Home/Resume Examples/SOC Analyst
Cybersecurity

SOC Analyst Resume Example

This soc analyst resume example uses a single-column, ATS-optimized layout with role-specific keywords, quantified achievements, and a targeted skills section. Use it as a reference or let our AI tailor it to any job description in seconds.

SOC AnalystSecurity OperationsThreat DetectionSecurity AnalystInformation Security SpecialistSecurity EngineerRisk Analyst

Avg. Salary

$65,000 - $100,000

Level

Entry-Mid Level

SOC Analyst Resume Preview

Alex Johnson
SOC Analyst  |  alex.johnson@email.com  |  (555) 123-4567  |  San Francisco, CA  |  linkedin.com/in/alexjohnson
Summary
SOC analyst with 3+ years in 24/7 security operations environments monitoring enterprise networks and endpoints. Skilled in real-time threat detection using Splunk and CrowdStrike, with experience in alert triage, incident escalation, and developing detection use cases for emerging threats. Skilled in Splunk, CrowdStrike Falcon, Microsoft Sentinel, Incident Triage, Threat Hunting, and MITRE ATT&CK, Log Analysis, Network Traffic Analysis with hands-on experience across SOC analyst, security operations, threat detection. Strong communicator who works effectively with cross-functional teams including product, design, and QA.
Experience
Senior SOC AnalystJan 2022 - Present
TechCorp Inc.San Francisco, CA
  • Triaged over 300 daily security alerts across Splunk and CrowdStrike Falcon, maintaining a response time under 15 minutes for all high-severity incidents. Documented triage decisions and escalation rationale in ServiceNow for every alert acted on
  • Wrote 25+ threat hunting queries based on MITRE ATT&CK techniques targeting credential access, lateral movement, and persistence. Proactively identified 8 indicators of compromise that had been present in the environment undetected
  • Built automated response playbooks in Cortex XSOAR for phishing and malware alerts, cutting average response time from 30 minutes to 5 minutes. The playbooks handle initial enrichment, containment, and ticket creation without analyst intervention
  • Investigated and contained a business email compromise attempt targeting the finance department, tracing the attack chain from initial phishing email through account takeover. Prevented $250K in fraudulent wire transfers by catching it before the second approval
  • Mentored 3 Tier-1 analysts on alert triage methodology, tool usage, and escalation criteria through daily shadowing and weekly review sessions. The team's first-call resolution rate improved 35% within two months of the mentorship starting
  • Worked the overnight and weekend shift rotation in a 24/7 SOC covering enterprise network, endpoint, and cloud environments independently. Handled alert volume and incident escalations without senior analyst backup during off-hours
SOC AnalystJun 2019 - Dec 2021
InnovateLabsAustin, TX
  • Analyzed network traffic captures in Wireshark and correlated endpoint telemetry from CrowdStrike to investigate potential data exfiltration and lateral movement activity. Built investigation timelines that the incident response team used for containment decisions
  • Maintained detailed shift notes and handed off all open investigations to the incoming shift with clear context, next steps, and priority rankings. This handoff discipline kept investigation continuity high across analyst rotations
  • Tuned 15 SIEM correlation rules to reduce alert noise by adjusting thresholds, adding exclusion lists, and refining detection logic. False positive alerts dropped from roughly 200 to 60 per day, freeing significant analyst time for real investigations
  • Created a daily security dashboard in Splunk showing alert volume trends, mean triage time, and escalation rates broken down by category. The SOC manager used this dashboard in weekly team meetings to track operational performance
  • Participated in quarterly incident response tabletop exercises simulating ransomware, insider threat, and cloud compromise scenarios. Provided feedback on playbook gaps after each exercise and helped update the documentation accordingly
Education
Bachelor of Science in Computer Science, University of California, Berkeley - Berkeley, CA2019
Skills

Languages & Frameworks: Splunk, CrowdStrike Falcon, Microsoft Sentinel, Incident Triage

Tools & Infrastructure: Threat Hunting, MITRE ATT&CK, Log Analysis, Network Traffic Analysis

Methodologies & Practices: Wireshark, SOAR (Cortex XSOAR), Ticketing (ServiceNow)

Projects

Security Controls Modernization Project - Improved security posture across systems by tightening controls around Splunk. Documented risks, partnered with engineering teams on remediation, and created repeatable evidence for audits and reviews.

