Raylee Hawkins
SOC Analyst (T1/T2) candidate focused on detection engineering and security automation

Location: North Alabama (Huntsville-adjacent)
Email: raylee@hawkinsops.com
GitHub: https://github.com/raylee-hawkins
Portfolio: https://hawkinsops.com
LinkedIn: https://linkedin.com/in/raylee-hawkins

SUMMARY
- Built an automated first-pass SOC triage workflow for Wazuh alerts: classify, redact, package evidence, and escalate suspicious cases.
- Targeting SOC T1/T2 roles with strengths in triage consistency, detection quality, and evidence-based documentation.

SKILLS
- Detection: Sigma, Wazuh rule authoring, Splunk SPL
- Tooling: PowerShell, Python, Git, GitHub Actions
- Frameworks: MITRE ATT&CK, SOC triage workflow, incident response fundamentals
- Lab/Validation: Proxmox, Windows/Linux telemetry generation, reproducible test runs

EXPERIENCE / PROJECTS
- HawkinsOperations (Primary Portfolio Repo)
  - Built and maintain a detection and response library with verified detection content
    spanning Sigma (YAML), Wazuh (XML rule blocks), Splunk (SPL), and IR playbooks.
    Current verified counts and walkthrough: https://hawkinsops.com/start-here (proof links included).
  - Implemented proof-first validation workflow so reviewers can reproduce claims
    directly from repository artifacts.
  - Diagnosed and restored an AutoSOC ingestion outage by separating infrastructure
    reachability from application logic, then fixing reconciliation-path validation
    to return the pipeline to successful end-to-end operation.
  - Start here: https://hawkinsops.com/start-here
  - Proof artifacts: https://hawkinsops.com/proof

- SOC Triage Simulator
  - Built an interactive triage workflow artifact to practice investigation steps,
    evidence review, and analyst decision flow.
  - Added repeatable drill structure and checklists to demonstrate process discipline.

- Home Lab Validation Environment
  - Built a Proxmox-based validation lab with Wazuh and Splunk components to test
    detection behavior before publishing artifacts.
  - Use lab runs to validate telemetry assumptions and improve signal quality.

30-SECOND INTERVIEW TALK TRACK
- I built a Wazuh-based SOC lab, then automated repeatable first-pass triage steps for a defined alert stream.
- The workflow classifies alerts, redacts sensitive values, generates evidence packs, and preserves analyst escalation paths.
- I am not replacing analysts; I can do triage work and build tooling that makes investigations more consistent.

ADDITIONAL
- Eligible to obtain clearance; willing to pursue sponsorship.

DOWNLOAD LINKS
- PDF: https://hawkinsops.com/assets/Raylee_Hawkins_Resume.pdf
- ATS plain text: https://hawkinsops.com/resume.txt