Cybersecurity Analyst - SOC & Incident Response

KANDICE COLLINS

+1-601-***-**** ***********@*****.*** LinkedIn

SUMMARY

Cybersecurity Analyst with 6+ years of experience enhancing security operations, incident response, and threat detection across large enterprise environments in the US healthcare and corporate sectors. Skilled at strengthening cloud, network, and endpoint defenses while ensuring compliance with regulatory standards. Adept at collaborating with cross-functional teams, streamlining security processes, and applying analytical problem-solving to reduce risk and improve operational resilience. Recognized for proactive threat hunting, clear communication, and delivering measurable improvements in security posture. TECHNICAL SKILLS

Security Operations & Incident Response: SIEM (Splunk, Microsoft Sentinel), Threat Detection, Log Correlation, Alert Tuning, Incident Response, Threat Hunting, MITRE ATT&CK, SOAR

Endpoint & Identity Security: CrowdStrike, Active Directory, Azure AD, SSO, MFA, Privileged Access Management (PAM), Identity Governance

Network & Infrastructure Security: Firewalls (Palo Alto, Fortinet, Cisco), IDS/IPS (Snort, Suricata), VPN, Network Segmentation, Zero Trust, Secure Web Gateway

Cloud Security: AWS, Azure, IAM, RBAC, Security

Groups/NSGs, AWS GuardDuty, AWS Security Hub, CloudTrail, Azure Monitor, CSPM, Kubernetes & Container Security Application & DevSecOps Security: SAST, DAST, Secure SDLC, CI/CD Security, Container Image Scanning

Vulnerability & Risk Management: Nessus (Tenable), Qualys, CVSS, Patch Management, Configuration Hardening, CIS Benchmarks

Threat Intelligence & Malware Analysis: IOC Analysis & Enrichment, OSINT, Threat Intelligence Platforms, Malware Analysis, YARA, TTP Mapping

Data Protection & Compliance: PHI/PII Protection, DLP, Encryption (AES-256, TLS), AWS KMS, Azure Key Vault, NIST CSF, NIST 800-53, SOC 2, HIPAA

Security Engineering & Automation: Python, PowerShell, Bash, SQL, REST APIs, Security Workflow Automation, SOAR Playbooks

PROFESSIONAL EXPERIENCE

Cybersecurity Analyst Epsilon, USA Jan 2024 – Current

Enhanced SOC alert triage workflows by designing new SIEM use cases in Splunk, improving detection of high-severity threats across 25M daily logs, reducing false positives by 20% and strengthening incident response readiness.

Implemented cloud security monitoring for AWS workloads using GuardDuty and CSPM controls, ensuring compliance with internal policies and industry standards, and mitigating misconfigurations across multi-region accounts.

Led identity governance initiatives in Azure AD and PAM systems, streamlining access reviews and reducing privileged access risk, while coordinating cross-functional teams for secure onboarding and de-provisioning processes.

Conducted advanced threat hunting using MITRE ATT&CK mapping, behavioral analytics, and AI-driven anomaly detection to identify lateral movement attempts and early-stage attacks, improving SOC detection coverage across critical systems. Cybersecurity Analyst McKesson, USA Jan 2023 – Dec 2023

Managed endpoint protection with CrowdStrike EDR/XDR, tuning policies and hardening configurations across 2,500 devices, reducing endpoint compromise events by 15% and enhancing operational resilience.

Performed vulnerability assessments with Nessus (Tenable) and Qualys, prioritizing remediation based on CVSS scoring and business impact, closing 300+ critical exposures in enterprise systems within SLA timelines.

Optimized network segmentation and IDS/IPS configurations (Snort/Suricata), applying alert correlation patterns and zero trust principles to secure sensitive PHI traffic and prevent lateral spread of threats.

Developed Python-based automation scripts to parse logs from multiple endpoints and enrich IOC data, accelerating incident triage and improving analyst productivity by 120 hours per quarter. Cybersecurity Analyst Blue Cross Blue Shield, USA Jan 2020 – Jan 2023

Strengthened DevSecOps pipeline security by integrating SAST/DAST tools into CI/CD workflows, reviewing container images and Terraform scripts, and prioritizing vulnerabilities for remediation, reducing deployment risks in production environments.

Conducted threat intelligence operations using OSINT, threat intelligence platforms, YARA rules, and sandbox analysis to classify malware families and map TTPs, enabling proactive defense measures across healthcare systems.

Administered data protection and compliance initiatives for PHI/PII, implementing DLP policies, encryption (AES-256, TLS), and key management via AWS KMS and Azure Key Vault, supporting HIPAA, SOC 2, and NIST compliance.

Monitored network traffic using Wireshark and firewalls (Palo Alto), applying secure web/email gateway policies, and performing incident response drills, reducing false-positive escalations and improving cross-team collaboration. Cybersecurity Intern KPMG, USA Feb 2019 – Nov 2019

Assisted in SIEM log correlation and alert tuning in Splunk, analyzing 1,200+ daily security alerts, identifying IOC indicators, and reducing false-positive escalations by 25% during internal audit cycles.

Supported cloud security review for Azure and AWS workloads, validating IAM policies, monitoring Security Hub and Azure Monitor alerts, and contributing to cloud configuration hardening and compliance reporting.

Conducted vulnerability scanning and configuration hardening with Nessus and CIS benchmarks, documenting remediation plans and assisting in patch management lifecycle for client environments.

Automated log parsing and enrichment using Python and PowerShell scripts, optimizing threat-hunting workflows and accelerating SOC analyst response times while ensuring data integrity. EDUCATION

Fullstack Academy at Louisiana State University, USA Cybersecurity Bootcamp July 2021 University of Southern Mississippi, USA Bachelor of Arts in Kinesiology May 2015 CERTIFICATIONS

Certified Information Systems Security Professional (CISSP)

GIAC Certified Incident Handler (GCIH)

Certified Cloud Security Professional (CCSP)

Contact this candidate