Soc Analyst Incident Response
Resume:
Objective
Aspiring SOC Analyst with a strong foundation in security monitoring, incident handling, threat detection, and hands-on experience with SIEM tools like Splunk and the Elastic Stack. Adept in analyzing network traffic, Windows Event Logs, and investigating security incidents using IDS/IPS systems and forensic tools. Eager to leverage my skills to protect enterprise infrastructure and identify security threats in a fast-paced SOC environment.
Skills
●Security Monitoring & SIEM: Splunk, Elastic Stack, Security Information and Event Management (SIEM) query development, use case creation, log analysis
●Incident Response & Handling: Incident detection, investigation, response workflows, reporting
●Threat Hunting: MITRE ATT&CK Framework, Threat Intelligence (CTI), Windows and Network-based Threat Hunting
●Windows Security: Windows Event Log analysis, Sysmon, Active Directory attacks and defenses, PowerShell forensics
●Network Traffic Analysis: Wireshark, TCP/IP analysis, ARP anomalies, IP spoofing detection, DNS analysis
●IDS/IPS: Suricata, Snort, Zeek, rule development, malware and encrypted traffic detection
●Digital Forensics & Malware Analysis: Memory forensics, disk image analysis, YARA and Sigma rules, Windows malware analysis, tools like Volatility, FTK Imager, x64dbg
●Scripting & Automation: Python, PowerShell, Bash for automating incident response and threat detection tasks
●Reporting & Documentation: Security incident reporting, risk assessment, investigation summaries for stakeholders
Education
Bachelor of Science in Computer Information Systems (CIS)
CUNY City College, New York
Relevant Coursework: Cybersecurity, Network Security, Distributed Systems, Ethical Hacking, Digital Forensics
Certifications & Training
●SOC Analyst – Hack The Box Academy (In Progress)
Experience
Cybersecurity Intern
Elysian Web Studios Remote June 2024 – Present
●Monitored web application traffic for potential security breaches and vulnerabilities.
●Assisted in developing SIEM use cases using Elastic Stack and performed log analysis to identify suspicious activities.
●Responded to low-level security incidents, investigating root causes and reporting to senior analysts.
Student SOC Analyst (Capstone Project)
CUNY City College New York March 2024 – May 2024
●Conducted threat hunting using Splunk and Elastic Stack, analyzing event logs and real-world PCAP files for malicious activity.
●Developed and executed YARA and Sigma rules for detecting malware in memory and event logs.
●Simulated incident response scenarios, including handling and reporting real-time security incidents in a mock enterprise SOC environment.
Projects
Network Traffic Analysis & Threat Detection
●Used Wireshark and Zeek to capture and analyze network traffic, identifying anomalies such as IP spoofing, DNS tunneling, and rogue access points.
●Created detailed reports on identified network threats, including recommendations for mitigation.
Active Directory Security & Privilege Escalation Simulation
●Simulated common attacks on Active Directory environments, such as Pass-the-Hash and Kerberoasting, and implemented defense mechanisms using Windows Event Logs and Sysmon.
●Developed Splunk queries to detect privilege escalation and lateral movement attempts within a Windows environment.
Digital Forensics with Volatility
●Performed memory forensics using Volatility to extract artifacts from compromised systems, including registry hives, MFT, and malware analysis.
●Reconstructed timelines from disk images using KAPE and FTK Imager.
Failed Logon Attempt & User Activity Dashboard
●Created dashboard panels using Elastic Stack to track failed logon attempts, admin logons, SSH logins, and user activity across systems.
●Analyzed logon types and network traffic to detect security incidents, ensuring visibility of key events.
●Utilized Windows Event Logs and Elastic to monitor system activity and create actionable alerts for threat detection.
Technical Tools
●SIEM Tools: Splunk, Elastic Stack
●IDS/IPS Tools: Suricata, Snort, Zeek
●Forensic Tools: FTK Imager, Velociraptor, Volatility, x64dbg
●Scripting: Python, PowerShell, Bash
●Other: Wireshark, Event Viewer, Sysmon, KAPE
Contact this candidate