A complete, annotated resume for a security analyst. Every section is broken down — so you can see exactly what makes this resume land interviews at SOCs and security operations teams.
Scroll down to see the full resume, then read why each section works.
Security analyst with 4 years of experience monitoring, triaging, and responding to threats across enterprise environments. At CrowdStrike, triaged 350+ SIEM alerts daily with a 97% true-positive escalation rate, reducing average incident response time from 45 minutes to 12 minutes. Skilled in Splunk, Microsoft Sentinel, and CrowdStrike Falcon, with a track record of reducing false positive rates, building automated enrichment playbooks, and contributing actionable threat intelligence reports that shaped detection rule development.
SIEM & Detection: Splunk, Microsoft Sentinel, CrowdStrike Falcon, Elastic SIEM Security Tools: SOAR, Nessus, Wireshark, OSINT, Yara Rules Practices: Incident Triage, Threat Intelligence, Phishing Investigation, MITRE ATT&CK, Vulnerability Scanning Languages: Python, SQL
CompTIA Security+ certified
Seven things this security analyst resume does that most don’t.
Most security analyst summaries say something like “experienced in monitoring and incident response.” Aisha’s summary leads with triaging 350+ alerts daily with a 97% true-positive escalation rate. That immediately tells a SOC manager two things: she handles real volume, and she has the judgment to separate genuine threats from noise. When a hiring manager reads that specific escalation accuracy backed by a measurable response time improvement, they know this analyst has operationalized triage — not just sat in front of a dashboard.
Tuning 28 detection rules is specific, but what makes this bullet exceptional is the outcome: 42% false positive reduction and 15 hours per week saved for the entire SOC team. That framing transforms a technical task into a team-wide efficiency improvement. A SOC manager reading this immediately understands that Aisha doesn’t just close tickets — she makes the entire team faster by improving the quality of the alerts they see.
Writing threat intelligence reports alone isn’t impressive — every analyst can document a phishing campaign. What makes Aisha’s bullet stand out is the direct connection: her 6 reports informed 4 new detection rules that caught 3 previously undetected attack patterns. That chain — from analysis to detection to prevention — is exactly what separates a Tier 1 analyst from someone operating at the Tier 2 or Tier 3 level. It tells a hiring manager she thinks about the full detection lifecycle, not just the alert in front of her.
Building SOAR playbooks is a technical skill. But reducing per-case phishing investigation time from 20 minutes to 6 minutes across 200+ weekly emails is a measurable operational improvement. Aisha doesn’t just say she automated something — she quantifies the time savings and the scale. A SOC manager can do the math: that’s roughly 45 hours per week of analyst capacity recovered. That’s the kind of bullet that makes a hiring manager want to call you immediately.
In the Mandiant role, Aisha monitored 8,000+ endpoints and escalated 22 confirmed incidents over 18 months with zero missed critical alerts. That’s not just good performance — it’s the gold standard for SOC analysts. Missing a critical alert can mean a breach. Catching every one means the analyst has the vigilance, the process discipline, and the analytical judgment to be trusted with high-stakes monitoring. This single metric says more about her capability than any tool certification ever could.
Instead of listing every tool alphabetically, Aisha groups her skills into SIEM & Detection, Security Tools, Practices, and Languages. This categorization tells a hiring manager at a glance that she understands the analyst stack holistically. Including practices like “Incident Triage” and “MITRE ATT&CK” alongside tools shows she thinks in frameworks and methodologies, not just product names.
IT support specialist transitioning to SOC Tier 1 at Northern Trust. Security analyst at Mandiant running investigations and building automation. Security Analyst II at CrowdStrike tuning detections and writing threat intelligence. Each role is a visible step up in analytical depth, tooling sophistication, and organizational impact. The progression tells a clear story: this person went from monitoring alerts to improving how the entire SOC detects and responds to threats.
The biggest mistake on security analyst resumes is leading with the tool instead of the outcome. “Used Splunk for security monitoring” is a task description. “Triaged 350+ daily alerts with a 97% true-positive escalation rate, reducing incident response time from 45 minutes to 12 minutes” is a result. Aisha’s resume consistently puts the analytical outcome first and the implementation details second. That ordering matters — SOC managers scan for triage effectiveness and escalation accuracy before they check which SIEM you used.
Notice how the detection tuning bullet ends with “saving the SOC team an estimated 15 hours per week in manual triage.” Most analysts wouldn’t think to quantify the team impact. But it transforms a solo technical improvement into a force-multiplier story. If your detection tuning, automation work, or process improvements saved your team time, reduced alert fatigue, or improved the SOC’s signal-to-noise ratio, find the number and include it.
Aisha doesn’t just triage alerts — she writes threat intelligence reports that inform new detection rules. That progression from reactive monitoring to proactive threat analysis is exactly what SOC managers look for when promoting analysts or hiring at the Tier 2 level. If you’ve contributed to detection engineering, written intelligence reports, or helped shape your team’s detection strategy, position those accomplishments prominently. They signal that you’re ready for the next level.
Emphasize any detection rule development, SIEM architecture work, and security tooling you’ve built or configured at scale. Cybersecurity engineer roles care more about building and hardening security infrastructure than triaging alerts. If you’ve deployed SIEM instances, written custom parsers, built automated response pipelines, or contributed to zero trust architecture, move those bullets to the top of each role and downplay the daily triage volume metrics.
Lead with the threat intelligence reports, the adversary TTP mapping, and any OSINT research you’ve done. Threat intelligence roles care about your ability to analyze campaigns, track threat actors, and produce actionable intelligence — not your SIEM triage speed. Emphasize the 6 threat intelligence reports, the connection to detection rules, and any work you’ve done mapping findings to MITRE ATT&CK. Downplay the alert volume and daily monitoring metrics.
Governance, risk, and compliance roles care about your understanding of frameworks, audit preparation, and risk assessment — not your SOC metrics. Emphasize the vulnerability scanning and remediation coordination work, any compliance-related documentation you’ve produced, and your ability to work cross-functionally with IT and management teams. If you’ve contributed to audit preparation, risk assessments, or policy development, lead with those. Tone down the incident triage and detection tuning bullets.
The weak version describes activities that every SOC analyst does. The strong version names the alert volume, the escalation accuracy, and the measurable response time improvement. Same type of work, completely different level of credibility.
The weak version is a collection of generic statements that could describe any analyst at any level. The strong version names a company, a specific daily workload, an accuracy metric, and a measurable improvement — all in two sentences.
The weak version lists every security tool and framework the person has ever touched, including six SIEM platforms and ticketing systems. The strong version is categorized, focused on depth over breadth, and drops anything that would be embarrassing to discuss in a SOC technical interview.
Include the ones you actually have. Leave out the ones you’d struggle to discuss in an interview.
This exact resume template helped our founder land a remote data scientist role — beating 2,000+ other applicants, with zero connections and zero referrals. Just a great resume, tailored to the job.
Try Turquoise free