Available for new engagements

Enterprise cybersecurity expertise across every major SIEM platform.

Sentinel · QRadar · Splunk · Elastic. Founded by a senior SOC engineer with 10+ years across BT, IBM, Hilti, PA Consulting, and Ford. Two ways to engage iCore Fusion.

No agency. No markup. No intermediary. You speak to Adam directly from the first conversation.

Microsoft SentinelIBM QRadarSplunk ESElastic / KibanaDefender XDRLogRhythmArcSight
BT · IBM · Hilti · PA Consulting · Ford · Charles River Associates
GCIH · ISO 27001 · Security+
UK · USA · Canada · Australia · Middle East
No agency feesDirect B2B engagementUK Ltd or US LLCOutside IR35 eligibleRemote global contracts

Founder-led · Specialist team behind every engagement

Who is behind iCore Fusion

iCore Fusion is founded and led by Adam Musa, a senior SIEM engineer and SOC specialist with 10+ years of enterprise experience. Every engagement is personally overseen by Adam, supported by a specialist delivery team.

Adam Musa, founder of iCore Fusion
Founder & Lead Engineer

Adam Musa

Senior SIEM Engineer · SOC Specialist · CSIRT Lead

Platform-agnostic SIEM engineer with deep hands-on expertise across Microsoft Sentinel, IBM QRadar, Splunk ES, and Elastic Security. Built and led SOC operations at BT, IBM, Hilti, PA Consulting, Ford Motor Company, and Charles River Associates across the UK, Europe, and USA.

Founder-led means you always speak to the expert. When you engage iCore Fusion, Adam is personally involved in scoping, delivery, and quality assurance, supported by a specialist delivery team for scale. Fluent in English and French.
  • GIAC Certified Incident Handler (GCIH)
  • ISO 27001 Certified ISMS
  • Microsoft Azure Security Engineer (in progress)
  • CompTIA Security+ · NSE 2 · GCTI (SANS/IBM)
10+
years enterprise experience
4
major SIEM platforms
40%
IR time reduced at Hilti

Platform expertise

Deep across all four major SIEM stacks

Most engineers specialise in one platform. iCore Fusion brings senior-level expertise across Sentinel, QRadar, Splunk, and Elastic, whichever stack your environment runs.

Expert

Microsoft Sentinel

8+ years · Primary platform

KQL rulesLogic AppsSOARDefender XDRData connectorsGreenfield builds
Expert

IBM QRadar

6+ years · Primary platform

Correlation rulesOffence investigationLog sourcesCarbon BlackTier 3 escalation
Expert

Splunk ES

5+ years · Primary platform

SPL detectionPhantom SOARDashboardsLog pipelinesThreat hunting
Expert

Elastic / Kibana

4+ years · Primary platform

EQL rulesLogstashElasticsearchFleet & BeatsKibana dashboards
Security operations — live monitoring and detection

Behind every engagement

Real security operations, led by a senior engineer

Every engagement is hands-on SOC and SIEM work: detection engineering, threat hunting, and incident response. Scoped and delivered by Adam directly, not handed to a junior analyst.

For MSSPs & enterprises

Specialist contracting & consulting

Senior SIEM engineering available for direct B2B engagements across the UK, USA, Canada, Australia, Europe, and Middle East. Whichever platform your environment runs.

No agency. No markup. Direct relationship via UK Ltd or US LLC.

Microsoft Sentinel: greenfield to optimisation

Full builds, data connector onboarding, KQL analytics rules, SOAR playbooks via Logic Apps, Defender XDR integration, and MITRE ATT&CK detection engineering.

IBM QRadar: Tier 3 & engineering

Correlation rule tuning, offence investigation, log source onboarding, Carbon Black integration, false positive reduction, and Tier 3 SOC escalation leadership.

Splunk ES: detection & SOAR

SPL detection rules, Phantom SOAR playbooks, dashboard engineering, log pipeline design, and threat hunting across enterprise Splunk environments.