Incident Response and Risk Reduction Program - Built playbooks, reporting workflows, and monitoring improvements connected to CrowdStrike Falcon, Microsoft Sentinel, Incident Triage. Reduced response ambiguity and gave leadership clearer visibility into active risks and mitigation progress.

Certifications

CompTIA Security+

CompTIA CySA+

Splunk Core Certified User

Professional Summary

SOC analyst with 3+ years in 24/7 security operations environments monitoring enterprise networks and endpoints. Skilled in real-time threat detection using Splunk and CrowdStrike, with experience in alert triage, incident escalation, and developing detection use cases for emerging threats.

Key Skills

SplunkCrowdStrike FalconMicrosoft SentinelIncident TriageThreat HuntingMITRE ATT&CKLog AnalysisNetwork Traffic AnalysisWiresharkSOAR (Cortex XSOAR)Ticketing (ServiceNow)

What to Include on a SOC Analyst Resume

  • A concise summary that states your soc analyst experience level, strongest domain, and the business problems you solve.
  • A skills section that mirrors the job description language for Splunk, CrowdStrike Falcon, Microsoft Sentinel, Incident Triage.
  • Experience bullets that connect SOC analyst, security operations, threat detection to measurable outcomes such as cost savings, faster delivery, better quality, or improved customer results.
  • Tools, platforms, certifications, and methods that are current for cybersecurity roles.
  • Recent projects that show ownership, cross-functional work, and a clear result instead of generic responsibilities.

Sample Experience Bullets

  • Triaged over 300 daily security alerts across Splunk and CrowdStrike Falcon, maintaining a response time under 15 minutes for all high-severity incidents. Documented triage decisions and escalation rationale in ServiceNow for every alert acted on
  • Wrote 25+ threat hunting queries based on MITRE ATT&CK techniques targeting credential access, lateral movement, and persistence. Proactively identified 8 indicators of compromise that had been present in the environment undetected
  • Built automated response playbooks in Cortex XSOAR for phishing and malware alerts, cutting average response time from 30 minutes to 5 minutes. The playbooks handle initial enrichment, containment, and ticket creation without analyst intervention
  • Investigated and contained a business email compromise attempt targeting the finance department, tracing the attack chain from initial phishing email through account takeover. Prevented $250K in fraudulent wire transfers by catching it before the second approval
  • Mentored 3 Tier-1 analysts on alert triage methodology, tool usage, and escalation criteria through daily shadowing and weekly review sessions. The team's first-call resolution rate improved 35% within two months of the mentorship starting
  • Worked the overnight and weekend shift rotation in a 24/7 SOC covering enterprise network, endpoint, and cloud environments independently. Handled alert volume and incident escalations without senior analyst backup during off-hours
  • Analyzed network traffic captures in Wireshark and correlated endpoint telemetry from CrowdStrike to investigate potential data exfiltration and lateral movement activity. Built investigation timelines that the incident response team used for containment decisions
  • Maintained detailed shift notes and handed off all open investigations to the incoming shift with clear context, next steps, and priority rankings. This handoff discipline kept investigation continuity high across analyst rotations
  • Tuned 15 SIEM correlation rules to reduce alert noise by adjusting thresholds, adding exclusion lists, and refining detection logic. False positive alerts dropped from roughly 200 to 60 per day, freeing significant analyst time for real investigations
  • Created a daily security dashboard in Splunk showing alert volume trends, mean triage time, and escalation rates broken down by category. The SOC manager used this dashboard in weekly team meetings to track operational performance
  • Participated in quarterly incident response tabletop exercises simulating ransomware, insider threat, and cloud compromise scenarios. Provided feedback on playbook gaps after each exercise and helped update the documentation accordingly

ATS Keywords for SOC Analyst Resumes

Use these terms naturally where they match your experience and the job description.

