# Valerii Serkin

**Security Operations & Engineering Leader** — Málaga, Spain

> 14+ years building and running security functions from the ground up — SOCs,
> detection engineering and threat-hunting teams, DFIR practices, and security
> automation. Currently Senior Manager, Security Engineering at TradingView.

- **Email:** val.serkin@gmail.com
- **LinkedIn:** https://linkedin.com/in/valeriy-serkin
- **GitHub:** https://github.com/tr0mb1r
- **Location:** Málaga, Spain

---

## About

I build and run security functions where nothing existed before. Across
**TradingView, Malcrove, and Kaspersky**, I've established SOCs from scratch —
monitoring, detection, response, and the threat-intelligence functions that make
them intelligence-led.

I lead teams, but I never stopped being an engineer. I architect **SOAR
automation**, tune EDR for real detection coverage, and write internal tooling and
microservices in **Python, Go, Rust and .NET Core**. Most recently I've focused on
detecting and governing **"shadow AI"** — the unsanctioned AI usage that quietly
creates data-exposure and compliance risk inside modern organizations.

- 14+ years in cybersecurity
- 20+ analysts led
- 3 SOCs built from zero

## Experience

- **Senior Manager, Security Engineering** — TradingView, Málaga (Sep 2025 – Present)
- **Head of Cyber Defense Center** — Malcrove, Dubai (Jan 2024 – Sep 2025)
- **Head of Detection Engineering & Threat Hunting** — Malcrove, Dubai (Oct 2022 – Jan 2024)
- **Senior Cyber Security Consultant** — Malcrove, Dubai (Sep 2021 – Oct 2022)
- **Senior SOC Analyst, R&D** — Kaspersky, Moscow (Sep 2016 – Sep 2021)
- **Leading Information Security Specialist** — Credit Bank of Moscow (Jun 2015 – Sep 2016)
- **Leading Information Security Engineer** — Transaero Airlines (Mar 2014 – Jun 2015)
- **IT Security Engineer** — Microtest, Moscow (Dec 2011 – Sep 2012)

Full detail: [experience.md](data/experience.md)

## Technical stack

Python · Go · Rust · .NET Core · SIGMA · TheHive · Velociraptor · MISP · MITRE
ATT&CK · OpenCTI · Elastic SIEM · Splunk · Azure Sentinel · CrowdStrike · Carbon
Black · Microsoft Defender 365 · AWS · Azure · GCP · Cobalt Strike · Burp Suite ·
Nessus

Full list: [skills.md](data/skills.md)

## Selected work

- **TradingView SOC, from zero** — full SOC plus embedded threat intelligence.
- **Shadow-AI detection** — tooling to detect and prevent unsanctioned AI usage.
- **SOAR automation at scale** — unified the stack, cut mean time to detect & respond.
- **20+ analyst Cyber Defense Center** — daily ops, DFIR and detection across clients.

Full list: [highlights.md](data/highlights.md)

## Machine-readable index

See [llms.txt](llms.txt) and [profile.json](profile.json).