Elastic Security: pipeline & detection

Logstash pipeline engineering, EQL detection rules, Elasticsearch optimisation, Fleet and Beats management, and MITRE-aligned use case development.

CSIRT lead & incident response

Tier 3 SOC escalation, CSIRT leadership, complex threat investigations, digital forensics using EnCase and Volatility, and post-incident reviews.

Defender XDR & MDE deployment

Enterprise-scale Defender for Endpoint rollout, Intune policy enforcement, BitLocker encryption management, and XDR detection tuning.

SentinelQRadarSplunk ESElasticKQLSPLEQLDefender XDRLogic AppsLogstashEntra IDIntuneCrowdStrikeCarbon BlackGCIHUK LtdOutside IR35US LLCCorp-to-CorpRemote globalEnglish & French

For businesses

Managed security services

Enterprise-grade protection without building an in-house team. Sentinel-led monitoring, automated response, and expert oversight, delivered by engineers who have built SOCs at BT, IBM, and Hilti.

Managed detection & response

24/7 threat monitoring, alert triage, and incident response using Microsoft Sentinel and Defender XDR.

SOAR automation & playbooks

Custom Logic Apps and SOAR playbooks that automatically contain threats and escalate real incidents.

SIEM health & detection engineering

KQL and EQL detection rule tuning, log ingestion optimisation, and MITRE ATT&CK aligned analytics rules.

Endpoint protection

Defender for Endpoint deployment, Intune baseline enforcement, BitLocker encryption, and CrowdStrike management.

Identity & Zero Trust

Entra ID conditional access, MFA enforcement, and privileged identity management across your organisation.

Phishing simulation & awareness

Realistic phishing campaigns, user behaviour scoring, and training programmes that reduce human risk.

Three ways to engage

From contracted to embedded — on your terms

iCore Fusion is built around your security goals, not ours. No lock-in. No pressure. The right model for where your business is right now, and where it is going.

Model 01

Flexible B2B contract

Engage iCore Fusion or a specialist contractor directly for a fixed term. Month-to-month or project-based. Clean B2B engagement via UK Ltd or US LLC.

Best for: MSSPs and enterprises needing senior SIEM capacity quickly, without agency fees or long-term commitment.

Model 02

Contract-to-hire pathway

Start with a 6-month contract. Your specialist is embedded and trained in your environment throughout. If both parties want to continue permanently at the end of the term, we support a clean transition.

Best for: Businesses that want to try before committing to a permanent hire, or that need an expert embedded before building a permanent team.

Model 03

In-house SOC build

Want to bring security in-house permanently? iCore Fusion designs, recruits, trains, and stands up your entire internal security team, with or without ongoing iCore Fusion involvement after handover.

Best for: Growing businesses ready to build permanent internal capability, or organisations told by their board to insource security.
The contract-to-hire and in-house SOC build models involve tailored commercial terms agreed upfront. A conversion or placement fee applies where a contractor transitions to permanent employment. Contact us to discuss the right structure for your situation.

What colleagues say

Professional endorsements

From senior colleagues at IBM and Hilti — organisations where Adam delivered Tier 3 SOC and CSIRT lead work.

Adam's expertise across QRadar and Sentinel is exceptional. His ability to lead complex investigations, mentor junior analysts, and drive continuous SOC improvement made him one of the strongest Tier 3 engineers I have worked alongside.

JCJay C.CSIRT Team Lead, IBM

Colleague endorsement — Adam worked within the IBM SOC as a senior Tier 3 analyst.

Adam led our Defender XDR deployment and incident response capability at Hilti with outstanding professionalism. His automation work reduced our response time significantly and his Sentinel expertise was first class throughout the engagement.

SMSorin M.SOC Manager, Hilti Switzerland

Colleague endorsement — Adam delivered CSIRT lead work at Hilti Switzerland 2023–2024.

Start the conversation

Ready to engage iCore Fusion?

Whether you need a specialist contractor, a managed SOC, or help building your in-house team, the first step is a direct conversation. No forms, no sales team.

You speak to Adam from the first message.