Konrad Papaj

Threat Hunter | Security Researcher | Cybersecurity Enthusiast

Warsaw, Poland | konrad.papaj@gmail.com | LinkedIn

Summary

Cybersecurity professional focused on threat hunting, incident response, and offensive security. Experienced in analyzing real-world threats, investigating security incidents, and improving detection capabilities across enterprise environments.

Strong hands-on background in pentesting, CTFs, and lab environments (Hack The Box, custom labs, exploit development). I enjoy the full cycle: finding vulnerabilities, exploiting them, understanding them deeply, and building detections to catch the same techniques in production environments.

Technical Skills

  • Threat Hunting & DFIR: Incident Response, Threat Hunting, Digital Forensics, Malware Analysis, Phishing Analysis
  • Security & Networking: MITRE ATT&CK, DPI, Network Protocols, SIEM, EDR
  • Offensive Security: Penetration Testing, Ethical Hacking, Exploit Development
  • Programming/Scripting: Python, Bash
  • Other: Vulnerability Management, Threat Intelligence, Automation

Experience

Cyber Threat Hunting Specialist @ Standard Chartered

Warsaw - September 2025 -> Present

  • Proactive threat hunting across enterprise endpoints, network telemetry, and cloud environments using EDR/XDR and SIEM platforms
  • Developing and executing advanced hunting hypotheses based on current threat intelligence and emerging attacker TTPs
  • Helping to create custom detection logic, behavioral analytics, and correlation rules to identify stealthy adversary activity
  • Investigating complex security incidents, performing deep forensic analysis, and reconstructing attack chains
  • Leveraging MITRE ATT&CK to map observed behaviors and improve detection coverage across the environment
  • Building and maintaining threat hunting dashboards, queries, and automation in SIEM and EDR tools
  • Collaborating with incident response, SOC, and threat intelligence teams to enhance detection and response capabilities
  • Conducting log analysis across multiple data sources (endpoint, identity, network, cloud) to uncover hidden threats
  • Developing automation scripts and tooling to improve hunting efficiency and repeatability
  • Identyfying detection gaps and proposing improvements to monitoring, logging, and security controls
  • Supporting purple team and adversary simulation exercises to validate detection engineering and response readiness
  • Producing technical reports and briefings summarizing findings, risks, and remediation recommendations
  • Tracking threat actor activity and integrating relevant intelligence into proactive hunting scenarios

Cyber Threat Response Analyst @ Standard Chartered

Warsaw - November 2024 -> September 2025

  • Analyzing malicious emails and preparing investigation reports
  • Monitoring and analyzing SIEM and EDR alerts
  • Performing threat hunting and root cause analysis
  • Identifying IOCs and attacker TTPs
  • Participating in purple team exercises to improve detection and response
  • Automating security tasks with scripts
  • Participating in international cybersecurity conferences

Cybersecurity Analyst @ NASK S.A.

Warsaw - September 2023 -> November 2025

  • Advanced malware analysis (static, dynamic, reverse engineering)
  • Malicious email and attachment analysis
  • SIEM monitoring and correlation rule tuning
  • EDR alert analysis and incident investigation
  • Network traffic and DPI analysis
  • False positive verification (IPS/DPI)
  • Conducting penetration tests
  • Managing Threat Intelligence platform
  • Creating SOC procedures and documentation
  • Supporting onboarding of new team members
  • Automation scripting

Certifications

  • Certified Defensive Security Analyst (CDSA) – Hack The Box (2025)
  • Certified Ethical Hacker Master (CEH + Practical) – EC Council (2024)
  • Certified Cybersecurity Expert (CCE) – Blockchain Council (2024)
  • TDX Arena Penetration Tester – ThriveDX (2024)
  • Cybereason Threat Hunter (CCTH) – Cybereason (2024)
  • Cybereason Threat Analyst (CCTA) – Cybereason (2024)
  • Certified Cybersecurity Analyst (C)CSA – Mile2 (2023)
  • Junior Penetration Tester – INE (2023)
  • Red Team Cybersecurity Specialist – University of Warsaw & HackerU (2023)

CTF & Community

  • Hack The Box – Global Cyber Skills Benchmark CTF 2025

    • Team rank: 38/796
    • Challenges solved: 81/103
    • Team MVP

  • Hack The Box – Cyber Apocalypse CTF 2025

    • Team rank: 135/8130
    • Challenges solved: 67/77

Education

  • Bachelor’s degree in Cybersecurity
    Wyższa Szkoła Kształcenia Zawodowego (2025 – in progress)

Languages

  • Polish — Native
  • English — Fluent (B2/C1)