Security Operations Center Analyst Resume Preview
- Monitored and triaged 50-70 security alerts per 12-hour shift in Splunk and CrowdStrike for an enterprise environment with 18,000 endpoints across 6 geographic regions, maintaining a median triage time of 8 minutes
- Identified and contained a Business Email Compromise campaign targeting 4 executives within 45 minutes of the first phishing email landing, preventing an estimated $230K wire transfer that was already in progress
- Wrote 14 custom Splunk correlation rules that detected lateral movement patterns the default ruleset missed, directly catching 3 confirmed intrusion attempts during the first quarter after deployment
- Reduced false positive alert volume by 35% by tuning 40+ detection rules over 3 months, working with the engineering team to suppress known-good behaviors while preserving coverage for genuine threats
- Led the investigation of a ransomware precursor incident involving Cobalt Strike beacons on 6 workstations, coordinating with the IR team to isolate affected hosts and eradicate persistence mechanisms within 4 hours of initial detection
- Built 8 automated response playbooks in Cortex XSOAR that handled routine alert enrichment, IP reputation lookups, and user notification, reducing manual analyst workload by approximately 12 hours per week
- Conducted weekly threat intelligence briefings for the 6-person SOC team, mapping recent advisories from CISA and industry ISACs to our MITRE ATT&CK coverage gaps and recommending detection improvements
- Performed network traffic analysis using Wireshark and Zeek to investigate a data exfiltration alert, tracing 2.3GB of outbound transfers to an unauthorized cloud storage service and working with HR to resolve the insider threat case
- Mentored 2 junior analysts through their first 6 months on the SOC team, creating a triage decision tree and shadowing guide that reduced their average time-to-competency from 3 months to 6 weeks
- Participated in 2 purple team exercises with the offensive security team, validating detection coverage for 15 ATT&CK techniques and writing 6 new detection rules to close gaps found during the exercises
Languages & Frameworks: SIEM (Splunk, Sentinel), EDR (CrowdStrike Falcon, Carbon Black), SOAR (Phantom, XSOAR)
Tools & Infrastructure: Threat Intelligence (MITRE ATT&CK), Incident Triage & Response, Network Traffic Analysis (Wireshark, Zeek)
Methodologies & Practices: Log Analysis & Correlation, Malware Analysis (Basic), Vulnerability Scanning (Nessus, Qualys)
Security Controls Modernization Project - Improved security posture across systems by tightening controls around SIEM (Splunk, Sentinel). Documented risks, partnered with engineering teams on remediation, and created repeatable evidence for audits and reviews.
Incident Response and Risk Reduction Program - Built playbooks, reporting workflows, and monitoring improvements connected to EDR (CrowdStrike Falcon, Carbon Black), SOAR (Phantom, XSOAR), Threat Intelligence (MITRE ATT&CK). Reduced response ambiguity and gave leadership clearer visibility into active risks and mitigation progress.
CompTIA Security+
CompTIA CySA+
Splunk Core Certified Power User
GIAC Security Essentials (GSEC)
Professional Summary
SOC analyst with 4 years monitoring, triaging, and responding to security events across enterprise environments with 15,000+ endpoints. Works primarily in Splunk and CrowdStrike, handling 50-70 alerts per shift and escalating confirmed incidents through a structured IR playbook. Has investigated everything from phishing campaigns to ransomware precursor activity and lateral movement attempts.
Key Skills
What to Include on a Security Operations Center Analyst Resume
- A concise summary that states your security operations center analyst experience level, strongest domain, and the business problems you solve.
- A skills section that mirrors the job description language for SIEM (Splunk, Sentinel), EDR (CrowdStrike Falcon, Carbon Black), SOAR (Phantom, XSOAR), Threat Intelligence (MITRE ATT&CK).
- Experience bullets that connect SOC analyst, security operations center, cybersecurity analyst to measurable outcomes such as cost savings, faster delivery, better quality, or improved customer results.
- Tools, platforms, certifications, and methods that are current for cybersecurity roles.
- Recent projects that show ownership, cross-functional work, and a clear result instead of generic responsibilities.
