Cybersecurity SOC Analyst with Incident Response Expertise
Resume:
Chadi Bazzi
SOC Analyst
Details
**********@**.***
Dearborn, United States, 301
Golfcrest Dr, 48124-1172
Summary
CySA+ and CCSP-certified cybersecurity graduate with 200+ hours of hands-on simulation training in threat detection, log analysis, and incident containment pipelines. Adept at configuring SIEM telemetry, parsing system logs, and building automated SOAR playbooks to combat alert fatigue. Combines technical defensive expertise with over a decade of professional operations management experience under strict regulatory frameworks. Seeking a Tier 1 SOC analyst role to deliver immediate, high-fidelity monitoring and incident response capabilities.
Experience
practical training and projects, Hack the Box academy, https://profile.hackthebox.com/profile/019da679-7029-73cc- 9b40-eb80e2ffdcc3
Dec 2022 — Dec 2025
Analyzed Windows Event Logs, Sysmon telemetry, and Linux artifacts to identify unauthorized access attempts, lateral movement, and persistence mechanisms across simulated enterprise environments.
Investigated malicious PCAP datasets using Wireshark and Security Onion to identify command-and-control (C2) traffic, suspicious DNS requests, and indicators of compromise (IOCs).
Developed and tested SIEM detections in Wazuh and
Elastic SIEM using KQL queries to identify brute-force attacks, credential dumping, and SQL injection attempts. Created automated SOAR workflows integrating
LimaCharlie EDR, Slack, Tines, Shuffle, and VirusTotal APIs to improve alert triage and reduce false-positive
investigations.
Conducted Active Directory security assessments using BloodHound and Group Policy analysis to identify
Kerberoasting risks, privilege escalation paths, and insecure delegation settings.
Documented incident findings, remediation
recommendations, and investigative timelines following NIST-aligned incident response procedures.
Completed over 200+ hours of hands-on SOC, detection engineering, network analysis, and incident response labs. Technician, Dearborn Wireless, Dearborn Michigan
May 2022 — Dec 2023
Websites and Social Links
Hack T
he Box
acade
my:
https://profile.hackthebo
x.com/profile/019da679-
7029-73cc-9b40-eb80e2
ffdcc3
Credl
y:
https://www.credly.com/use
rs/chadii
Linke
dIn:
www.linkedin.com/in/chadi
-b-9883a6238
Skills
SIEM / EDR / Detection Wazuh,
Elastic SIEM, Sysmon, LimaCharlie
EDR, Security Onion, Zeek,
Suricata, Threat Detection, Alert
Triage, Incident Response, Threat
Hunting, Log Analysis, Detection
Engineering, SOAR Automation
Network & Operating Systems
Wireshark, TCP/IP, DNS, HTTP/S,
PCAP Analysis, Windows Server,
Linux, Kali Linux, Active Directory,
Group Policy (GPO), Network
Monitoring
Scripting / Queries / Analysis KQL,
SQL, PowerShell, Bash,
Webhooks, API Integration,
Brute-Force Detection, SQL
Injection Detection
Cloud / Security Tools VirusTotal
API, T-Pot Honeypot, Cowrie,
Virtualization, Cloud VPS, Threat
Intelligence Feeds, OSINT
Researched and troubleshot mobile hardware and software issues, improving device performance and reducing
customer return visits.
Diagnosed technical faults, performed firmware/software upgrades, and validated device functionality through systematic testing procedures.
Delivered technical support and customer guidance while maintaining strong communication and problem-solving standards.
Maintained awareness of emerging mobile technologies, operating systems, and security-related updates.
Vaccine Administration, City of Detroit Health Dept., Detroit Michigan
Dec 2020 — Jan 2022
Managed vaccine administration tracking systems involving data collection, reporting, and operational analysis. Coordinated logistics and communication between
healthcare providers and community organizations to support large-scale vaccine distribution efforts.
Improved data accuracy and reporting efficiency through process organization and workflow coordination.
Pharmacy Manager, Better Care Pharmacy, Detroit Michigan May 2004 — Jun 2018
Led pharmacy operations, customer service initiatives, and workflow improvements in a high-volume healthcare
environment.
