University students may have difficulties in choosing which parts to highlight while preparing their resumes. In this article, we will talk about how a SOC analyst candidate should prepare his/her first resume.
I have been working as a SOC analyst, SIEM engineer, and Incident Responder in an enterprise SOC structure environment. So, I have an overall idea of what different teams expect from SOC analysts. While preparing this article, I also received support from team leaders and managers with 7+ years of experience in the field.
Before you get started, you might also want to check out our article on how to become a SOC Analyst.
Work experience, if any, can be described simply by addressing the following topics:
Team and Responsibilities
It should be mentioned in which team the person is and what he/she does specifically.
Although the logic of the business is important in cyber security, there are too many products and tools in the market. As a SOC analyst candidate, it will be worth mentioning if you have used any specific tools such as SIEM, EDR, SOAR solutions before.
Title: SOC Analyst
Duration: 01.01.2021 – 10.01.2022
Roles and Responsibilities: I worked as a SOC analyst in the SOC team, which is responsible for the security of LetsDefend, which has 10,000+ Clients/Servers. I was one of the first responders responsible for analyzing the incoming alarms on IBM Qradar by following the playbooks on Resilient SOAR with the help of SentinelOne EDR, Wazuh and determining whether the alarm is related to a real incident or a false positive.
If there is a project you worked in the past (commercial project, open-source, etc.), you can briefly mention the project and add your contribution to the project. If the project has a public Github/Gitlab page, etc. it would be good to include it in the resume.
In addition, if you have a blog and write various technical articles about the industry (Ex: How to analyze phishing mails, malware dynamic analysis, etc.), it will contribute to your resume a lot.
I developed rules to detect suspicious network and PowerShell activities in the open-source “Sigma” project, which creates a generic signature format for SIEM systems.
For those who are still active students, contributing to open source projects will provide an opportunity to prove your skills while proving your interest in the field. You can strengthen your background by explaining the code you added to the project and sharing the link of the code through platforms like Github/Gitlab etc.
You should specify the skills that will indicate that you will successfully be able do the job in the position you are applying for. Considering the SOC analyst position, the use of Windows/Linux operating systems, basic programming skills, malware analysis, operating system and networking foundation are some basic skills.
Make sure not to put down any skills you don’t have any experience with.
Getting certified in the profession is not necessary every time. In addition, you prove your interest in this sector with the money and time you spend on the certification. Having a certificate can help you get +1 point in your resume and get ahead of other candidates.
If you are considering getting certified, you can take a look at the blue team certifications in the link below:
If You Don’t Want to Spend Money and Time on Certificates
Although getting certified is really worth it, you can also participate in online/offline events or trainings that offer free participation certificates. You can also use the badges you earned in the free version of LetsDefend here. That way, you can show that you have successfully analyzed different types of incidents before.
Although a university/college degree is not required to work in the IT industry in recent years, if you have studied “Computer Science”, it shows that you have a certain foundation even if you have not spent much time on it, thanks to the courses you have taken here such as operating systems, programming and networking.
You mention the cybersecurity-related activities and clubs that you took an active role in during the training in your resume. In this way, you can show your interest in cyber security.
In addition to university education, completing the training of proven and highly-reputable SOC analyst training platforms will also make you stand out.
Should I Specify My Grade Point Average?
If you have a grade rating that you think is high (3.5+/4.0), it might be good to mention. Otherwise, it won’t do much.