Cybersecurity Analyst | SOC Monitoring | Incident Response | SIEM Engineering
Cybersecurity Analyst with hands-on experience in SIEM operations, alert triage, endpoint and network telemetry validation, and structured incident investigations aligned with MITRE ATT&CK and NIST 800-61.
🔗 Live Site: https://nscybersecurity.com/
📄 Resume: Nikki_Sadvand_Cybersecurity_Analyst_Resume.pdf
Professional Summary
Cybersecurity Analyst experienced in designing and operating an Elastic-based SIEM environment for endpoint and network visibility.
Practical experience includes:
- Windows authentication anomaly investigations (Event ID 4624, 4625, 4672)
- Endpoint telemetry validation using Sysmon v15+
- Network telemetry analysis using Zeek
- Alert triage, escalation, and structured case documentation
- Detection validation using KQL and Kibana Discover
- Incident response aligned with NIST 800-61 lifecycle
M.S. Cybersecurity Technology (UMGC, GPA 4.0, President’s List)
Core Competencies
SIEM & Monitoring
Elastic SIEM
Splunk
Kibana Discover
KQL log validation
Alert triage & escalation
Endpoint Telemetry
Sysmon v15+
Windows Event Logs
Process & authentication analysis
PowerShell monitoring
Network Telemetry
Zeek (Ubuntu 24.04)
DNS & connection log analysis
Filebeat ingestion
Wireshark
Incident Response
NIST 800-61 lifecycle
MITRE ATT&CK behavioral mapping
IOC validation
Structured case documentation
DFIR & Analysis
Autopsy
FTK Imager
Autoruns
Artifact and log analysis
Security Operations Engineer | Remote | Dec 2024 – Present
- Designed and deployed Fleet-managed Elastic SIEM endpoint pipeline using Sysmon v15+.
- Deployed Zeek network monitoring on Ubuntu and ingested structured DNS/HTTP telemetry into Elastic.
- Validated detection reliability using targeted KQL queries and Kibana Discover analysis.
- Analyzed Windows authentication events, process execution logs, firewall logs, and outbound network activity.
- Executed structured SOC investigations aligned with NIST 800-61.
- Performed tiered alert triage and documented full investigation workflows.
Cybersecurity & IT Support Technician | March 2019 – Present
- Supported and secured 60+ Windows endpoints in an Active Directory-based environment.
- Resolved 25–30 weekly tickets involving MFA enforcement, malware triage, and endpoint remediation.
- Reduced recurring malware incidents by approximately 50% through security hardening and policy enforcement.
- Maintained structured incident and operational documentation.
Endpoint event ingestion, enrichment, and SIEM validation.
Artifacts:
- PDF: Endpoint Detection – Elastic SIEM + Sysmon
- Screenshot: Kibana – Sysmon Process Events
Network sensor deployment, log ingestion, and detection validation.
Artifacts:
- PDF: Zeek Log Ingestion & Validation
- Screenshot: Zeek DNS & Connection Events
Authentication anomaly monitoring and escalation workflows.
Artifacts:
- PDF: Failed Login Assessment
- Screenshot: Splunk Authentication Dashboard
Nmap automation wrapper with structured output for security reporting.
Processed 30,000+ threat indicators from open-source feeds and malware sandboxes. Extracted actionable IOCs for detection use cases.
Simulated web server intrusion investigation including:
- IIS log analysis
- Base64 decoding
- SSH exfiltration review
- Persistence analysis (Autoruns, scheduled tasks)
- Autopsy and FTK artifact review
Artifacts:
Frontend: HTML5, CSS3
Layout: CSS Grid, Flexbox, Responsive Design
Hosting: GitHub Pages
Tooling: GitHub, SEO meta tags
- Python Basics for Data Science (IBM)
Location: Matthews, NC
Email: sadvandniknaz0@gmail.com
GitHub: github.com/Nikki-65
Portfolio: nscybersecurity.com