Cloud Security Operations
Resume:
Joseph Sullivan
North Olmsted, OH *************@*****.*** 216-***-****
https://www.linkedin.com/in/joseph-j-sullivan/
CAREER OBJECTIVE
Experienced and versatile IT professional seeking a Cloud Administrator role where I can leverage my background in Microsoft Sentinel, Azure infrastructure, and enterprise security monitoring. I bring hands-on expertise in managing cloud environments, automating workflows with Logic Apps, and integrating DevOps practices to enhance reliability and scalability. My experience spans SIEM tuning, identity and access management, and multi-platform log ingestion, including advanced work with Linux, Splunk, and Defender products. I thrive in structured enterprise environments, collaborating across teams to implement secure, efficient, and compliant cloud solutions. My goal is to contribute to a forward-thinking organization by improving cloud operations, strengthening security posture, and driving continuous improvement.
PROFESSIONAL EXPERIENCE
Apex Systems, Contracted to First Energy – Akron, OH November 2024 – June 2025
Cloud Security Administrator
Maintained and managed two Microsoft Sentinel environments, ensuring continuous improvement and operational efficiency.
Enhanced over 500 analytics rules with entity enrichment to support faster detection and triage of security incidents.
Led the implementation of a Sentinel repository project to automate analytic rule backups and version control via an Azure DevOps repository.
Developed Logic Apps to automate daily monitoring of log ingestion and track analyst access to Microsoft Defender for Endpoint, Cloud Apps, and Identity.
Designed and delivered custom Sentinel workbooks tailored to stakeholder reporting and visualization requirements.
Supported Splunk operations by assisting with version upgrades and executing stakeholder-driven requests.
Collaborated regularly with cross-functional teams to ensure alignment on enterprise-wide security initiatives in a highly structured and regulated environment.
Created custom parsers for third-party log sources, aligning with specific use case and format requirements beyond standard mapping capabilities.
Modified Linux servers by hand to meet the AMA requirements for log ingestion into Sentinel as the standard AMA process with Data Connectors did not work in the complex enterprise environment.
Acted as the team’s subject matter expert (SME) for Microsoft Sentinel and Microsoft Identity and Access Management (IAM) solutions.
Proficio – Carlsbad, CA March 2023 – August 2024
Microsoft Sentinel SIEM Engineer & Advisory Specialist Jul 2024 – Aug 2024
Developed Workbooks: Created multiple custom workbooks for Proficio's new MS Sentinel service to enhance client engagements.
Cybersecurity Advisor: Served as a trusted advisor for US-based Sentinel clients, guiding them through implementation, deployment, and ongoing service.
Client Relations: Built strong relationships with key business and IT stakeholders, providing tailored recommendations to optimize their security environments.
SIEM Expertise: Provided expert consultation on SIEM use cases, tuning, and operational procedures to maximize client value.
Production Support: Tuning, filtering, and creating new content based on customer needs.
Onboarding: Assisted in onboarding new customers by setting up infrastructure and uploading analytics content
Service Enhancement: Contributed to the continuous improvement of Proficio's Sentinel service by following detailed project plans and executing system upgrades.
Provided advisory services on configuring and optimizing Microsoft Sentinel for threat detection.
Collaborated with cross-functional teams to integrate Microsoft Sentinel with existing security tools.
Developed and delivered training sessions on Microsoft Sentinel for security analysts.
Microsoft Sentinel SIEM Engineer Jan 2024 – Jul 2024
Onboard clients using existing processes with ARM templates and M365 templates.
Developed custom detection queries and correlation rules to improve alert accuracy.
Collaborated with cross-functional teams to implement security best practices and mitigate threats.
Update repositories in GitHub and modify playbooks to fit client specifications.
Maintain compliance library entries in ServiceNow.
Research other technologies to streamline Sentinel, such as integrating Azure DevOps with Sentinel and utilizing OpenAI.
Assist clients with tuning Microsoft Defender suite and setup.
Configured and maintained SIEM tools to track and report security incidents.
Strategic Security Advisor Mar 2023 – Jan 2024
Provide best practice consultation to secure client organizations, including security program management, policy and playbook creation, and security platform recommendations.
Deliver executive-level briefings and risk-based vulnerability management services.
Advised senior leadership on security trends and emerging risks, informing decision-making processes.
Conduct ticket reviews, query searches, alert tuning, threat reviews, and other client- requested actions across multiple SIEM platforms.
Create workbooks and queries for Proficio’s new Microsoft Sentinel service for clients
Hurricane Labs – Cleveland, OH June 2020 – March 2023
SOC Analyst
Monitoring and analyzing security events to identify potential threats and vulnerabilities.
Conducting investigations on security incidents and providing detailed incident reports.
Utilizing SIEM tools to detect and respond to security incidents in real-time including CrowdStrike, Proofpoint, AWS GuardDuty, Microsoft Defender, Linux, and Cisco.
Perform threat hunting through hypothesis-driven investigations and utilize the MITRE ATT&CK matrix for classifying IOCs from threat actors.
Craft searches in Splunk to quantify data for threat analysis.
Update IDS/IPS rules and software on Ubuntu.
Proficient in tools such as Splunk, Splunk SOAR, Slack, OpsGenie, Linux, Machinae, ZenDesk, IDS, IPS, and GitHub.
