Sr. Security Analyst

• AccessData – FTK – Digital Forensics:**/****

Phillip Garcia

+1-909-***-**** *************@******.** linkedin.com/in/phillip-garcia/ Professional Summary

Senior Cybersecurity Analyst with strong expertise in security operations, incident response, and SIEM monitoring across cloud, email, and network environments. Improved threat detection accuracy by refining detection logic, cutting false positives by over 30%, and reduced data exposure risks through enhanced cloud and email security controls. Skilled in identity and access management, runbook development, and cross-team incident coordination. Technical Focus

• Incident Response & Threat Analysis: Security Operations and Incident Response, Threat Hunting and Threat Analysis, IOC Triage and Investigation (OSINT, IP, URL, hash pivoting), Alert Triage and Escalation Management

• Detection & Monitoring: SIEM Monitoring and Log Correlation (Splunk, Sumo Logic, Microsoft Sentinel), Detection Engineering and Query Development, Alert Tuning and False Positive Reduction

• Endpoint & Network Security: Endpoint Detection, EDR, Network Security, Firewall Administration, Email Security and Phishing Response (Proofpoint CLEAR/TAP, IronScales), Cloud Security Monitoring (Wiz, Lacework, Netskope)

• Identity & Access Management: Access Review Automation and Identity Governance (ADManager Plus), Access Management, Identity

• Data & Asset Security: Data Loss Prevention and Data Security (Netskope, Microsoft Purview), Asset Visibility and Exposure Management (Axonius, SpyCloud, CyCognito)

Work Experience

Skechers

Sr. Cybersecurity Analyst Manhattan Beach, CA · Jun 2025 - Dec 2025

• Investigated threats across cloud and email environments using Sumo Logic, Lacework, and Proofpoint, and integrated endpoint detection tools (e.g., EDR) to block malicious activity and lower security risk

• Analyzed phishing, DLP, and cloud activity using Proofpoint CLEAR/TAP and Netskope to reduce data exposure risk

• Improved asset visibility and external risk identification using Axonius, SpyCloud, and Cycognito

• Built incident workflows and response diagrams in Lucidchart to support cross-team coordination Tandem Diabetes Care

Security Analyst II San Diego, CA · Nov 2024 - Jun 2025

•Triaged and responded to SIEM and security alerts in IronScales and Wiz, quickly containing threats and preventing further compromise

•Coordinated incident tracking, response, and documentation in Jira and Confluence, enabling timely resolution and clear audit trails

•Deployed ADManager Plus to automate access reviews, enhancing access management and compliance with regulatory standards

•Authored security runbooks in Confluence, standardizing incident response procedures and improving team consistency Proficio

SOC Threat Analyst Carlsbad, CA · Aug 2022 - Aug 2024

• Monitored and analyzed security events across environments using Splunk, Kibana, and Microsoft Sentinel, enabling the team to detect and respond to threats more quickly

• Conducted threat analysis, OSINT investigations, and IOC pivoting within network security environments to identify active incidents

• Developed SIEM queries and detection logic to improve signal quality and reduce false positives

• Produced incident reports and post-incident analysis to support compliance and remediation Associate SOC Threat Analyst Carlsbad, CA · Apr 2021 - Aug 2022

• Triaged high-volume alerts and investigated indicators across multiple client environments using Splunk, Microsoft Sentinel, and firewall administration tools, accelerating threat detection and reducing false-positive investigations

• Supported escalated incident response by leading containment actions in Splunk, verifying identity compromises, and conducting post-incident reviews that identified process gaps and improved response playbooks SOC Threat Analyst Intern Carlsbad, CA · Oct 2020 - Apr 2021

• Investigated security alerts using OSINT tools (e.g., VirusTotal, Shodan) and facilitated triage, escalation, and incident documentation, which streamlined the response workflow and reduced investigation time Security Engineer Intern Carlsbad, CA · Jul 2020 - Oct 2020

• Supported security audits, applied firewall configuration changes, and set up log ingestion by automating tasks with Ansible, configuring FortiGate devices, and feeding data into Splunk, which improved network visibility and helped reduce audit findings Certifications

•SOC LV1 – TryHackMe:10/2023

•Autopsy – Basics and Hands on – Digital Forensics:05/2025 Education

California State University, San Bernardino B.S., Information Systems and Technology (Cyber Security Option) Chaffey College A.S., Computer Information Systems

Contact this candidate