Security Analyst
Resume:
Hetanshi Bhatt
Security Analyst SOC Analyst Cybersecurity Professional
*********@*****.*** 647-***-**** Toronto, ON linkedin.com/in/hetanshi-bhatt-357aa326b PROFESSIONAL SUMMARY
Results-driven Security Analyst with 2+ years of experience in cybersecurity operations within a Managed Security Services (MSS) environment, supporting multiple enterprise client accounts simultaneously. Proven track record in security monitoring, incident detection and response, vulnerability management, and threat intelligence analysis across diverse industries. Skilled in operating enterprise SIEM platforms, EDR tools, and network security infrastructure to identify, contain, and remediate threats. CompTIA Security+ certified with deep hands-on experience in SOC operations, client-facing security reporting, and cross-functional collaboration. Adept at managing high-volume alert queues, conducting root cause analysis, and delivering actionable security recommendations to stakeholders.
CORE COMPETENCIES
• Security Incident Response • SIEM Management (Splunk, Sentinel)
• Threat Intelligence & Analysis
• Vulnerability Assessment &
Mgmt.
• Endpoint Detection &
Response (EDR)
• Network Security Monitoring
• IAM & Access Control • Multi-Client Account
Management
• Security Compliance &
Reporting
TECHNICAL SKILLS
SIEM / SOC Tools Splunk (ES), Microsoft Sentinel
EDR / Endpoint CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Sophos Intercept X
Vuln. Management Nessus, OpenVAS, Qualys
Network Security Wireshark, Zeek, Firewall Configuration (Sophos, Fortinet, WatchGuard), VPNs, SSL/TLS, IDS/IPS
Threat Intelligence ThreatConnect, MITRE ATT&CK Framework, IOC Analysis IAM Okta, Azure AD, AWS IAM, SSO, MFA, RBAC, PAM
Cloud Platforms Microsoft Azure, AWS
Ticketing / ITSM ServiceNow, ConnectWise, Jira
Operating Systems Windows 10/11, macOS, Linux (Ubuntu/CentOS) Frameworks NIST CSF, ISO 27001, CIS Controls, MITRE ATT&CK, OWASP PROFESSIONAL EXPERIENCE
Systems Analyst (IT & Security Support)
F12.net Toronto, ON Nov 2024 – Present
Managed security operations for 12+ enterprise client accounts across financial services, healthcare, and retail verticals within a fast-paced Managed Security Services environment.
• Monitored and triaged 200+ security alerts per week across multiple client SIEM environments (Splunk ES, Microsoft Sentinel), maintaining a mean time-to-detect (MTTD) of under 15 minutes for critical incidents.
• Led end-to-end incident response for 30+ confirmed security incidents annually, including phishing, credential stuffing, achieving a mean time-to-respond (MTTR) of under 2 hours.
• Conducted deep-dive threat hunting across client environments using MITRE ATT&CK framework, proactively identifying 18 previously undetected lateral movement campaigns over 12 months.
• Performed vulnerability scans and risk assessments using Nessus and OpenVAS across 1,000+ client endpoints, producing prioritized remediation reports that reduced critical vulnerability exposure by 42%.
• Deployed and tuned CrowdStrike Falcon and Sentinel One EDR policies for client environments, reducing false positive alert rates by 35% and improving detection fidelity.
• Investigated and contained malware infections, phishing campaigns, and indicators of compromise (IOCs) across client workstations; performed forensic triage, memory analysis, and post-incident review.
• Collaborated with client IT and security teams to design and implement firewall rules (Sophos, Fortinet, WatchGuard), VPN configurations, and MFA enforcement policies.
• Managed identity and access management reviews for client accounts using Okta, Azure AD, and AWS IAM, identifying and remediating access policy violations.
• Served as the primary security contact for 5 enterprise client accounts, conducting bi-weekly security reviews and maintaining 95%+ client satisfaction ratings.
• Assisted in onboarding 4 new client accounts, including SIEM log source integration, use case development, and baseline security posture assessments.
Systems Analyst (IT Support)
F12.net Toronto, ON Nov 2023 – Oct 2024
• Investigated end-user workstations for malware and indicators of compromise (IOCs) using Malwarebytes and CrowdStrike Falcon; performed initial triage on potentially infected systems by analyzing suspicious activity and collecting endpoint forensic data.
• Assisted the security team in remediating confirmed infections by isolating compromised machines, executing malware removal, and verifying system integrity post-remediation.
• Monitored server alerts and system notifications using ConnectWise and ServiceNow, escalating critical security issues to Tier 2/3 teams and reducing average resolution time by 25%.
• Managed 60+ daily client support tickets in a high-volume MSP environment, consistently meeting SLA targets above 98% while maintaining clear client communication and documentation.
• Collaborated with the cybersecurity team to communicate threat findings and coordinate containment strategies, ensuring timely resolution of active incidents. EDUCATION
Certification in Cybersecurity Fundamentals & Advanced York University Toronto, ON 2023
TryHackMe – Cybersecurity Training Modules
TryHackMe Platform Online 2025 – Present
CERTIFICATIONS
• CompTIA Security+ (SY0-701) — Active
• TryHackMe – SOC Level 1 Path (Completed)
• Microsoft SC-200: Security Operations Analyst Associate — In Progress KEY ACHIEVEMENTS
• Reduced mean time-to-detect (MTTD) by 40% across assigned client accounts through SIEM tuning and custom correlation rule development in Splunk and Microsoft Sentinel.
• Successfully led containment and remediation of a multi-client ransomware event affecting 3 accounts simultaneously, preventing data exfiltration and restoring operations within 6 hours.
• Developed a standardized incident response playbook working alongside security team and adopted across the MSS team, reducing documentation time per incident by 30% and improving audit readiness.
Contact this candidate