🔐 SOC Analyst (Entry-Level) | SIEM • Threat Detection • Incident Response 🔗 LinkedIn: https://linkedin.com/in/matthew-solomon-29a53b89 🧪 TryHackMe: https://tryhackme.com/p/MatthewSolomon 🐦 X (Twitter): https://x.com/diepreye7_d
I am an aspiring Security Operations Center (SOC) Analyst with hands-on experience in SIEM monitoring, alert triage, and incident investigation across simulated enterprise environments.
I have performed:
- Security alert triage and investigation using Splunk and ELK
- Log analysis across Windows Event Logs and Sysmon telemetry
- Detection and correlation of suspicious activities
- MITRE ATT&CK mapping and structured incident documentation
I am passionate about understanding attacker behaviour and contributing to teams responsible for detecting, analysing, and responding to security threats.
- SIEM: Splunk, Elastic Stack (ELK)
- Alert Triage & Incident Response
- Log Analysis: Windows Event Logs, Sysmon
- Threat Detection & Investigation
- Frameworks: MITRE ATT&CK, NIST CSF
- Tools: Wireshark, VirusTotal
- Scripting: Python (basic automation)
| Project Title | Description | Tools |
|---|---|---|
| SOC Tier 1 Workflow Simulation — Monitoring, Triage & Escalation | Simulated end-to-end SOC Tier 1 operations including continuous alert monitoring, investigation, prioritization, escalation, and structured incident reporting. | Splunk, TryHackMe |
| SIEM Alert Triage & Incident Investigation (Splunk & ELK) | Investigated security alerts using SIEM tools, performed log correlation, enriched indicators, mapped activity to MITRE ATT&CK, and documented incident response actions. | Splunk, ELK, Sysmon |
| Windows Event Log Investigation — Threat Detection & Analysis | Analysed Windows Event Logs and Sysmon telemetry to detect suspicious behaviour, identify attack patterns, and perform structured incident investigations. | Event Viewer, Sysmon, SPL |
| Elastic SIEM Deployment & Log Monitoring — Detection Engineering Lab | Deployed and configured an Elastic SIEM environment for centralized log ingestion, monitoring, alerting, and basic detection engineering use cases. | Elastic Cloud, Filebeat, Kibana |
| SOC Operations & Incident Response — Tools, Workflows & Frameworks | Documented SOC architecture, incident response lifecycle, and use of security tools aligned with MITRE ATT&CK and NIST frameworks. | MITRE ATT&CK, NIST CSF |
- Ability to triage and investigate alerts efficiently
- Strong log analysis and correlation skills
- Clear and structured incident documentation
- Hands-on experience with SIEM tools and detection workflows
- Strong analytical thinking and attention to detail
- Improving detection engineering and alert tuning
- Strengthening incident response capabilities
- Advancing SIEM query optimization (Splunk SPL / KQL basics)
- Preparing for real-world SOC environments
Screenshots and investigation evidence are included within each project repository.
To join a Security Operations Center (SOC) team where I can contribute to threat detection, incident response, and continuous security improvement while growing into a highly skilled security analyst.
“Cybersecurity is not just a job — it’s a mindset, and I am committed to growing in it every day.”