Security Engineer Resume Summary Examples

SOC Analyst (Tier 2, 3 yrs) pivoting to Detection Engineer; authored 47 production Sigma rules mapped to MITRE ATT&CK across credential-access and persistence tactics, and cut Tier-2 escalation MTTR from 38 to 11 minutes through a Splunk-to-Jira-to-Tines automation runbook. Comfortable with Splunk SPL, Python detection-as-code, and the operational discipline of writing test cases before promoting a detection to production. Security+ and GCIH; pursuing GCDA in 2026. Targeting Detection Engineer roles at companies past the "buy CrowdStrike, hope for the best" phase.

Three years in the Tier-2 SOC at a fintech taught me that detection works only if the rule author owns the false-positive triage too. Wrote 47 Sigma rules from incident retros, sat through every Tuesday-morning triage of my own alerts, and reduced our after-hours pager volume by 62% by killing two noisy detections that nobody wanted to admit were broken. Strongest in Splunk SPL, MITRE ATT&CK mapping, and the politics of getting a detection retired. Targeting Detection Engineer roles where the rule author is also the on-call.

SOC Analyst (Tier 2, 3 yrs) → Detection Engineer. Stack: Splunk SPL, Sigma, MITRE ATT&CK, Tines, Python. Recent: 47 production Sigma rules, MTTR 38→11 min, after-hours pager volume −62%. Security+, GCIH, GCDA-in-progress. Targeting Detection Engineer at SaaS companies with a detection-as-code culture.

Cloud Security Engineer (4 yrs, transitioned from Linux/AD sysadmin) who deployed Wiz CSPM across 3 AWS organizations (612 accounts) and reduced the misconfigured-S3 count from 1,847 to 23 in 6 weeks. Owns IAM-permissions-boundary policy and the bi-weekly CIEM review for production accounts (2,400+ IAM principals). Daily-driver stack: Wiz, Terraform, AWS Config, Okta, Permission Boundaries. CCSP and AWS Security Specialty; CISSP-eligible (5 YOE total). Targeting senior Cloud Security Engineer roles at fintech or healthcare organizations.

Network Security Engineer (5 yrs, NetOps background) at a 4,200-employee SaaS. Led the ZTNA rollout (Cloudflare Access + Okta + CrowdStrike Falcon Identity) that deprecated legacy VPN across 18 enterprise apps in 11 months with no production incident escalations. Strongest in network segmentation, conditional access policy design, and the change-management work of getting 18 app owners to agree on a single identity provider. CISSP and CCNP Security; comfortable in Terraform for network policy. Targeting senior Network Security or Zero Trust Architect roles.

Six years running Linux fleets and Active Directory taught me that "security" is mostly the boring discipline of writing baseline configs and getting people to use them — not buying the next tool. At a 600-engineer Series-D, I wrote the Terraform modules that became the AWS account-baseline standard, deployed Wiz CSPM across 3 AWS orgs, and turned an 1,847-finding misconfigured-S3 backlog into 23 remaining inside two sprints. CCSP, CISSP-eligible, AWS Security Specialty. Targeting senior Cloud Security Engineer roles at companies that respect IaC over dashboards.

Cloud Security Engineer (4 yrs, Linux/AD sysadmin background). Stack: Wiz CSPM, Terraform, AWS IAM, Okta, Permission Boundaries. Most recent: 612 AWS accounts, misconfigured-S3 1,847→23 (6 weeks), 2,400+ IAM principals reviewed bi-weekly. CCSP, AWS Security Specialty, CISSP-eligible. Targeting senior Cloud Security Engineer at fintech or healthcare.

Application Security Engineer (5 yrs, transitioned from backend SWE) at a 30-engineer fintech. Implemented SLSA Level 3 build provenance across 47 microservices, which detected three dependency-injection attempts in the first quarter post-rollout, and wrote 60+ Semgrep rules mapped to OWASP ASVS Level 2 that catch 78% of authentication-and-session-management bugs at PR review before they reach main. Strongest in Semgrep, Burp Suite, and the SDLC integration work of getting product engineers to fix high-severity findings without a security tax narrative. Targeting senior AppSec or Product Security roles.

Five years writing backend Go and Python convinced me that AppSec works only when the reviewer can also fix the bug. At a 30-engineer fintech, I shipped 60+ Semgrep rules tuned against our actual codebase (not the upstream registry), implemented SLSA Level 3 provenance for the 47 services I knew well, and ran the bug-bounty triage queue on the side — 312 reports closed in 18 months at $84K total payout. Strongest in Semgrep, Burp, OWASP Top 10, OWASP LLM Top 10. Targeting senior AppSec roles at companies past the "buy a SAST tool, hope for the best" phase.

Application Security Engineer (5 yrs, backend SWE background). Stack: Semgrep, Burp, OWASP ASVS L2, SLSA L3, GitHub Advanced Security. Recent: 60+ Semgrep rules (78% PR-review catch rate), SLSA L3 across 47 services (3 supply-chain attacks detected). Bug-bounty: 312 closed / $84K paid (18 months). OSCP, CSSLP. Targeting senior AppSec at companies with a working shift-left culture.

Active TS/SCI Clearance with current CI Polygraph. Security Engineer (5 yrs) at a defense contractor in the IC vertical, supporting cloud workloads on AWS GovCloud and C2S. Implemented continuous-monitoring tooling against NIST SP 800-53 controls for a FedRAMP High enclave (140+ accounts), reduced ATO-package-prep time from 6 weeks to 11 days through Terraform-as-evidence patterns, and earned the on-prem-to-cloud security-architecture sign-off in record time across two contract cycles. CISSP and AWS Security Specialty; DoD 8570 IAT II aligned. Targeting senior cleared roles in cloud security or zero-trust architecture.