Jacob Macdonnell

Details

Skills

Security Operations (Tier 1): Security monitoring (alert queue), alert triage and investigation, ticket ownership to resolution, escalation/closure criteria, ticket documentation, playbooks/runbooks (SOPs) and workbooks/lookups, SLA targets (MTTD/MTTA/MTTR), incident reporting
SIEM: Splunk SPL fundamentals, log correlation, timeline building, evidence capture and summary writing
Frameworks/IR: CIS Controls, NIST CSF, MITRE ATT&CK mapping; incident response lifecycle (PICERL/DAIR)
Network fundamentals: TCP/IP, DNS, HTTP(S), identity/authentication; firewalls, NIDS/NIPS (fundamentals)
Network/Forensics: PCAP analysis (Wireshark), Zeek/RITA, memory analysis (Volatility 3), .evtx timeline building (Hayabusa/Sigma)
Systems: Windows/Linux fundamentals, Active Directory basics, PowerShell basics

About

Entry-level SOC Analyst with hands-on lab and simulation experience in security monitoring, alert triage, log investigation, and incident documentation. Comfortable operating a ticket-driven alert lifecycle (acknowledge, investigate, document evidence, escalate with severity/context, close with resolution criteria), using playbooks/runbooks (SOPs) and workbooks/lookups, tracking SOC metrics (MTTD/MTTA/MTTR), and investigating ransomware/C2 using Splunk, Zeek/RITA, Windows Event Logs, Wireshark, and Volatility; mapped findings to MITRE ATT&CK and produced containment recommendations.