EdgeCloudflare Tunnel + Access in front of origin

Artem Khludov

Security Automation Engineer | DevSecOps

Automating Security Operations. Orchestrating LangGraph, Python, and Splunk to transform manual toil into reliable code-driven defense.

View My Automation Stacks Contact Me

Perimeter metrics (sampled)

Zero Trust posture: Cloudflare Tunnel, Access policies, and IdP-backed authentication in front of exposed services; charts aggregate deny/WAF-style events when the metrics API is reachable.
TOTAL ATTACKS
-
UNIQUE IPS
-
COUNTRIES
-
AVG/HOUR
-
ATTACKS TIMELINE
ATTACK TYPES
TOP COUNTRIES
ATTACK TOOLS
TOP ATTACKING IPS // DETAILED ANALYSIS
IP ADDRESS COUNTRY ATTEMPTS ATTACK TYPE TOOL USERS ATTEMPTED LAST SEEN
Loading metrics…

About

I don't just watch logs; I build systems that act on them.

My focus is eliminating manual SOC toil through engineering. I design event-driven workflows, integrate fragmented APIs, and turn raw alerts into automated response actions.

Not a security analyst who learned to code — an engineer who specializes in security automation.

Experience

2024 – 2026

Security Automation Engineer

EnergyLogic AI System | Los Angeles, CA

  • Security Automation: Developed automated triage and response workflows using n8n and Python, integrating multiple security tools into a cohesive pipeline.
  • AI Integration: Implemented agentic workflows with LangGraph and Ollama to automate routine alert analysis and threat intelligence enrichment.
  • Stealth Operations: Built custom data extraction engines utilizing advanced evasion techniques (Camoufox, TLS fingerprinting) to gather threat telemetry.
  • Detection Engineering: Configured Splunk dashboards and SPL correlation rules to identify common attack patterns (brute-force, unauthorized access).
  • Infrastructure: Managed cloud security posture on AWS using Terraform, focusing on IAM hardening and secure VPC configurations.
2022 – 2024

Systems & Security Administrator

AntHouse Online Store | Moscow, Russia

  • Hardening & Defense: Managed and secured high-load e-commerce infrastructure (Linux/Nginx), implementing ModSecurity WAF to filter automated bot traffic.
  • Security Baseline: Applied CIS Benchmarks for server hardening, including firewall optimization (iptables/nftables) and access control reviews.
  • Task Automation: Developed a library of Bash scripts for automated backups, log rotation, and basic vulnerability scanning.
  • Incident Monitoring: Analyzed authentication logs to mitigate brute-force attempts and coordinated with networking to block malicious IP ranges.
  • Payment Security: Handled SSL/TLS certificate lifecycle management and hardened REST API endpoints for secure transactions.
2017 – 2022

Managing Director / Founder

LLC Pervozdanniy Construction | Moscow, Russia

  • Operations Management: Founded and led a construction company to $2M+ annual revenue, managing 15+ commercial renovation projects from planning to delivery.
  • Leadership: Orchestrated teams of 20+ specialists, ensuring project deadlines, budget compliance, and rigorous quality control standards.
  • Strategy: Developed internal operational frameworks and documentation standards to maintain efficiency across multiple high-stakes projects.

Tech Arsenal

Orchestration and intelligence — n8n-class platforms, multi-agent runtimes; not one-off scripts; security as a pipeline; IAM as the new perimeter. JSON logic and API orchestration where CVs still say "JSON parsing".

Automation Engine — primary strength

  • Workflow Orchestration n8n / Tines / StackStorm
  • AI Orchestration LangGraph / Ollama / Sec-LLM fine-tuning / LLM APIs
  • Custom Engines Python / FastAPI / Boto3 / JSON logic / API orchestration
  • Event-Driven Webhooks / Message Queues / Real-time Signal Processing

DevSecOps Pipeline — the conveyor

  • CI/CD & GitOps GitHub Actions / GitLab CI / ArgoCD
  • Security Gates · SAST / SCA Semgrep / Trivy / Snyk
  • IaC Scanning Checkov / Terrascan
  • Artifact Security Docker hardening / Cosign / Syft / Grype / SBOM

Infrastructure & Cloud — identity & control plane

  • Cloud Platforms AWS IAM, VPC, EKS / GCP / Cloudflare Zero Trust
  • IaC Terraform / OpenTofu / Ansible
  • Orchestration Kubernetes / RBAC / network policies / admission controllers
  • Policy as Code OPA / Kyverno

Stealth & Intelligence — key differentiator

  • Antidetect Stack Playwright Stealth / Camoufox / fingerprint spoofing
  • Evasion Techniques JA3 / TLS fingerprint evasion / Canvas & WebGL obfuscation / residential proxies
  • Data Intelligence Custom OSINT Engines / Threat Intel Harvesters / Automated Data Extraction

Runtime & Observability — inside the box

  • Deep Visibility Tetragon, Falco / Sysmon
  • Log Analysis Elastic Stack / Splunk / Grafana Loki
  • Hardening Linux Internals / AppArmor / SELinux / Hardened Kernels

Core Stack — language layer

  • Languages Python / Bash
  • Version Control Git / GitOps
  • Networking mTLS / OAuth2 / OIDC / TCP/IP

Projects

Link to my GitHub Access repositories for security engineering and automation

Problem

SOC team was drowning in 500+ daily alerts. Triage took 15 mins per alert.

Solution

Built an autonomous pipeline. Splunk forwards alerts via Webhook. The automation layer parses JSON, checks IP reputation (VirusTotal API), and blocks malicious IPs on Cloudflare WAF automatically.

Impact

Triage time reduced by 70%. False positives handled without human interaction.

Technical Details

  • Automated alert correlation and prioritization
  • Real-time threat intelligence enrichment via API
  • ChatOps integration (Telegram) for incident notifications
  • Custom Python modules for log parsing and IOC extraction

Open a project card to load its data-flow diagram (SVG).

Open a project to browse its read-only source tree.

Splunk Alert Dashboard

Workflow execution

Cloudflare WAF Block Logs

Education

B.S. in Applied Informatics

Southwest State University (SWSU), Russia

2012 – 2016

Bachelor’s degree. Focus: Information Systems Architecture, Network Security, and Automated Data Processing.

  • Core Systems Knowledge: Gained a foundational understanding of how complex information systems are built and managed, from database design to network protocols.
  • Applied Cybersecurity: Studied the intersection of data analysis and system protection, focusing on building resilient IT operations.
  • Engineering Mindset: Developed the logical framework for orchestrating fragmented software components into unified, automated workflows.

Certifications & Specialized Training

MITRE ATT&CK Defender (MAD) Focus: Detection Engineering, Adversary Emulation, and Threat Mapping.
Splunk Enterprise Security Operations Focus: Advanced SPL, Incident Management, and Security Dashboarding.
CompTIA Security+ (SY0-701) Focus: Infrastructure Security & Risk Management Standards.

Specialized R&D Training

  • Security Automation: Advanced Orchestration with n8n and Event-Driven Python.
  • AI for Cybersecurity: Large Language Model (LLM) Integration for SOC Automation.
  • Stealth & OSINT: Advanced Evasion Techniques and Automated Intelligence Gathering.

Contact

Los Angeles, CA
[email protected]