Cybersecurity SOC Analyst Resume

Education

DAE Institute
Expected Graduation: December 2025

Studying cybersecurity with a focus on security operations, incident response, and threat detection.

Relevant Coursework: Python Programming, Cybersecurity Fundamentals, Digital Forensics, Network Security

Technical Skills

Security Operations & Monitoring

• SIEM Platforms (ELK Stack, Splunk)
• Log Analysis & Correlation
• Threat Detection & Response
• File Integrity Monitoring (Wazuh)
• Network Traffic Analysis

Digital Forensics & Investigation

• Chain-of-Custody Documentation
• Evidence Preservation & Hash Verification
• Incident Timeline Reconstruction
• Security Alert Investigation
• Forensics Tools (Sysmon, Autopsy basics)

Programming & Automation

• Python (Security automation, log parsing, IOC extraction)
• PowerShell (Windows security monitoring)
• Bash scripting (Linux log analysis)

Security Tools & Technologies

• SIEM: ELK Stack, Wazuh, Splunk
• Network Security: pfSense, Suricata, Wireshark, Zeek
• Attack Simulation: Kali Linux, Nmap, Metasploit, Hydra
• Forensics: Sysmon, FTK Imager, hash utilities (MD5/SHA256)
• Platforms: Git/GitHub, VS Code, Windows Server, Linux

Cybersecurity Projects

Law Enforcement SOC Lab: Municipal Infrastructure Protection

September 2025 - December 2025 (In Progress)

Project Overview: Building a comprehensive Security Operations Center environment simulating protection of municipal law enforcement systems, focusing on critical infrastructure monitoring and digital evidence chain-of-custody management.

Core Infrastructure:

• Deployed 4-VM simulated municipal network (911 CAD System, Evidence Management Database, Surveillance Network Controller, Officer Workstation)
• Configured ELK Stack SIEM with legal compliance logging and evidence audit trails
• Implemented file integrity monitoring with Wazuh for evidence tampering detection

Detection & Monitoring:

• Developing 8–10 custom SIEM detection rules for law-enforcement scenarios (unauthorized database queries, evidence tampering, credential compromise, data exfiltration)
• Creating 5–7 specialized dashboards for critical system monitoring and chain-of-custody audit trails
• Building automated alerting for insider threats and privilege escalation attempts

Incident Response & Documentation:

• Designing 6–8 LE-specific incident response playbooks (ransomware on 911 systems, compromised credentials, surveillance breaches, insider threats)
• Executing 8 attack simulations including brute force, phishing, ransomware, and data exfiltration scenarios
• Documenting 10–12 investigations with court-admissible chain-of-custody procedures and evidence hash verification

Automation & Compliance:

• Developing Python scripts for automated chain-of-custody report generation with timestamps and digital fingerprints
• Implementing real-time file integrity monitoring with automated alerting to SIEM
• Creating legal admissibility checklists and evidence handling procedures

Key Technologies: ELK Stack, Wazuh, Suricata, Python, PowerShell, Kali Linux, PostgreSQL, Windows Server, Syslog-ng, Metasploit, Nmap, Hydra

Portfolio Deliverables: GitHub repository with SIEM configurations and detection rules, 10–12 documented case investigations, incident response playbook library, demo video showcasing live attack detection and response

Incident Response Playbook & Lab Environment

June 2025

Project & Role: Designed and implemented an Incident Response Lab to simulate a ransomware attack on high-value confidential data, serving as both lab architect and incident response playbook developer.

Security Operations:

• Built isolated network environment with pfSense firewall, Windows Server, and Linux systems
• Deployed ELK Stack SIEM with Wazuh for real-time threat detection and log correlation
• Configured Sysmon for advanced Windows endpoint monitoring and forensic data collection

Incident Response Development:

• Created comprehensive IR playbook following NIST 800-61 framework (Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post-Incident)
• Executed controlled ransomware simulation using custom binary and Metasploit framework
• Performed tabletop and live attack exercises to validate detection and response procedures

Detection & Analysis:

• Achieved Mean Time to Detect (MTTD) < 15 minutes through optimized SIEM alerting
• Conducted forensic analysis of attack artifacts and created detailed incident timelines
• Documented evidence collection procedures maintaining chain-of-custody standards

Key Results:

• Mean Time to Recover (MTTR) < 24 hours with 100% data recovery validation
• Aligned response procedures with ISO/IEC 27035 standards
• Delivered end-to-end playbook with network diagrams, recovery validation reports, and training documentation

Technologies: ELK Stack, Wazuh, Sysmon, pfSense, Metasploit, DVWA, Kali Linux, Windows Server, Linux (Apache, Postfix)

Experience

Cybersecurity Student Analyst

DAE Institute | June 2025 – Present

• Developing security operations and incident response solutions through hands-on lab projects
• Analyzing security logs and creating detection rules for threat identification
• Building SIEM dashboards and automating security monitoring workflows
• Collaborating on cybersecurity projects applying NIST frameworks and industry best practices

Certifications

Python Programming Fundamentals
Issued June 2025 | DAE Institute

Professional Summary

Aspiring SOC Analyst with hands-on experience in security operations, incident response, and SIEM deployment. Demonstrated expertise in building detection rules, conducting security investigations, and creating court-admissible documentation. Skilled in log analysis, threat detection automation, and digital evidence management. Currently developing specialized skills in law enforcement cybersecurity with focus on critical infrastructure protection and multi-agency coordination protocols.