Worked on enhancing email security by addressing a detection gap in the sublime-security/sublime-rules repository. Focused on improving threat detection for Content-ID indicators within email attachments, the developer implemented a YAML-based fallback rule to recognize non-bracketed content IDs and correlate them with raw HTML body content. This approach increased the accuracy of identifying suspicious indicators that might otherwise be missed, supporting faster incident response. The solution was validated through comprehensive testing and code review, ensuring no regressions in existing detection rules. The work demonstrated strong skills in security engineering, threat detection, and practical application of YAML for rule development.