Security Leader & Consultant

Antwan
van der Stap

15+ years securing enterprise environments — from network architecture to agentic AI-driven SOC operations. Based in Leesburg, FL.

Consulting Services View Experience
Threat Intelligence SOC Operations XSOAR / SOAR Agentic AI Incident Response
scroll
// about

Security Leader with Depth

I'm a security professional with more than 15 years of experience building and leading security programs at scale. My career at Oracle spanned individual contributor, team lead, and management roles — giving me direct experience across the full spectrum of enterprise security: network architecture, SOC operations, threat intelligence, threat hunting, and security engineering.

Most recently I've been focused on the intersection of agentic AI and security operations — designing workflows in Palo Alto Cortex XSOAR that accelerate threat enrichment, investigation, and analyst response. I believe automation done right makes analysts faster and more effective, not redundant.

I'm now available for consulting engagements where I can apply this depth of experience to help organizations mature their security posture, build SOC capabilities, or implement intelligent automation.

15+ Years in Security
10+ Years at Oracle
5+ Roles Held
2 GIAC Certifications
// experience

Career History

06/2025 – 03/2026 Oracle Corporation

Security Engineer

  • Built custom integrations for Palo Alto Cortex XSOAR, including Jira, CrowdStrike, and threat feed connectors.
  • Established a data normalization standard across XSOAR automations and investigations to improve consistency at scale.
  • Designed a framework to reduce unnecessary data ingested by XSOAR, improving platform efficiency and reducing operational overhead.
  • Designed and built agentic AI automations in XSOAR to accelerate threat intelligence enrichment, investigation support, and SOC efficiency.
09/2022 – 05/2025 Oracle Corporation

Threat Intelligence Investigator

  • Conducted threat intelligence investigations supporting security operations and incident response.
  • Improved investigation workflows through automation, enrichment, and structured analysis of threat intelligence data.
  • Combined internal telemetry with OSINT sources to support intelligence-driven detection and response.
08/2021 – 08/2022 Oracle Corporation

Manager, OCI Threat Hunting Team

  • Led a team responsible for threat hunting across Oracle corporate and OCI customer-facing infrastructure.
  • Built enrichment and analysis capabilities combining OSINT with internal telemetry.
  • Drove data normalization and correlation projects across endpoint and network security controls.
  • Point of contact for sensitive investigations involving legal, HR, and brand protection.
11/2020 – 08/2021 Oracle Corporation

Manager, SOC Tier 3 Team

  • Managed Oracle's Risk Management Threat and Vulnerability Management team across Tier 3 incident response.
  • Drove SOAR adoption through playbook development and custom security control integrations.
  • Shifted threat intelligence and hunting from atomic indicators toward TTP-based analysis.
  • Led RFPs and POCs for security tools; drove transition from signature AV to EDR.
  • Reduced security spend through vendor evaluation and fidelity analysis.
05/2014 – 10/2020 Oracle Corporation

Principal Analyst, Risk Analysis Team (Team Lead)

  • Gathered, enriched, and analyzed intelligence from open-source and commercial data sources.
  • Advised IT architecture and compliance on design and rollout of new technologies.
  • Conducted onsite risk assessments for mergers and acquisitions.
  • Built a threat modeling process used to generate internal threat assessments.
  • Contributed to virtual SOC maturity and cloud transition efforts.
05/2013 – 06/2015 Oracle Corporation

Firewall / IDS Solutions Architect

  • Implemented Oracle's multi-year network security vision with Enterprise Architecture.
  • Defined standards in firewall and IDS/IPS domains; evaluated next-gen security technologies globally.
  • Tier 4 escalation resource for existing security technologies.
09/2011 – 05/2013 Oracle Corporation

Principal Service Design Engineer

  • Engineered communication software and devices focused on data center security solutions.
  • Remote access infrastructure, proxy retrofits, and cross-platform central management.
05/2007 – 08/2011 Oracle Corporation

Senior Extranet Engineer

  • Provided secure access solutions for Oracle consultants and employees worldwide.
  • Tier 3 support for remote access technologies; firewall administration and troubleshooting.
08/2005 – 04/2007 IBM / Juniper Networks

Remote Support Specialist

  • Resolved customer issues on Juniper NetScreen and SSG security appliances.
  • Supported VPN, routing, packet analysis, escalation management, and RMA workflows.
// skills

