home / skills / vadimcomanescu / codex-skills / senior-secops
This skill accelerates security incident triage and remediation by guiding containment, eradication, recovery, and postmortem learning.
npx playbooks add skill vadimcomanescu/codex-skills --skill senior-secopsReview the files below or copy the command above to add this skill to your agents.
---
name: senior-secops
description: "Security operations workflow for vulnerability triage, incident response, detection/alerting improvements, and post-incident hardening. Use when responding to security alerts, reviewing logs for suspicious activity, building incident playbooks, or running quick log summaries during triage."
---
# Senior SecOps
Respond fast, contain blast radius, and learn permanently.
## Quick Start (incident workflow)
1) Triage: what’s impacted, is it ongoing, and what data is at risk?
2) Contain: disable credentials, block IOCs, isolate systems.
3) Eradicate: patch root cause, rotate secrets, remove persistence.
4) Recover: restore service safely; verify integrity.
5) Learn: write a postmortem and ship preventative controls.
## Optional tool: summarize a log file
```bash
python ~/.codex/skills/senior-secops/scripts/log_triage.py /path/to/log.txt --out /tmp/log_report.json
```
## References
- Incident worksheet: `references/incident-worksheet.md`
This skill provides a senior-level SecOps workflow for rapid vulnerability triage, incident response, detection tuning, and post-incident hardening. It codifies practical steps to contain incidents quickly, remove root causes, and capture durable lessons to prevent recurrence. Use it to guide decisions during alerts, log reviews, and playbook creation.
The skill guides responders through a five-step incident lifecycle: triage, contain, eradicate, recover, and learn. It inspects alert context and log summaries, recommends containment actions (credential rotation, IOC blocking, isolation), and suggests eradication and hardening measures. It can also run quick log summarization to highlight suspicious patterns and help prioritize investigation tasks.
Can this skill run automated log summaries?
Yes. It includes a quick log summarization capability that extracts key events and indicators to accelerate triage.
Is this a replacement for detailed forensic analysis?
No. It is designed for rapid response and containment. Full forensic investigations should follow for root cause and legal evidence.