Cybersecurity Analyst Incident Response

TOBECHI CALVIN AMAKA

Cybersecurity Analyst SOC Specialist

414-***-**** *************@*****.*** Dallas, TX 75126 Project: github.com/tobechi-calvin/Tobechi-calvin-amaka

PROFESSIONAL SUMMARY

Dedicated and results-driven Cybersecurity Analyst with over 5 years of hands-on experience in Tier 1 and Tier 2 SOC roles within financial, healthcare, and cloud sectors. Specializes in threat detection, incident response, phishing analysis, malware forensics, and vulnerability management. Highly proficient with SIEM tools (Splunk, QRadar), endpoint detection (CrowdStrike), threat intel platforms, and network traffic analysis. Known for developing detection use cases, automating repetitive tasks, and enhancing SOC playbooks. Currently pursuing CEH to further offensive security expertise.

CORE COMPETENCIES

- Threat Detection & Incident Response

- Security Event Monitoring (24x7 SOC)

- SIEM Log Analysis (Splunk, QRadar)

- Malware Analysis & Sandbox Investigation

- Phishing Triage & Email Threat Analysis

- Vulnerability Scanning & Remediation (Nessus, Qualys)

- Network Traffic Analysis (Wireshark, Zeek)

- Threat Intelligence & IOC Enrichment

- Playbook Development & Runbook Execution

- Cloud Security Monitoring (AWS, Azure)

PROFESSIONAL EXPERIENCE

Finvi – SOC Analyst

October 2022 – Present

- Monitored and triaged security events across endpoints, networks, and cloud using Splunk and CrowdStrike.

- Conducted in-depth analysis of alerts and escalated incidents following NIST IR standards.

- Performed static and behavioral malware analysis using sandbox environments and reverse engineering tools.

- Investigated anomalous behavior and insider threats using UEBA analytics.

- Built Splunk dashboards to visualize critical metrics and reduce incident response time.

- Authored incident reports and root cause analyses for leadership and compliance teams.

- Performed vulnerability assessments and risk prioritization using Tenable across Windows and Linux environments.

- Executed secure configurations and compliance audits (DISA STIG) with Tenable to meet industry standards.

- Automated remediation processes and STIG implementations using PowerShell to address critical vulnerabilities.

- Deep understanding of the soft side of Vulnerability Management: rapport, trust, transparency, and business need.

- Participated in purple teaming exercises to validate detections against simulated attacks.

- Collaborated with threat intel teams to correlate IOCs with known campaigns.

- Developed custom correlation rules and detection signatures.

- Provided knowledge transfer and training to new SOC analysts.

MUFG – SOC Analyst

February 2021 – August 2022

- Handled real-time monitoring and alert triage using SIEM and IDS/IPS platforms in a 24x7 environment.

- Investigated phishing emails using VirusTotal, URLScan, Any.Run, and internal sandboxing tools.

- Conducted lateral movement and privilege escalation investigations based on EDR telemetry.

- Searched firewall, proxy, and DNS logs for signs of data exfiltration and C2 communication.

- Coordinated with IT teams for host isolation, threat containment, and patch deployment.

- Leveraged MITRE ATT&CK to classify adversary TTPs and enhance detection coverage.

- Used Nessus and Qualys for regular scanning and post-patch validation.

- Maintained incident documentation in JIRA and generated weekly threat trend reports.

- Enforced SOAR-based automation playbooks to streamline phishing triage.

Amazon – Splunk Administrator

November 2019 – December 2020

- Deployed, configured, and tuned distributed Splunk architecture across hybrid cloud infrastructure.

- Created advanced dashboards, reports, and alerts to support SOC and IT operations.

- Managed onboarding of new data sources (syslog, APIs, AWS CloudTrail) for comprehensive visibility.

- Built scheduled searches and correlation rules to detect brute force, account misuse, and beaconing.

- Supported compliance reporting needs (PCI, SOC2) with custom search queries.

- Developed internal documentation for Splunk maintenance and knowledge transfer.

- Collaborated with developers and security teams to improve use case coverage.

- Resolved indexing delays, data gaps, and parsing issues for optimal performance.

EDUCATION

University of Ghana

B.Sc. Computer and Information Sciences (January 2013 – June 2017)

CERTIFICATIONS

- CompTIA Security+

- CompTIA Cybersecurity Analyst (CySA+)

- Splunk Core Certified Power User

- Certified Ethical Hacker (CEH)

- Certified Information Systems Security Professional, CISSP (Expected 12/2025)

TOOLS & TECHNOLOGIES

- SIEM: Splunk, IBM QRadar, Microsoft Sentinel

- EDR/XDR: CrowdStrike Falcon, Microsoft Defender ATP

- Threat Intel: VirusTotal, IPVoid, AbuseIPDB, MISP, AlienVault OTX

- Phishing & Email: Proofpoint, Mimecast, URLScan, Any.Run

- Network Analysis: Wireshark, Zeek, tcpdump

- Vulnerability Management: Nessus, Qualys, OpenVAS

- Log & Ticketing: JIRA, ServiceNow, Kibana

- Automation: SOAR (Splunk SOAR, Phantom)

- Cloud: AWS Security Hub, CloudTrail, GuardDuty

- OSINT & Recon: Shodan, Censys, Spiderfoot

- Others: Git, Python (basic scripting), Regex, PowerShell

ADDITIONAL SKILLS

SIEM monitoring, threat intelligence platforms, SOAR tools, incident response, intrusion detection and prevention (IDS/IPS), Splunk Enterprise Security, endpoint detection and response, cloud security (AWS, Azure), DLP, Python scripting, MITRE ATT&CK, NIST Cybersecurity Framework, log analysis, vulnerability remediation, analytical thinking, teamwork, mentorship, communication, adaptability.

Contact this candidate