.
Most recently I've focused on a new frontier: detecting and governing shadow AI — the unsanctioned AI usage that quietly creates data-exposure and compliance risk inside modern organizations.
- Lead the internal SOC — continuous, org-wide monitoring, incident response and proactive threat hunting.
- Established the SOC from the ground up and embedded a Threat Intelligence function for intelligence-led ops.
- Architected and deployed SOAR automation, unifying the security stack and cutting mean time to detect & respond.
- Pioneered methods and tooling to detect and prevent unsanctioned shadow-AI usage.
- Led 20+ SOC analysts across daily operations, incident response and threat detection in diverse environments.
- Directed DFIR across client environments — swift containment, investigation and remediation.
- Ran compromise assessments and optimized SIEM (Elasticsearch, Splunk, QRadar), IDS/IPS and TI tooling.
- Built and optimized detection engineering and threat hunting across multiple clients.
- Designed customized detection rules with the SIGMA framework.
- Spearheaded threat hunting across on-premise, AWS and Azure; automated workflows with custom Python.
- Led Threat Hunting and Incident Response engagements for multiple clients.
- Built Python microservices to automate enrichment, triage and response.
- Conducted malware analysis and reverse engineering to produce actionable threat intelligence.
- Helped build the SOC's core processes and tools from scratch (Elasticsearch, TheHive, Cortex).
- Developed microservices in Python, Go and .NET Core to automate SOC workflows.
- Built and implemented information security policies; ran assessments and audits for compliance.
- Oversaw firewalls, IDS and endpoint protection; led incident response and forensics.
- Led key-carrier generation for the client-bank clearing center (eToken / RuToken).
- Ran internal penetration tests and end-to-end security projects.
- Pre-sale security consulting; implemented channel and personal-data protection systems for enterprise clients.
TradingView SOC, from zero
Established a full Security Operations Center for a global trading platform — monitoring, detection, response and an embedded threat-intel function.
Shadow-AI detection
Pioneered methods and internal tooling to detect and prevent unsanctioned AI usage, cutting data-exposure and compliance risk.
SOAR automation at scale
Unified a fragmented security stack into a single automated workflow, significantly reducing mean time to detect and respond.
20+ analyst defense center
Ran daily operations, DFIR and threat detection for a managed-security provider across diverse client environments.
Detection engineering with SIGMA
Designed customized detection rules and automated hunting workflows across on-premise, AWS and Azure infrastructures.
Kaspersky SOC tooling
Built core SOC processes and tooling from scratch with open-source stacks and custom microservices in Python, Go and .NET Core.
This profile is published in machine-readable form so AI agents and tools can fetch and parse it directly — a curated llms.txt index, clean Markdown for every section, and JSON-LD Person schema, all served alongside this page.