Security Analyst Resume Template

A template built for security analysts who monitor, detect, and triage threats — structured to showcase the SIEM expertise, incident response speed, false positive reduction, and threat intelligence work that SOC hiring managers are looking for.

Tailor yours now
Aisha Johnson
aisha.johnson@email.com | (312) 555-0847 | linkedin.com/in/aishajohnson-sec
Summary

Security analyst with 4 years of experience monitoring, triaging, and responding to threats across enterprise environments. At CrowdStrike, triaged 350+ SIEM alerts daily with a 97% true-positive escalation rate, reducing average incident response time from 45 minutes to 12 minutes. Skilled in Splunk, Microsoft Sentinel, and CrowdStrike Falcon, with a track record of reducing false positive rates, building automated enrichment playbooks, and contributing actionable threat intelligence reports that shaped detection rule development.

Experience
Security Analyst II Jan 2024 – Present
CrowdStrike Austin, TX (Remote)
  • Triaged 350+ daily SIEM alerts in Splunk and Microsoft Sentinel, maintaining a 97% true-positive escalation rate and reducing average incident response time from 45 minutes to 12 minutes
  • Tuned 28 detection rules across Splunk and CrowdStrike Falcon, reducing false positive volume by 42% and saving the SOC team an estimated 15 hours per week in manual triage
  • Authored 6 threat intelligence reports on emerging phishing campaigns and ransomware variants, directly informing 4 new detection rules that caught 3 previously undetected attack patterns
Security Analyst Jun 2022 – Dec 2023
Mandiant Reston, VA
  • Monitored and investigated security events across 8,000+ endpoints using CrowdStrike Falcon and Elastic SIEM, escalating 22 confirmed incidents over 18 months with zero missed critical alerts
  • Built automated SOAR playbooks for phishing triage that reduced analyst investigation time from 20 minutes to 5 minutes per case, processing 150+ reported phishing emails per week
Skills

SIEM & Detection: Splunk, Microsoft Sentinel, CrowdStrike Falcon, Elastic SIEM   Security Tools: SOAR, Nessus, Wireshark, OSINT, Yara Rules   Practices: Incident Triage, Threat Intelligence, Phishing Investigation, MITRE ATT&CK, Vulnerability Scanning   Languages: Python, SQL

Education
B.S. Information Technology 2022
University of Illinois at Chicago

CompTIA Security+ certified

What makes a strong security analyst resume

Lead with detection and response metrics, not dashboard time

Every security analyst can say they “monitored SIEM dashboards.” What separates a strong resume is showing how effectively you turned alerts into outcomes. “Triaged 350+ daily alerts with a 97% true-positive escalation rate, reducing average incident response time from 45 minutes to 12 minutes” tells a SOC manager you have the judgment to separate real threats from noise — and the speed to act on them. The best security analyst resumes quantify alert volume, escalation accuracy, response time, and detection improvements, because those are the numbers that define whether an analyst is actually effective or just occupying a seat.

Show triage judgment, not just alert volume

Hiring managers don’t want an analyst who escalates everything or dismisses everything. They want someone who can look at a suspicious login event, correlate it with network telemetry, check the threat intelligence context, and make the right call under time pressure. If you’ve maintained a high true-positive escalation rate, reduced unnecessary escalations, or developed triage criteria that improved your team’s signal-to-noise ratio, those accomplishments demonstrate the analytical thinking that separates a Tier 1 analyst from someone who just follows runbooks. Include the accuracy numbers — they’re among the most telling metrics a SOC manager can see.

Demonstrate false positive reduction

Tuning detection rules to reduce false positives is one of the highest-leverage activities a security analyst can do. It saves the entire team time, reduces alert fatigue, and improves the SOC’s overall detection quality. If you’ve tuned SIEM correlation rules, adjusted alert thresholds, or built suppression logic that reduced false positives by a measurable percentage, lead with the before-and-after numbers. “Tuned 28 detection rules, reducing false positive volume by 42% and saving the SOC team 15 hours per week” immediately tells a hiring manager you understand that detection quality matters more than detection quantity.