Sample Experience Bullets
- Monitored and triaged 50-70 security alerts per 12-hour shift in Splunk and CrowdStrike for an enterprise environment with 18,000 endpoints across 6 geographic regions, maintaining a median triage time of 8 minutes
- Identified and contained a Business Email Compromise campaign targeting 4 executives within 45 minutes of the first phishing email landing, preventing an estimated $230K wire transfer that was already in progress
- Wrote 14 custom Splunk correlation rules that detected lateral movement patterns the default ruleset missed, directly catching 3 confirmed intrusion attempts during the first quarter after deployment
- Reduced false positive alert volume by 35% by tuning 40+ detection rules over 3 months, working with the engineering team to suppress known-good behaviors while preserving coverage for genuine threats
- Led the investigation of a ransomware precursor incident involving Cobalt Strike beacons on 6 workstations, coordinating with the IR team to isolate affected hosts and eradicate persistence mechanisms within 4 hours of initial detection
- Built 8 automated response playbooks in Cortex XSOAR that handled routine alert enrichment, IP reputation lookups, and user notification, reducing manual analyst workload by approximately 12 hours per week
- Conducted weekly threat intelligence briefings for the 6-person SOC team, mapping recent advisories from CISA and industry ISACs to our MITRE ATT&CK coverage gaps and recommending detection improvements
- Performed network traffic analysis using Wireshark and Zeek to investigate a data exfiltration alert, tracing 2.3GB of outbound transfers to an unauthorized cloud storage service and working with HR to resolve the insider threat case
- Mentored 2 junior analysts through their first 6 months on the SOC team, creating a triage decision tree and shadowing guide that reduced their average time-to-competency from 3 months to 6 weeks
- Participated in 2 purple team exercises with the offensive security team, validating detection coverage for 15 ATT&CK techniques and writing 6 new detection rules to close gaps found during the exercises
ATS Keywords for Security Operations Center Analyst Resumes
Use these terms naturally where they match your experience and the job description.
Role keywords
Technical keywords
Process keywords
Impact keywords
Recommended Certifications
- CompTIA Security+
- CompTIA CySA+
- Splunk Core Certified Power User
- GIAC Security Essentials (GSEC)
What Does a Security Operations Center Analyst Do?
- Design, develop, and maintain software solutions using SIEM (Splunk, Sentinel), EDR (CrowdStrike Falcon, Carbon Black), SOAR (Phantom, XSOAR) and related technologies
- Collaborate with cross-functional teams including product managers, designers, and QA engineers to deliver features on schedule
- Write clean, well-tested code following industry best practices for SOC analyst and security operations center
- Participate in code reviews, technical discussions, and architecture decisions to improve system quality and team knowledge
- Troubleshoot production issues, optimize performance, and ensure system reliability across all environments
Resume Tips for Security Operations Center Analysts
Do
- Quantify impact with specific numbers - team size, users served, performance gains
- List SIEM (Splunk, Sentinel), EDR (CrowdStrike Falcon, Carbon Black), SOAR (Phantom, XSOAR) prominently if they match the job description
- Show progression - more responsibility and scope in recent roles
Avoid
- Vague phrases like "responsible for" or "helped with" without specifics
- Listing every technology you have ever touched - focus on what is relevant
- Including outdated skills that are no longer industry standard
Frequently Asked Questions
How long should a Security Operations Center Analyst resume be?
One page is ideal for most Security Operations Center Analyst roles with under 10 years of experience. If you have 10+ years, major leadership scope, publications, or highly technical project history, two pages can work as long as every section is relevant.
What skills should I highlight on my Security Operations Center Analyst resume?
Prioritize skills that appear in the job description and match your real experience. For Security Operations Center Analyst roles, SIEM (Splunk, Sentinel), EDR (CrowdStrike Falcon, Carbon Black), SOAR (Phantom, XSOAR), Threat Intelligence (MITRE ATT&CK) are strong starting points, but the final list should reflect the specific posting.
How do I tailor my resume for each Security Operations Center Analyst application?
Compare the job description with your summary, skills, and most recent bullets. Add exact-match terms like SOC analyst, security operations center, cybersecurity analyst, incident response, threat detection where they are truthful, then reorder bullets so the most relevant achievements appear first.
What should I avoid on a Security Operations Center Analyst resume?
Avoid generic responsibilities, long paragraphs, outdated tools, and soft claims without evidence. Replace phrases like "responsible for" with action verbs and measurable outcomes.
Should I include projects on a Security Operations Center Analyst resume?
Include projects when they prove relevant skills or fill gaps in work experience. Strong projects show the problem, your role, the tools used, and the result. Skip personal projects that do not relate to the job.
Build your Security Operations Center Analyst resume
Paste a job description and get a tailored, ATS-optimized resume in 20 seconds.
Generate Resume FreeNo credit card required