Incident Response Threat Detection
Resume:
Morfaw Tazifor
Canal Winchester, OH *****
*********@*****.***
Professional Summary
Results-driven SIEM Engineer with 6+ years of cybersecurity experience specializing in threat detection, incident response, and security analytics. Expert in Microsoft Sentinel, Splunk Enterprise Security, and automated security orchestration. Proven track record of reducing incident response times by 85% and implementing threat detection systems that monitor 100M+ daily security events across enterprise environments.
Core Technical Skills
SIEM Platforms & Security Tools:
Microsoft Sentinel, Splunk Enterprise Security, QRadar, CrowdStrike Falcon, Microsoft Defender Suite
Query Languages:
Kusto Query Language (KQL), Splunk Search Processing Language (SPL), SQL, Python for Security Automation
Cloud Security & Infrastructure:
Azure Security Center, Microsoft 365 Defender, AWS Security Hub, Azure Logic Apps, PowerShell.
Security Frameworks & Compliance:
NIST Cybersecurity Framework, MITRE ATT&CK, ISO 27001, SOX, GDPR, Zero Trust Architecture.
Incident Response & Threat Hunting:
SOAR Playbooks, Threat Intelligence Integration, Digital Forensics, Malware Analysis,
Vulnerability Assessment.
Professional Experience
Microsoft SIEM Engineer Experis Technology Group Dallas, TX 09/2023 – Present
Architected automated threat detection pipeline using Microsoft Sentinel and KQL, reducing mean time to detection (MTTD) from 4 hours to 15 minutes for critical security incidents.
Engineered custom detection rules and playbooks covering MITRE ATT&CK framework, achieving 95% accuracy in threat identification while reducing false positives by 60%.
Optimized SIEM data ingestion from 50+ security tools processing 1TB+ daily logs, improving query performance by 75% and reducing storage costs by $180K annually.
Led incident response activities for 200+ security events monthly, maintaining 99.2% SLA compliance and coordinating cross-functional teams of 8+ stakeholders.
Implemented Zero Trust security protocols across hybrid cloud infrastructure serving 10,000+ users, strengthening organizational security posture and achieving 100% compliance audit results.
Automated vulnerability management workflow using Azure Logic Apps, reducing manual effort by 40 hours weekly and accelerating patch deployment by 3x.
Mentored junior analysts and delivered security awareness training to 500+ employees, improving organization-wide security incident reporting by 45%.
SOC Analyst Directline Technologies Ashburn, VA 01/2020 – 06/2023
Monitored enterprise security infrastructure protecting $2B+ in digital assets, analyzing 50M+ daily security events using Splunk ES and custom SPL queries.
Developed advanced threat hunting procedures using MITRE ATT&CK methodology, identifying 15+ previously undetected APT campaigns and preventing potential data breaches.
Configured multi-source data correlation integrating network, endpoint, and cloud security tools, improving threat visibility by 80% across hybrid infrastructure.
Created executive security dashboards delivering real-time risk metrics to C-level stakeholders, enabling data-driven security investment decisions worth $500K+.
Streamlined compliance reporting processes for SOX and ISO 27001 audits, reducing preparation time from 120 to 24 hours while maintaining 100% audit success rate.
Implemented custom Splunk applications for automated log analysis, saving 25+ analyst hours weekly and improving mean time to response (MTTR) by 65%.
Education
BS Cloud Computing Western Governors University (Expected 2026)
Certifications
CompTIA Security+ (Current)
Microsoft Security Engineer Certified (Current)
Microsoft Administrator Associate (Current)
Microsoft DevOps Engineer Associate (Current)
Key Technical Projects
Enterprise SIEM Migration & Optimization
Technologies: Microsoft Sentinel, Azure Logic Apps, KQL, PowerShell.
Impact: Successfully migrated legacy SIEM infrastructure to cloud-native Microsoft Sentinel, processing 5x more security data while reducing operational costs by 35% and improving analyst productivity by 50%.
Vulnerability Management Program Implementation
Technologies: Tenable, Azure virtual Machines, Bash and PowerShell (remediation scripts).
Inception State: In this project, we simulate the implementation of a comprehensive vulnerability management program, from inception to completion.
The organization has no existing policy or vulnerability management practices in place.
Completion State: a formal policy is enacted, stakeholder buy-in is secured, and a full cycle of organization-wide vulnerability remediation is successfully completed.
Contact this candidate