Highlight threat intelligence contributions

Security analysts who contribute threat intelligence — whether it’s writing reports on emerging campaigns, sharing IOCs with the detection engineering team, or mapping adversary TTPs to MITRE ATT&CK — demonstrate that they think beyond the current alert queue. If your threat intelligence work directly informed new detection rules or helped the team catch previously unknown attack patterns, that’s a career-differentiating bullet point. It signals to a hiring manager that you’re operating at the Tier 2 or Tier 3 level, not just processing tickets.

Key skills for security analyst resumes

Include the ones you actually have. Leave out the ones you’d struggle to discuss in an interview.

Technical Skills

Splunk Microsoft Sentinel QRadar CrowdStrike Falcon SOAR Nessus Qualys Wireshark OSINT Python MITRE ATT&CK Yara Rules Snort Elastic SIEM

What Security Analyst Interviews Focus On

Threat Detection Incident Triage Log Analysis Malware Analysis Phishing Investigation Vulnerability Assessment Risk Scoring Alert Prioritization Report Writing SOC Procedures

Recommended template for security analyst roles

Professional resume template preview

Professional

For security analyst roles, the Professional template is the strongest choice. Its clean structure and clear section hierarchy make it easy for SOC managers to scan for what matters: triage metrics, escalation accuracy, detection tuning results, and threat intelligence contributions. Security operations teams respect precision and clarity over visual flair — and the Professional template delivers exactly that, with a polished format that signals discipline without distracting from the substance of your analytical work.

Use this template

Related reading

Resume Example
Security Analyst Resume Example That Got Hired
A complete, annotated security analyst resume. See how to frame triage work, detection tuning, and threat intelligence as measurable impact.
 Resume Tips
Will recruiters penalize you if your resume sounds AI-generated?
Most recruiters can spot an AI-generated resume — and many will reject it. Here’s what actually triggers suspicion.
 Career Advice
How to get a tech job with no network
No referrals, no connections, no insider access. Here’s how to land a tech role when you’re starting from zero.

Frequently asked questions

Should I get CompTIA Security+ or CEH first?
CompTIA Security+ first, almost always. It’s the baseline certification that most SOC analyst and security analyst job postings list as required or preferred. Security+ covers the foundational concepts you’ll use daily — threat identification, risk management, network security, and incident response. CEH is more specialized toward penetration testing and ethical hacking, which is valuable but secondary for analyst roles focused on monitoring and triage. Get Security+ to unlock the broadest set of analyst positions, then pursue CEH or CySA+ once you’ve built hands-on experience and want to specialize.
What does the SOC analyst career path look like?
Most security analysts start as SOC Tier 1 analysts — monitoring dashboards, triaging alerts, and escalating confirmed incidents. After 1–2 years, you move to Tier 2 where you handle deeper investigation, malware analysis, and incident response. Tier 3 is threat hunting and detection engineering, where you’re writing correlation rules and proactively searching for threats. From there, paths diverge: you can move into security engineering (building security tooling and infrastructure), threat intelligence (analyzing adversary tactics), incident response management, or GRC (governance, risk, and compliance). The key is building depth in one area while maintaining breadth across the others.
How do I show impact in a monitoring role where nothing goes wrong?
The absence of incidents is itself an outcome — but you need to quantify the work that produces that outcome. Track your alert volume (“triaged 300+ alerts daily”), your false positive reduction (“tuned 12 detection rules, reducing false positives by 38%”), your escalation accuracy (“maintained 96% true-positive rate on escalations”), and your process improvements (“built automated enrichment playbooks that cut triage time from 15 minutes to 4 minutes per alert”). You can also highlight threat intelligence contributions, phishing investigation outcomes, and documentation improvements. The goal is showing that your monitoring wasn’t passive — you actively improved the SOC’s detection capability and operational efficiency.

Ready to tailor your security analyst resume?

Turquoise builds a tailored, ATS-friendly resume for any security analyst role in minutes — structured to highlight your triage accuracy, detection tuning results, and the threat intelligence contributions that define your analytical career, using your real experience.

Try Turquoise free