Analyst Ii Security Operations
Resume:
AIMAN SHAUKAT
*****.********@*****.*** 469-***-**** Plano, TX 75024
Summary Highly skilled Security Operations Center (SOC) Analyst II with over 8 years of IT experience, including 3+ years focused on cyber defense, incident response, and threat mitigation within complex enterprise environments. Proven track record in 24/7 security monitoring, threat detection, and rapid incident containment in remote SOC environments. Proficient in leveraging SIEM tools
(Splunk, QRadar) and EDR solutions to analyze security events and thwart advanced threats. Experienced in investigating and responding to incidents across network, endpoint, and cloud environments following industry best practices (NIST CSIRT, MITRE ATT&CK). Adept at tuning security controls (creating custom SIEM rules, refining IDS/IPS signatures) to reduce false positives and improve detection accuracy. Holds top industry certifications including CompTIA Security+, EC-Council Certified SOC Analyst (C SA), and Certified Ethical Hacker (CEH). Commended for strong communication and teamwork skills – able to articulate complex findings to both technical teams and executive leadership. Seeking to secure a SOC Analyst role (fully remote) at a leading organization, to apply my expertise in threat monitoring, incident response, and continuous improvement of security operations.
Core Skills &
Competencies
Threat Monitoring & Analysis: SIEM (Splunk,
QRadar) log analysis, real-time alert
monitoring, anomaly detection, network
traffic analysis, and threat hunting.
Incident Response: Incident triage,
containment, eradication, and recovery;
malware analysis, phishing investigation,
digital forensics on compromised hosts; root
cause analysis and remediation planning.
Security Tools & Technologies: EDR platforms
(e.g. CrowdStrike Falcon, Carbon Black),
IDS/IPS (Snort, Suricata, Cisco Sourcefire),
firewalls (Palo Alto, Fortinet, Cisco ASA),
antivirus/anti-malware systems, SOAR
playbook automation (Demisto, IBM Resilient),
and vulnerability scanners (Nessus, Qualys).
Security Administration: User access reviews,
SIEM content development (use case
creation, custom correlation rules,
dashboards), incident ticket management
(ServiceNow, JIRA), and log management
systems (Elastic Stack, Splunk Phantom).
Frameworks & Standards: Knowledge of MITRE
ATT&CK matrix, Cyber Kill Chain, NIST 800-61
Incident Handling, ISO 27001 controls, PCI-DSS
and GDPR security requirements.
Soft Skills: Strong written and verbal
communication for reporting and briefings;
cross-team collaboration; analytical thinking
and problem-solving under pressure; excellent
attention to detail; ability to work effectively in remote and shift-based team settings.
Certifications CompTIA Security+ — Earned 2024
Globally recognized entry-level cybersecurity certification validating knowledge of core security concepts, risk management, cryptography, and identity access control. EC-Council Certified SOC Analyst (C SA) — Earned 2024 Industry-standard SOC certification tailored for Tier I/II analysts focusing on real-time monitoring and incident handling.
EC-Council Certified Ethical Hacker (CEH) — Earned 2024 Globally respected certification that emphasizes ethical hacking, offensive security techniques, and red team methodologies.
A
S
Professional
Experience
SOC Analyst II (Tier 2) 04/2024 - 06/2025
Technova Solutions San Francisco, CA
Lead Incident Responder: Handle and investigate high-severity security incidents end-to-end, including advanced malware outbreaks, targeted phishing attacks, and network intrusions. Perform in-depth analysis of compromised systems and logs to determine root cause and attack scope, coordinating containment and recovery actions. Successfully led response to ~10 significant incidents per quarter, minimizing business impact by rapidly isolating affected assets and eradicating threats.
Security Event Analysis: Monitor and analyze 100+ daily alerts from SIEM (Splunk Enterprise Security) and EDR consoles. Identify true positive security events amid noise by correlating logs from multiple sources (network, endpoint, cloud). Quickly triage alerts to distinguish false positives from credible threats, reducing alert fatigue and improving mean time to detection. Threat Hunting & Analytics: Proactively hunt for hidden threats by scrutinizing network flow data, user behavior anomalies, and threat intelligence feeds. Discovered and mitigated at least one previously undetected threat per month through proactive hunting (e.g., detecting lateral movement patterns that evaded initial alerts). Utilize the MITRE ATT&CK framework to profile adversary tactics and strengthen detection rules.
