SOC Analyst with hands-on experience in alert triage, incident response support, endpoint investigation, and access reviews across small and mid-sized client environments. Monitored ~50 security alerts per day and responded to 10–20 emergency incidents daily across ~350 customers ranging from 200 to 1,000+ users and endpoints. Skilled in Microsoft Sentinel, Microsoft XDR, EDR workflows, KQL query development, Active Directory, Intune, and incident documentation, with a strong focus on improving detection, containment, and remediation outcomes. Currently completing a B.S. in Cybersecurity and Information Assurance at Western Governors University and building offensive skills through Hack The Box, TryHackMe, and OSCP-track study.
Work History
Cyber Security Analyst
Bridgehead IT
San Antonio, TX
08.2024 - 02.2026
Monitored and triaged an average of 50 security alerts per day in Microsoft Sentinel and XDR across ~350 client environments, ensuring timely detection, investigation, and escalation of high‑risk activity.
Investigated and responded to 10–20 emergency security incidents daily, isolating impacted endpoints and accounts in customer environments ranging from 200 to 1,000+ users and devices.
Executed endpoint isolation, forensic triage, and incident response support during phishing, malware, and account‑compromise events, reducing containment time and limiting lateral movement.
Developed and refined KQL queries and detection logic to improve proactive threat hunting and reporting, increasing visibility into suspicious logins and risky endpoint behavior.
Performed recurring access reviews and audit checks that reduced exposure to insider threats, excessive permissions, and compromised accounts.
Partnered with client IT teams and senior analysts to remediate findings, harden SaaS-first environments, and document incident response actions in line with internal playbooks.
Produced clear incident reports and post-remediation summaries for confirmed compromises, translating technical details into business‑focused remediation guidance.
Participated in a 24/7 emergency on‑call rotation, providing continuous support for critical incidents and urgent client security events.
Associate IS Technician - ASK IT Tech Help Desk
Providence Health St. Joseph
San Antonio, TX
09.2022 - 09.2024
Resolved 1,556 ServiceNow tickets while maintaining timely issue resolution and dependable end‑user support in a high‑volume environment.
Performed user verification and security checks during support interactions to identify suspicious behavior, malicious activity, and access issues before escalation.
Supported Active Directory, Group Policy Objects, Microsoft Authenticator, and MFA troubleshooting, helping employees regain secure access and strengthening identity and access controls.
Produced detailed service documentation and job logs to improve issue tracking, accountability, and continuity across shifts.
Maintained strong quality and customer satisfaction metrics while balancing technical troubleshooting with security‑minded support.
Computer User Support Specialist
ACI Learning
San Antonio, TX
06.2022 - 09.2022
Installed and supported Windows systems, provided command‑line and desktop support, and resolved device and network issues for end users.
Helped secure wired and wireless networks by reinforcing physical security practices and recognizing common attack patterns.
Built foundational cybersecurity knowledge through troubleshooting, exposure to compromise indicators, and early work with vulnerability scanning and penetration testing concepts.
Certification
IITIL 4 Foundations
Overview
4
4
years of professional experience
7
7
Certificates
3
3
years of post-secondary education
Education
Bachelor of Science - Cyber Security & Information Assurance
Western Governors University
Salt Lake City, UT
10.2023 - 12.2026
Technical School - Information Technology
ACI Learning
San Antonio, TX
06.2022 - 09.2022
Skills
SIEM monitoring (Microsoft Sentinel)
EDR investigation (Microsoft XDR and other EDR tools)
Alert triage and escalation
Incident response and containment
KQL query development and dashboards
Endpoint isolation and forensic triage
Vulnerability assessment basics
Active Directory and Group Policy
Identity and access management, MFA support
ServiceNow ticketing
Security awareness and user training
Python and PowerShell fundamentals
Projects
TryHackMe – Pre‑Security, Cyber Security 101
Hack The Box – Information Security Foundations, SOC Analyst, Junior Penetration Tester
Coursera – Python for Everybody, Practical Windows PowerShell, KQL Scripting
Timeline
Okta Certified Professional
12-2025
Microsoft Certified: Identity and Access Administrator Associate
10-2025
Microsoft Certified: Security Operations Analyst Associate
09-2025
CompTIA Sec +
06-2025
CompTIA Net +
02-2025
CompTIA A+
10-2024
Cyber Security Analyst
Bridgehead IT
08.2024 - 02.2026
Bachelor of Science - Cyber Security & Information Assurance