Cybersecurity Analyst - Open-Source Detection & SIEM Expertise

Ievgen Bondarenko

Roseville, California, United States *************@*****.*** 916-***-**** ibondarenko.com linkedin.com/in/ievgen-bondarenko-b13098241 github.com/ibondarenko1 Summary

US Citizen pursuing entry-level Tier 1 SOC analyst roles in a Security Operations Center. Foundation in IT operations, troubleshooting, and Windows/Linux administration. The past year covers focused practice across security operations

(Microsoft Sentinel, Defender XDR, Wazuh, Security Onion, Suricata, Zeek), open-source security research and vulnerability disclosure (published CVEs and GitHub Security Advisories across cloud, container, and AI infrastructure), and Microsoft 365 plus Cloudflare hardening. CompTIA Security+ ce certified; enrolled in Sierra College IT-Cybersecurity certificate program. Frameworks: MITRE ATT&CK, Cyber Kill Chain (CKC), NIST CSF. Eager to grow under structured SOC supervision in a federal mission environment.

Experience

Security and Compliance Consultant, Summit Range Consulting – Roseville, CA Apr 2025 – present

• Detection, hardening, and compliance work for small organizations using Microsoft 365 and Cloudflare; engagements scoped around SOC 2, ISO 27001, HIPAA, and NIST CSF baselines.

• Hands-on practice with Microsoft Sentinel and Defender XDR; built KQL hunting queries and Sentinel analytics rules aligned to MITRE ATT&CK (T1098, T1485, T1087, T1562).

• Practice with Wazuh, Suricata, and Zeek in lab environments; explored Sigma rule authoring and false-positive tuning patterns.

• Public security research and vulnerability disclosure across LLM serving (vLLM, Triton, lmdeploy, BentoML), container runtime (Google gVisor), cloud platforms, and AI tooling; published CVEs and 15+ GitHub Security Advisories under coordinated disclosure.

• Documented incident triage workflows, audit-trail templates, and remediation runbooks following NIST 800-61.

• Participated as Security Lead in the Sierra College Cyber Defense Competition (48-hour multi-zone blue-team engagement against live red team).

Computer Security Manager, Technohome INC – United States Dec 2022 – Mar 2025

• Internal security responsibilities including endpoint protection, user access reviews, and IT support across Windows and Linux assets.

• Maintained Active Directory hygiene, Windows endpoint hardening, and patch tracking.

• Documented incident response procedures and stakeholder communication flows. Operations Manager, 1776 Logistics INC – Rocklin, CA Dec 2020 – Oct 2022

• Operations Manager covering fleet management, vendor relationships, customer accounts, and operational risk over 22 months.

• Built reporting discipline, documentation practices, and escalation workflows directly applicable to SOC operations work.

• Coordinated incident response for operational disruptions and regulatory inquiries. Education

Sierra College, Certificate in IT-Cybersecurity – Rocklin, CA Aug 2025 – May 2028

• Relevant coursework: Information Technology Tools and Applications, Networking and Internet Technology, Cyber Security.

National Metallurgical Academy of Ukraine, BS in Mining and Petroleum Technologies & Technicians – Ukraine

Certifications

• CompTIA Security+ ce

Projects

m365-security-operations May 2026 – present

• Open-source security toolkit for Microsoft 365 + Cloudflare in small organizations. PowerShell audits 5 domains and produces a P1/P2/P3 ranked report with remediation artifacts.

• Ships Microsoft Sentinel analytics rule templates and KQL hunting drills. Frameworks: NIST CSF, ISO 27001:2022, MITRE ATT&CK.

Sierra College Cyber Defense Competition — Security Lead Sept 2025 – Apr 2026

• Participated as Security Lead in a 48-hour blue-team engagement against a live red team. Deployed Security Onion, Wazuh, honeypots, and incident response automation across a multi-zone (WAN/DMZ/LAN) network.

• Public case-study repo: github.com/ibondarenko1/blue-team-engagement (Sigma rule pack, hunting queries, triage runbook).

llm-serving-security Apr 2026 – present

• Public security reference cataloging vulnerability classes and tracked CVEs across the LLM serving stack: vLLM, Triton, lmdeploy, BentoML, SGLang, Ollama, TGI.

• Attack surfaces, hardening guidance, and detection patterns for AI infrastructure operators. Skills

Systems Administration: Windows Server 2025 (Active Directory, Group Policy, Hyper-V virtualization, software deploy ment, role and feature install); Linux administration (Ubuntu / Debian, package management, services, SSH, users / groups / permissions)

Networking: Cisco IOS (VLAN configuration, trunking, EtherChannel, inter-VLAN routing, OSPF / EIGRP, ACL, NAT, DHCP); network topology design; Wireshark packet analysis Endpoint and Network Telemetry: Suricata IDS, Zeek, Wazuh HIDS, Sysmon, Microsoft Defender for Endpoint SIEM and Detection: Wazuh, Security Onion, Microsoft Sentinel, Microsoft Defender XDR, Defender for Office 365 Security Research and Disclosure: CVE analysis and triage, CVSS scoring, GitHub Security Advisories (GHSA), coordinated disclosure, vulnerability research across LLM serving, container runtime, and cloud platforms Frameworks: MITRE ATT&CK, Cyber Kill Chain, NIST CSF, NIST SP 800-61, SOC 2, ISO 27001:2022, HIPAA, CIS Controls Cloud and Identity: Cloudflare (DNS, Email Routing, Workers), Microsoft 365, Entra ID, Conditional Access, Azure basics Scripting: PowerShell, Python, KQL, Bash

IR and Triage: NIST 800-61 incident lifecycle, evidence collection, stakeholder communication, false-positive review, escalation workflows

Tools: Wireshark, Git, Docker, PFSense, Hyper-V

Contact this candidate