Resume Corner
Menu

Cybersecurity Analyst Resume Example

A strong cybersecurity analyst resume names the SIEM and detection tools you operate, such as Splunk, Microsoft Sentinel, or CrowdStrike, and the frameworks you align to, like NIST or MITRE ATT&CK. It quantifies defense: alerts triaged, mean time to detect, incidents contained, and vulnerabilities remediated. List a relevant credential such as Security+ near the top.

Free cybersecurity analyst resume — .docx + PDF

  • No sign-up
  • No payment
  • No watermark
  • Download .docx

    cybersecurity-analyst.docx, 10 KB, opens in Word / Google Docs / LibreOffice.

  • Download PDF

    cybersecurity-analyst.pdf, 5 KB, ATS-safe with live selectable text, US Letter.

Open this example in the builder edit it in your browser — nothing leaves your device.

Cybersecurity Analyst resume example

The preview below is the same content as the downloadable files — real, selectable text in the professional template.

Cybersecurity Analyst

(555) 010-0000 · you@example.com · City, ST · linkedin.com/in/your-name

Professional Summary

Cybersecurity analyst with five years in security operations, skilled in Splunk and Microsoft Sentinel, focused on threat detection, incident response, and vulnerability management aligned to the NIST and MITRE ATT&CK frameworks.

Experience

Cybersecurity Analyst, Tier 2 SOCSentinel Security Operations

2021 – Present

City, ST

  • Triaged roughly 450 SIEM alerts per week in Splunk, cutting false positives 46% by tuning correlation rules.
  • Reduced mean time to detect from 38 minutes to 11 by building 25 ATT&CK-mapped detection use cases.
  • Led containment on 60-plus security incidents with zero confirmed data exfiltration over two years.
  • Ran a phishing-simulation program that lowered employee click-through from 18% to 4% across 1,400 staff.
  • Remediated 320 high-severity vulnerabilities on a quarterly cycle, keeping the critical backlog at zero.
  • Authored 15 incident-response runbooks that cut average response handoff time roughly in half.
  • Investigated and closed a credential-stuffing campaign, blocking 12,000 malicious login attempts.

Security Operations AnalystCascade Information Security

2019 – 2021

City, ST

  • Monitored a Microsoft Sentinel SIEM covering 3,000 endpoints across a hybrid cloud environment.
  • Cut endpoint malware detections 33% by deploying and tuning CrowdStrike EDR policies.
  • Ran weekly vulnerability scans with Nessus and prioritized fixes using CVSS scoring.
  • Investigated 200-plus tier-1 alerts monthly, escalating only true positives to incident response.
  • Built dashboards that gave leadership a live view of open findings and patch compliance at 94%.
  • Documented access reviews that supported a clean SOC 2 audit with no security findings.

Education

Bachelor of Science in CybersecurityState University

2015 – 2019

Certifications & Licenses

CompTIA Security+ · GIAC Certified Incident Handler (GCIH)

Skills

SIEM (Splunk) · Microsoft Sentinel · Incident response · MITRE ATT&CK · Vulnerability management · EDR (CrowdStrike) · Threat hunting · NIST framework · Phishing defense · Log analysis · Security documentation · Network security basics

What to put on a cybersecurity analyst resume

Core skills

SkillWhy it belongs on the resume
SIEM (Splunk)Build correlation rules and hunt across logs to detect threats.
Microsoft SentinelRun cloud-native SIEM detection and automated response playbooks.
Incident responseLead containment, eradication, and recovery on live security incidents.
MITRE ATT&CKMap detections and adversary behavior to a shared threat framework.
Vulnerability managementScan, prioritize by CVSS, and drive remediation to closure.
EDR (CrowdStrike)Tune endpoint detection policies and investigate host alerts.
Threat huntingProactively search telemetry for indicators that evade alerts.
NIST frameworkAlign controls and reporting to recognized security standards.
Phishing defenseRun simulations and analyze reported messages to reduce risk.
Log analysisCorrelate firewall, endpoint, and identity logs during investigations.
Security documentationWrite runbooks and incident reports that speed future response.
Network security basicsRead firewall, IDS, and DNS data to scope an intrusion.
What recruiters and ATS filters expect on a cybersecurity analyst resume.

Licenses & certifications

List these near the top, exactly as a posting names them: CompTIA Security+, GIAC Certified Incident Handler (GCIH). Never invent a credential or an expiration you cannot back up.

ATS keywords

ATS keywordATS keyword
cybersecurity analystSOC
SIEMSplunk
Microsoft Sentinelincident response
MITRE ATT&CKvulnerability management
EDRCrowdStrike
threat huntingNIST
Security+phishing
log analysis
Terms an applicant-tracking system scans for — work them in naturally where they are true of your experience.

Three bullets that work — and why

  1. Triaged roughly 450 SIEM alerts per week in Splunk, cutting false positives 46% by tuning correlation rules.

    Why it works: Names a real SIEM, shows alert volume, and proves tuning skill with a false-positive reduction.

  2. Reduced mean time to detect from 38 minutes to 11 by building 25 ATT&CK-mapped detection use cases.

    Why it works: Uses an industry detection metric and ties it to a recognized adversary framework.

  3. Ran a phishing-simulation program that lowered employee click-through from 18% to 4% across 1,400 staff.

    Why it works: Demonstrates measurable risk reduction across a defined population, not just a tool listing.

Tailoring it in three steps

  1. Match the SIEM and EDR named

    If the role runs Splunk, Sentinel, or CrowdStrike, surface that exact tool in your summary and first skills line.

  2. Map to their framework

    Reference NIST, MITRE ATT&CK, or ISO 27001 if the posting cites it, showing you speak their compliance and detection language.

  3. Lead with defense metrics

    Open with alerts triaged, mean time to detect, or incidents contained so a SOC lead sees your operational impact immediately.

FAQ

What certifications belong on a cybersecurity analyst resume?

Security+ is a common baseline; GCIH, GSEC, or CySA+ strengthen SOC roles. List only credentials you actually hold, near the top, since security postings frequently filter on these keywords.

How do I quantify security work without disclosing sensitive details?

Use relative metrics, alerts triaged, false-positive reduction, mean time to detect, incidents contained, and vulnerabilities closed. Never reveal real incident specifics or client names; honest aggregate numbers tell the story safely.

Should a cybersecurity analyst resume mention MITRE ATT&CK and NIST?

Yes, when you genuinely work within them. Naming the frameworks you map detections or controls to signals maturity and matches the language SOC and GRC postings use to screen candidates.

Is this cybersecurity analyst resume template free with no watermark?

Yes. The DOCX and PDF download with no sign-up, no payment, and no watermark, in a single-column ATS-safe format that keeps your SIEM and framework keywords machine-readable.

Related Tech & IT resume examples

Browse all resume examples by sector or build your own in the free builder.