SIEM & Detection

SplunkMicrosoft SentinelQRadarElastic SIEMChronicleLog AnalysisCorrelation RulesAlert TriageDetection EngineeringUse Case Development

Incident Response

Incident TriageIncident EscalationContainmentEradicationRoot Cause AnalysisForensic AnalysisChain of CustodyIncident DocumentationPlaybook ExecutionPost-Incident Review

Threat Intelligence

MITRE ATT&CKIndicators of CompromiseThreat HuntingOSINTMalware AnalysisPhishing AnalysisThreat FeedsSTIX/TAXIIDiamond ModelKill Chain Analysis

Tools & Technologies

EDR (CrowdStrike, Carbon Black)SOARWiresharkNessusVirusTotalSandbox AnalysisPacket CaptureFirewall Log AnalysisProxy LogsPowerShell Analysis

Process & Communication

24/7 OperationsShift HandoffSLA AdherenceTicket ManagementStakeholder CommunicationRunbook DevelopmentContinuous MonitoringSecurity Metrics Reporting

Keyword Tips

  • Quantify your alert volume and response times: 'Triaged 200+ daily alerts with average 15-minute initial response time' shows you can handle real SOC workloads.
  • Reference specific SIEM platforms and EDR tools -- hiring managers filter for exact matches like 'Splunk', 'CrowdStrike', or 'Microsoft Sentinel'.
  • Include threat frameworks like MITRE ATT&CK in your experience bullets: 'Mapped detection rules to 85 ATT&CK techniques across 12 tactic categories' demonstrates structured thinking.

Recommended Certifications

  • CompTIA Security+
  • CompTIA CySA+
  • Splunk Core Certified User

What Does a SOC Analyst Do?

  • Design, develop, and maintain software solutions using Splunk, CrowdStrike Falcon, Microsoft Sentinel and related technologies
  • Collaborate with cross-functional teams including product managers, designers, and QA engineers to deliver features on schedule
  • Write clean, well-tested code following industry best practices for SOC analyst and security operations
  • Participate in code reviews, technical discussions, and architecture decisions to improve system quality and team knowledge
  • Troubleshoot production issues, optimize performance, and ensure system reliability across all environments

Resume Tips for SOC Analysts

Do

  • Quantify impact with specific numbers - team size, users served, performance gains
  • List Splunk, CrowdStrike Falcon, Microsoft Sentinel prominently if they match the job description
  • Show progression - more responsibility and scope in recent roles

Avoid

  • Vague phrases like "responsible for" or "helped with" without specifics
  • Listing every technology you have ever touched - focus on what is relevant
  • Including outdated skills that are no longer industry standard

Frequently Asked Questions

How long should a SOC Analyst resume be?

One page is ideal for most SOC Analyst roles with under 10 years of experience. If you have 10+ years, major leadership scope, publications, or highly technical project history, two pages can work as long as every section is relevant.

What skills should I highlight on my SOC Analyst resume?

Prioritize skills that appear in the job description and match your real experience. For SOC Analyst roles, Splunk, CrowdStrike Falcon, Microsoft Sentinel, Incident Triage are strong starting points, but the final list should reflect the specific posting.

How do I tailor my resume for each SOC Analyst application?

Compare the job description with your summary, skills, and most recent bullets. Add exact-match terms like SOC analyst, security operations, threat detection, alert triage, security monitoring where they are truthful, then reorder bullets so the most relevant achievements appear first.

What should I avoid on a SOC Analyst resume?

Avoid generic responsibilities, long paragraphs, outdated tools, and soft claims without evidence. Replace phrases like "responsible for" with action verbs and measurable outcomes.

Should I include projects on a SOC Analyst resume?

Include projects when they prove relevant skills or fill gaps in work experience. Strong projects show the problem, your role, the tools used, and the result. Skip personal projects that do not relate to the job.

Build your SOC Analyst resume

Paste a job description and get a tailored, ATS-optimized resume in 20 seconds.

Generate Resume Free

No credit card required

Related Cybersecurity Resumes

Cybersecurity Analyst ResumeSecurity Engineer ResumePenetration Tester ResumeInformation Security Manager Resume

More for SOC Analysts

SOC Analyst Salary GuideSOC Analyst Interview QuestionsHow to Become a SOC Analyst

Explore More Resume Examples

DevSecOps Engineer

DevOps & Cloud

Data Product Manager

Data & Analytics

Speech-Language Pathologist

Healthcare

Technical Recruiter

Business & Operations

AI Safety Researcher

AI & Machine Learning

Pharmacist

Healthcare