Implemented operational technology solutions that
improved efficiency, organization, and service delivery. Managed staff coordination, compliance procedures, and customer issue resolution while maintaining strong attention to detail.
Pharmacist Manager, Rite Aid Pharmacy, Detroit Michigan May 2000 — Jun 2004
Delivered medication counseling and customer education services while supporting daily pharmacy operations. Improved customer satisfaction and retention through personalized support and communication.
Maintained regulatory compliance and accurate
documentation practices in a fast-paced healthcare setting. Education
BS in Cybersecurity and Information Assurance, Western Governors University, Utah
Frameworks & Methodologies
NIST Incident Response
Framework, MITRE ATT&CK,
Vulnerability Assessment,
Security Hardening, Access
Control, Forensics
Documentation
Languages
English
Arabic
Dec 2021 — Dec 2023
BS in Pharmacy and Allied Health, Wayne State University, Detroit Michigan
Dec 1995 — Dec 2000
SOC Analyst JOb role path, hack the box academy, online Jan 2022 — Jan 2026
Certifications and Licenses
CompTIA A+ (09/02/2022)
CompTIA Network+ (01/31/2023)
CompTIA Security+ (03/29/2023)
CompTIA Project+ (11/18/2022)
ITIL Foundation AXELOS (05/25/2022)
CompTIA Cybersecurity Analyst (CYSA+) (11/02/2023) CompTIA Penetration and vulnerability (PENTEST+)
(12/14/2023)
Certified Cloud Security Professional (CCSP), ISC2
(09/06/2023)
CompTIA Linux+ (02/02/2024)
CompTIA Cloud+ (03/06/2024)
HTB SOC Analyst pathway (03/25/2024)
Enterprise Security Operations Center (SOC) Portfolio Core SIEM & Threat Detection Lab Wazuh, Elastic SIEM, Sysmon, Windows Server, Linux
Architecture: Deployed an open-source SIEM
infrastructure hosting a centralized manager on Linux to monitor an enterprise Windows endpoint environment. Log Ingestion: Configured Sysmon and forwarded event telemetry to index active processes, network connections, and security event logs.
Detection Engineering: Executed credential dumping and malicious execution attacks; wrote custom KQL search queries to filter real-time alerts.
SOAR & EDR Security Automation Pipeline Tines, Shuffle, LimaCharlie EDR, Slack, VirusTotal API
Pipeline Integration: Linked a cloud Endpoint Detection and Response (EDR) agent to a SOAR workflow manager using webhooks and API keys.
Playbook Engineering: Engineered an automated triage process that catches suspicious activity, queries threat intelligence APIs, and pushes high-fidelity alerts. Alert Optimization: Reduced alert fatigue by writing automatic conditional rules to accurately isolate simulated compromised assets.
Active Directory Security & Defense Lab Windows
Server, Kali Linux, BloodHound, Group Policy (GPO) Domain Administration
Vulnerability Mapping: Audited configurations with security tools to expose domain flaws, lateral movement options, and weak access controls.
Defensive Hardening: Mitigated Kerberoasting risks by enforcing secure group policies, changing delegation rules, and monitoring service account modifications.
Network Traffic & Incident Investigation Portfolio Wireshark, Security Onion, Zeek, Suricata
Packet Analysis: Dissected deep malicious PCAP datasets using protocol analysis tools to locate root-cause indicators of system infection.
Threat Identification: Extracted malicious domain
transactions, data exfiltration strings, and command-and- control (C2) callback signatures.
Incident Documentation: Formulated comprehensive mock incident reports identifying exact timestamps, device hardware addresses, and remediation fixes.
Threat Intelligence & Cloud Honeypot Monitoring T-Pot, Cowrie, Cloud VPS, MISP, OSINT Feeds
Infrastructure Deployment: Hosted a Linux-based low- interaction honeypot array across public cloud architecture to intentionally invite global brute-force traffic. Data Harvesting: Monitored open terminal connections to extract live weaponized exploit patterns, hacker
credentials, and attacking IP locations.
Intel Utilization: Processed threat indicators into structured text formats to proactively improve network firewall blocking policies.
Contact this candidate