Tooling and Content Development: Develop and tune SIEM rules and dashboards to enhance detection capabilities. Implemented new correlation searches for suspicious admin activity and lateral movement, increasing detection rate of attempted privilege abuse by ~15%. Regularly refine IDS/IPS policies and EDR alert thresholds based on incident learnings to improve precision. Introduced automation scripts (Python) to integrate threat intel indicators into the SIEM, streamlining alert enrichment and improving response time by 20%. Escalation & Collaboration: Serve as the escalation point for Tier 1 SOC Analysts – review alerts and preliminary findings from junior analysts, then carry out deeper investigation or confirm resolution. Provide mentorship and on-the-job training to 3+ Tier 1 analysts, including creating a weekly “threat recap” briefing to share knowledge of new threats and lessons learned. Collaborate closely with the SOC Manager and senior engineers on complex incidents, presenting clear incident updates and analysis to facilitate swift decision-making. Reporting & Documentation: Create detailed incident reports and post-incident summaries for each investigated case, outlining attack vectors, containment steps, and preventive recommendations. Authored SOC playbooks for common incident types (e.g., ransomware, phishing, web application attack), which improved team's response consistency and was adopted as standard operating procedure. Maintain an internal knowledge base of investigation techniques and findings, contributing to continuous improvement of SOC processes.
SOC Analyst I (Tier 1) 05/2022 - 03/2024
RiskVerse Technologies New York, NY
Real-Time Security Monitoring: Actively monitored security consoles (SIEM, IDS, and anti-malware dashboards) on a 24/7 shift rotation to promptly detect potential security incidents. Reviewed logs and alerts in real-time, including network intrusion alerts, malware detections, and system anomalies. Achieved an average alert response time of under 5 minutes by efficiently recognizing critical events and following defined triage procedures. Alert Triage & Initial Response: Performed initial analysis on security alerts to determine validity and impact. Validated events against threat intelligence sources and internal context to filter out false positives. For true incidents (e.g., confirmed malware infections or unauthorized access attempts), executed first-level incident response actions such as isolating affected endpoints
(through EDR containment) or disabling compromised user accounts. Escalated complex incidents to Tier 2 with comprehensive notes, ensuring seamless hand-off for further investigation.
Incident Handling & Support: Managed a high volume of lower-severity incidents (phishing emails, routine malware detections). Investigated phishing reports by analyzing email headers and attachments in a sandbox environment; successfully identified phishing attempts and initiated user password resets or email domain blocks to prevent compromise (~50+ phishing tickets handled, with 0 resulting breaches). Assisted in malware analysis by retrieving suspicious files and running initial scans, contributing to quicker remediation of infected machines. Use of Security Tools: Gained proficiency in various SOC tools – including Splunk SIEM for log search and correlation, Palo Alto firewall interface for reviewing traffic blocks, and CrowdStrike Falcon for endpoint alerts. Utilized a SOAR platform (Splunk Phantom) to execute automated responses for recurring alerts (e.g., auto-isolating machines with known malware), improving response consistency. Maintained and updated incident tickets in ServiceNow with clear, detailed documentation of actions and findings.
Collaboration & Communication: Worked closely with senior analysts and IT teams during incidents. Provided timely incident status updates to the on-duty Incident Manager and produced end-of-shift reports to brief incoming teams on ongoing issues. Demonstrated strong communication skills by translating technical details into summary reports for management. Commended by supervisors for thorough documentation and proactive communication during a critical incident (successfully briefed management on a severity-1 incident at 3 AM, enabling executive awareness).
Process Improvement: Contributed to the development of a new “phishing response” playbook by documenting step-by-step procedures and decision points from repeated cases, which was later adopted as a training guide for new analysts. Identified gaps in log coverage (noticed missing critical Windows security logs) and coordinated with the engineering team to onboard those logs into the SIEM, resulting in improved visibility. Participated in regular SOC drills and table-top exercises, applying lessons learned to enhance our incident response plan. Additional IT
Experience
Lead Performance Test Engineer
PNC Bank – Pittsburgh, PA
January 2020 – January 2022
Performance Test Engineer
Verifone – Clearwater, FL
September 2018 – November 2019
Performance Tester
3M Touch Systems – Methuen, MA
October 2016 – August 2018
Education Bachelor of Science: Computer Science 2010 Stony Brook University Stony Brook, NY
Additional
Information
Work Authorization: U.S. Citizen – Fully authorized to work in the United States without sponsorship.
Availability: Immediately available for full-time 100% remote opportunities across the U.S. Flexible to work various shifts and schedules, including 24x7 SOC coverage, weekends, or on-call rotations.
LinkedIn: www.linkedin.com/in/aiman-s-929708196
Contact this candidate