Raylee Hawkins | Resume (SOC, Detection Engineering, Security Automation)

30-Second Talk Track

I build and operate automated SOC pipelines that classify, triage, and validate alerts at scale. SignalFoundry — my AutoSOC engine — processes Wazuh alerts through a deterministic triage loop: ~88% auto-close rate, enforced redaction, reconciliation gates before anything publishes, and 8,574 escalation packs staged as auditable artifacts. Before security I ran production floors — 30+ operators, 12-hour shifts, IATF audit compliance. The domain changed. The control logic didn't. I'm not replacing analysts. I can do triage work and build tooling that makes investigations more consistent.

I am comfortable operating as a Tier 1 SOC analyst while continuing to build automation that reduces analyst workload and improves triage consistency.

Security Operations Lab

Detection Engineer · Security Automation

HawkinsOperations — Independent SOC Lab (Live Pipeline)

Built and operate SignalFoundry (AutoSOC engine) — 35-script Python automation system processing 324,074+ alerts with an ~88% auto-resolution rate (benign + known false positives handled without analyst intervention).
Deterministic triage with enforced redaction and reconciliation gates — outputs auditable evidence packs and staged artifacts. 8/8 host coverage · 0 mismatches · Heartbeat SUCCESS.
Authored 103 Sigma rules across 10 MITRE ATT&CK tactics, translated into Wazuh XML where applicable; 79 Splunk detection searches across 9 SPL files, 10 IR playbooks in structured 7-step format with reproducible evidence capture.
Diagnosed and recovered full SignalFoundry ingestion outage (March 13, 2026) — separated infrastructure reachability from application logic, isolated reconciliation-path fault, restored end-to-end SUCCESS in one session.
Independent Splunk threat hunt: built regex field extraction from scratch, correctly classified 375 Codex AI tool instances spawning pwsh.exe as tool behavior, not malicious activity.
All proof metrics generated by scripts, not hand-edited. Reviewers can reproduce every claim directly from repo state. Verification commands documented.

Summary

Transitioning from industrial operations leadership into security operations — not breaking into cyber, but applying the same process discipline, escalation rigor, and quality-gate thinking that drove outcomes on the factory floor.
Built and operate SignalFoundry: a 7-stage triage pipeline (Wazuh → escalation artifacts) with verified public metrics, CI-gated proof, and reproducible evidence. Verified →
3 years Tier-1 automotive & food manufacturing: team lead promotions, 30+ operator supervision, 24/7 shift operations, IATF 16949 / SQF / ISO 9001 compliance.

Security Skills

Detection: Sigma (103 rules), Wazuh rule authoring, Splunk SPL (home lab)
SIEM: Wazuh administration, Sysmon endpoint telemetry, alert classification
Scripting: PowerShell, Python, Bash, GitHub Actions CI/CD
Frameworks: MITRE ATT&CK (9 tactic families), NIST CSF, SOC triage workflows
Infrastructure: Proxmox (multi-VM), pfSense, Tailscale, ZFS, Windows/Linux
Evidence: Proof-pack assembly, redaction, reconciliation, CI-gated verification

Operations Skills

Leadership: 30+ operator supervision, shift scheduling, performance tracking
Quality: IATF 16949, ISO 9001, SQF Ed. 9, TISAX, HACCP compliance
Incident Mgmt: Root-cause isolation, corrective action, 4M board tracking
Documentation: SOP authoring, pass-down communication, audit-ready records
Equipment: Schuler 16,000 kN press, TRUMPF TruLaser, SAP, Limbe

Work History

Detection Engineer / SOC Operations — HawkinsOps (Sep 2025 – Present)

Built and operate SignalFoundry: 7-stage pipeline from Wazuh alert ingest through policy-driven triage, mandatory redaction, evidence pack assembly, reconciliation, and gated publish.
Authored 103 Sigma detection rules, 28 Wazuh rule blocks, 79 Splunk detection searches across 9 SPL files (home lab), and 10 IR playbooks — 210 detection rules + 10 IR playbooks mapped to MITRE ATT&CK.
Diagnosed and restored a pipeline ingestion outage by isolating infrastructure reachability from application logic, returning reconciliation to SUCCESS with 0 mismatches.
Reduced Splunk EventID 4688 forwarder noise from 70% to 0%; correctly classified 375 process instances as expected tool behavior during independent threat hunt.
All metrics CI-gated, publicly verifiable, and tied to reproducible repo artifacts. Proof →

AI Model Evaluator — Outlier / DataAnnotation (Dec 2025 – Present)

Technical quality review of LLM outputs: detection engineering correctness, scripting accuracy (PowerShell, Python), cybersecurity reasoning validation.
Multi-model comparison evaluation (Claude, ChatGPT, Gemini). Cross-checking and defect identification discipline.

Team Lead Supervisor — Unipres Alabama, Inc. (Mar – Dec 2025)

Tier-1 Nissan supplier · Steele, AL · Hot stamp & laser (safety-critical B-pillars, roof rails)

Supervised 30+ operators across 24/7 rotating mandatory 12-hour shifts on Schuler PCH-Line (16,000 kN) and TRUMPF TruLaser Cell 8030.
Managed shift-level incident triage, root-cause isolation, corrective-action documentation, and structured handoff communication.
Maintained production reporting, 4M board tracking, and quality-document handling under IATF 16949 and ISO 9001.
Built HawkinsOps/SignalFoundry during mandatory 12-hour shifts at this role.
Left voluntarily to pursue cybersecurity full-time.

Team Lead — Fehrer Automotive North America (Jan 2024 – Feb 2025)

Tier-1 Mercedes / BMW / VW / Tesla · Gadsden, AL · Foam production

Promoted from second-shift operator to third-shift Team Lead in under 5 months — approached by management, not applied for.
Led A, B, and I production lines (~20+ operators, ~5,400+ combined parts per shift).
Managed operator assignment by skill level, workload balancing, attendance-gap staffing, rework, downtime, and shift performance tracking.
Operated under IATF 16949, TISAX, and ISO 14001 in SAP/Limbe JIT production environment.

Quality Control — Carrington Foods (Previous)

Tier-1 U.S. Armed Forces supplier · Saraland, AL · SQF Ed. 9 "Excellent" / Platinum Award

HACCP compliance monitoring across critical control points in 65°F cold-chain environment.
Thermal verification, audit readiness, SOP documentation.
Considered for promotion to head quality role based on performance. Left due to relocation.

Transferable Skills — Manufacturing → Security

Incident triage under pressure

Production floor fault isolation → SOC alert classification and escalation

Shift-handoff discipline

24/7 pass-down communication → SOC ticket continuity and coverage control

Quality-gate enforcement

IATF/ISO/SQF compliance → CI-gated verification, proof-control artifacts

Root-cause isolation

Production troubleshooting → Infrastructure vs. application fault diagnosis

Documentation rigor

SOP authoring, audit-ready records → Evidence-pack assembly, case studies

Team leadership under stress

30+ operators, mandatory 12-hr shifts → Calm execution under incident pressure

Summary

Security Skills

Operations Skills

Work History

Detection Engineer / SOC Operations — HawkinsOps (Sep 2025 – Present)

AI Model Evaluator — Outlier / DataAnnotation (Dec 2025 – Present)

Team Lead Supervisor — Unipres Alabama, Inc. (Mar – Dec 2025)

Team Lead — Fehrer Automotive North America (Jan 2024 – Feb 2025)

Quality Control — Carrington Foods (Previous)

Transferable Skills — Manufacturing → Security

What My Reference Says

Certifications & Training

Education

Community

Additional