QIC – Cleveland, OH August 2017 – June 2020
IT Analyst
Provided comprehensive office IT support for hardware, software, and equipment for Cleveland and QIC-owned malls in the US.
Served as the Exchange and O365 Administrator in a Hybrid environment.
Led the onboarding of 30 new hires and managed 3rd party vendor relationships.
Assisted with the transition and winding down of operations in Cleveland, including offboarding 12 malls.
Monitored network infrastructure to ensure optimal performance and troubleshooted connectivity issues.
Collaborated with cross-functional teams to analyze and address technology needs.
Asset management for US based employees
Maritec Medical Systems – Westlake, OH January 2017 – August 2017
Technical Support
Provided help desk support for clients in the medical field using Medisoft products.
Migrated the company to Office 365 and served as the Global Admin.
Managed shared mailboxes, anti-spam, and anti-malware measures, and created mail rules in Exchange.
Set up and managed a SharePoint site and OpenGL VPN for remote access.
Managed Jungle Disk & Windows Server backup solutions for clients
Trustpoint Technologies – Strongsville, OH May 2016 – November 2016
Service Desk Engineer
Provided remote troubleshooting and support for software and hardware systems.
Documented and maintained accurate records of all service desk requests and resolutions.
Used ConnectWise, Kaseya, TeamViewer, and JoinMe to perform various PC repairs
Created and maintained Microsoft Office 365 Users and their environments for clients
Ernst & Young – Cleveland, OH January 2007 – May 2016
Senior Help Desk Analyst
Provided top-notch customer service, ensuring timely resolution of technical issues on over 150 ERP software.
Served as the Support Manager for the Tax Advisory Services line of software.
Supported Lotus Notes email and database solutions, MS Office, and SharePoint using Remedy and ServiceNow.
SKILLS
-Critical Thinking
-Incident Response
-Threat Hunting
-SIEM and SOAR Configuration
-Security Monitoring
-SPL + KQL + Python(Basic)
-Log Analysis
-Executive and Client Communication
-MSSP
EDUCATION
Bachelor of Science, Information Technology 2005-2009
University of Phoenix
Projects:
1.QIC Cleveland Office & Mall Offboarding - Oct 2019 - Jun 2020
Assisted with corporate to migrate five malls from QIC malls to Brookfield Properties from an IT and Asset Management centralization, create processes to achieve the stated goals, and continue to do such for the Cleveland office shutdown. Performed the same duties for the seven malls that are assigned to a third party.
2.QIC Cleveland Office Move & Mall Acquisition Onboarding - Dec 2017 - Mar 2018
Assisted with IT setup of new corporate office from Tower City to Fifth Third Bank downtown for 95 employees. Onboarded 20+ new corporate employees in Fifth Third and around 50 employees from acquisition malls. Liaison with 3rd party IT at the mall sites to setup IT assets for each user and ongoing support.
3.Sentinel Analytic Entity Enrichment - May 2024 - July 2024
Reviewing over 300 base analytic templates to confirm they fit current standards, have proper entity enrichment, and entities are mapped to the correct fields. This will ensure future clients have quality analytics alerting on day one.
4. Cross tenant migration to Sentinel Jan 2025 – Feb 2025
Project to was to have customer information migrated from Azure B2C to Security to be able to be monitored and alerted on. Built the Sentinel workspace and assisted with the migration. Added and modified workbooks to fit company needs.
5. OCSF Log Normalization project March 2025 – June 2025
Due to having multiple SIEM, management decided to normalize all log ingestion into one SOAR platform. Joined the OCSF Slack channel and researched into the OCSF process itself. Figured out how to create parsers in Sentinel that best fit OCSF standards. Parsed out over 30 tables and documented the steps before contract was completed.
Certifications:
Microsoft Certified Azure Fundamentals; September 2019
ITIL v4 Foundations; August 2019
Security+ CE; July 2019
Network+ CE; April 2016
Microsoft Certified Azure Administrator Associate; October 2019
Splunk Core 2020
Splunk Power User 2021
Qualys Vulnerability Management, CSAM, and VMDR; December 2022
Microsoft Certified: Identity and Access Administration Associate 2024
Courses:
Antisyphon Training: Security Leadership and Management V2.
Udemy Online Courses: AZ-104 Microsoft Azure Administrator, CompTIA Security+, ITIL 4 Foundation Complete Course, Office 365 Administration, Learning Windows PowerShell, SharePoint 2013 Complete Training, Active Directory & Group Policy 2012, Windows 2012 Server Administration, AWS Certified Cloud Practitioner 2020 training boot camp, CCNA 200-301 The Complete Guide, Linux Administration Boot camp: Go from Beginner to Advanced, Nmap: Network Security Scanning Basics & Advanced Techniques, Kali Linux Tutorial for Beginners, Real-World Ethical Hacking: Hands-on Cybersecurity, Wireshark: Packet Analysis and Ethical Hacking: Core Skills, Complete Linux Training Course to Get Your Dream IT Job 2022, CompTIA CySA (CS0-002) Complete Course & Practice Exam, Docker for the absolute beginner, The Modern Python 3 boot camp, AI-900 Azure Data Fundamentals Exam
Microsoft ESI: SC200 and AZ500 four day online courses with instructor
Achievements: US Army: 98H Morse Code Interceptor with TS SCI Clearance (lapsed) (I can keep a secret)
Contact this candidate