Core Competencies

Threat Operations

  • Threat Intelligence
  • Threat Hunting
  • Incident Response
  • OSINT Collection & Enrichment
  • MITRE ATT&CK
  • Threat Modeling

Security Engineering

  • Palo Alto Cortex XSOAR
  • Agentic AI Workflow Design
  • SIEM & Detection Engineering
  • Security Automation & Orchestration
  • Python Scripting & Automation
  • Vulnerability Management

Leadership & Program

  • SOC Operations
  • Security Program Leadership
  • Cross-Functional Investigations
  • Vendor Evaluation & RFPs
  • M&A Risk Assessments
  • Team Building & Mentoring

Infrastructure & Network

  • Firewall Architecture
  • IDS / IPS
  • Network Security Design
  • Remote Access Solutions
  • EDR Platforms
  • CrowdStrike
// certifications & training

Credentials

GIAC Cyber Threat Intelligence

GCTI — advanced threat intelligence analysis, production, and operationalization.

GIAC Reverse Malware Engineering

GREM — static and dynamic malware analysis and reverse engineering.

SANS FOR508

Advanced Incident Response, Threat Hunting, and Digital Forensics

SANS FOR610

Reverse Engineering Malware

SANS FOR578

Cyber Threat Intelligence

SANS SEC478

Open Source Intelligence (OSINT)

EC-Council CEH

Certified Ethical Hacker

CompTIA Security+ & ITIL v3

Security fundamentals and IT service management

Recognition

Oracle Customer Service Pace Setter Award Oracle GIT Team Brilliance Award Oracle Cloud Services Pace Setter Award Oracle Team Brilliance Award Juniper Customer Satisfaction Award Juniper PJTAC Employee of the Quarter
// consulting

How I Can Help

I offer focused consulting engagements for organizations looking to build, mature, or transform their security operations. My work is hands-on and practical — grounded in what actually works at enterprise scale.

01

SOC Advisory & Maturity Assessment

Evaluate your SOC's current capabilities against industry frameworks (MITRE ATT&CK, NIST) and identify the highest-impact gaps. Deliver a prioritized roadmap your team can execute against.

  • Current-state assessment
  • Gap analysis and risk scoring
  • Prioritized improvement roadmap
  • Metrics and KPI framework
02

Threat Intelligence Program Design

Build or mature a threat intelligence capability that delivers actionable intelligence to your security operations — not just feeds and noise. OSINT integration, enrichment workflows, and analyst-ready outputs.

  • Intelligence requirements definition
  • Source identification and collection framework
  • Enrichment pipeline design
  • Analyst workflow and reporting templates
03

XSOAR / SOAR Implementation

Design and build Palo Alto Cortex XSOAR playbooks, custom integrations, and automation workflows tailored to your environment and toolstack. From scratch or improving an existing deployment.

  • Platform architecture and integration design
  • Custom playbook and automation development
  • Data normalization standards
  • Analyst training and handoff
04

Agentic AI Security Workflows

Design and implement agentic AI automations that make your security operations faster and more effective. Threat enrichment, triage support, investigation augmentation — built on proven enterprise patterns.

  • Use-case identification and scoping
  • Agentic workflow design and prototyping
  • Integration with existing SOC tooling
  • Evaluation framework and quality gates
05

Threat Hunting Program

Stand up a structured threat hunting capability using TTP-based hypotheses and your existing telemetry — endpoint, network, and cloud. I'll help build the process, tooling, and analyst skills.

  • Hunting methodology and hypothesis framework
  • Hunt library development
  • Telemetry gap analysis
  • Integration with detection engineering
06

Incident Response Readiness

Assess and strengthen your ability to detect, contain, and recover from security incidents. Tabletop exercises, playbook development, and cross-functional coordination across legal, HR, and leadership.

  • IR plan review and gap analysis
  • Tabletop exercise design and facilitation
  • Playbook development
  • Communication and escalation frameworks
// contact

Get in Touch

Whether you're exploring a consulting engagement, have a role to discuss, or just want to connect — I'd like to hear from you.

Email info@antwanvanderstap.com
Phone +1 415 306 3560
Location Leesburg, FL — available remote and on-site