200+
Multi-tenant log sources onboarded and reconciled into IBM QRadar.
Cybersecurity engineering · applied machine learning
Security systems,
built with evidence.
I am Berk Göktaş, a cybersecurity engineer and applied machine-learning researcher. I build detection systems, automate cloud-native infrastructure, and develop graph-based methods for reducing SOC alert fatigue.
LIVE / RESEARCH PROFILE01—04
MODEL SIGNALHIGH PRIORITY
Selected impact
Operational scale meets research depth.
300+
Security reports and detection-rule updates using AQL and Regex.
54
Student database-project groups evaluated as a CMPE 321 assistant.
GNN+LSTM
Hybrid research architecture for ranked security-alert prioritization.
Experience
Engineering work with production constraints.
Security operations, detection engineering, infrastructure automation, and database instruction.
FEB 2026 — JUN 2026
Database Student Assistant · CMPE 321
Boğaziçi University · İstanbul, Türkiye
- Designed, administered, and graded relational-database projects for 54 student groups.
- Evaluated backend logic, database triggers, stored procedures, and live technical demonstrations.
- Performed SQL-injection testing to verify input sanitization and parameterized query use.
SQLDatabase SecurityStored Procedures
JUN 2025 — AUG 2025
Cybersecurity & Software Engineering Intern
Doğuş Teknoloji · İstanbul, Türkiye
- Configured WinCollect and securely mapped 200+ multi-tenant log sources into IBM QRadar.
- Developed and updated 300+ QRadar reports and detection rules with AQL and Regex, mapped to MITRE ATT&CK.
- Triaged phishing, DDoS, and malware incidents using Microsoft Defender EDR/XDR and Cortex XSOAR playbooks.
- Built Apache Airflow DAGs and secure Spring Boot/Kotlin services using JWT authentication and Redis.
IBM QRadarMITRE ATT&CKDefender XDRCortex XSOARSpring Boot
JUN 2024 — AUG 2024
DevOps Intern
Hepsiburada · İstanbul, Türkiye
- Provisioned and managed multi-zone Kubernetes clusters with Terraform, Ansible, and Kubespray.
- Automated GitLab CI pipelines and enforced production change-management controls with branch-protection webhooks.
- Integrated HashiCorp Vault for dynamic secret management and diagnosed ImagePullBackOff, firewall, and access incidents.
KubernetesTerraformAnsibleGitLab CIVault
Featured research · 2025—2026
Reducing alert fatigue in multi-SIEM environments.
Lead research project at Boğaziçi University exploring a hybrid GNN-LSTM pipeline for converting correlated security telemetry into a ranked analyst queue.
SOC teams face high-volume, repetitive telemetry where low-value alerts obscure urgent sequences.
Heterogeneous graph modeling, temporal sequence learning, and explainability for prioritized alert analysis.
A ranked queue that surfaces security-relevant behavior rather than treating alerts as independent events.
Research case study
From raw telemetry to ranked analyst action.
The pipeline combines structural relationships, temporal context, and interpretable output rather than relying on a single flat classifier.
PIPELINE / NB00 → NB0401
- 01Raw alertsMulti-SIEM telemetry and normalized OCSF attributes.
- 02Meta-alert clusteringContextual aggregation across time, IPs, tools, and alert types.
- 03Heterogeneous graphAlert, IP, type, and relationship nodes encode structural signal.
- 04GNN encoderGATv2 temporal attention and GraphSAGE structural propagation.
- 05LSTM + ranked queueSequence modeling produces analyst-priority scoring and explanations.
Security alerts are not independent rows.
IP co-occurrence, timing, tool agreement, cluster size, and alert type form relationships that flat models discard.
Explanations support analyst trust.
Temporal attention and SHAP-style feature analysis expose why the model prioritizes a sequence.
Selected projects
Systems, detection, and data.
Technical work presented as concise case studies rather than a generic skills dump.
RESEARCH / ML SECURITY01
Hybrid GNN-LSTM Security Alert Prioritization
Graph-based and temporal deep-learning workflow for ranking correlated alerts and reducing analyst overload in multi-SIEM settings.
DETECTION ENGINEERING02
QRadar Detection Engineering & Log Reconciliation
Multi-tenant log onboarding, threat-detection logic, reporting, and ATT&CK-aligned SIEM workflows in a SOC environment.
PLATFORM ENGINEERING03
Production Kubernetes Automation
Infrastructure provisioning and deployment control across multi-zone Kubernetes environments, with secrets and change-management safeguards.
Technical capabilities
Built for the boundary between operations and research.
Depth is organized by applied domain, not by an undifferentiated tool list.
Security Operations
IBM QRadar · SIEM Engineering · AQL · Regex · MITRE ATT&CK · Defender EDR/XDR · Cortex XSOAR · Threat Detection
Cloud & DevOps
Kubernetes · Terraform · Ansible · Kubespray · GitLab CI · HashiCorp Vault · Linux · Docker
Machine Learning
Python · PyTorch · GNNs · LSTM · XAI · SHAP · Graph-Based Alert Prioritization
Software & Data
SQL · Java · Kotlin · Spring Boot · Redis · Apache Airflow · Relational Databases
Credentials
Independent validation across security, cloud, and data.
Computer Engineering, Boğaziçi University. GPA 3.64, High Honor. Exchange: Hong Kong University of Science and Technology.
ISC2 Certified in CybersecurityGoogle Cybersecurity ProfessionalIBM QRadar SIEM FoundationIBM Cybersecurity AnalystIBM Ethical HackingAWS Data AnalyticsUC San Diego: Intro to Big DataNortheastern: Data Privacy
HONOR
Grand Prize Winner — Kim Milyoner Olmak İster? (Türkiye’s Who Wants to Be a Millionaire), 2024
Contact