Open to opportunities

Jacob User

@jacobuser1

Message

I am a security practitioner specializing in SOC operations, incident response, and vulnerability management.

United States

Message

What I'm looking for

I seek hybrid/remote SOC or security operations roles where I can lead incident response, threat hunting, and vulnerability remediation, partner with engineering teams, improve detection and controls, and support compliance-driven environments.

I am a security practitioner with 9+ years of experience across SOC operations, healthcare security, and enterprise IT, focused on triage, investigation, and remediation. I own incidents end-to-end and partner with infrastructure and application teams to tighten controls against frameworks like NIST CSF, ISO 27001, and HIPAA.

At Merkle and in healthcare roles I leveraged SIEMs (Splunk/QRadar), EDRs (Defender/CrowdStrike), IDS/IPS (Snort/Suricata), Tenable/Nessus, Azure AD/Entra, Microsoft 365, and PowerShell to detect, contain, and remediate threats. I built and iterated incident response playbooks, tuned SIEM correlation rules, enriched events with asset and identity context, and ran proactive hunts to reduce alert noise and improve time-to-detect and time-to-contain. I also validated vulnerabilities, prioritized remediation with asset criticality, and coordinated patching to shrink exposure windows without disrupting critical services.

I translate technical findings into clear incident reports, deliver role-based security awareness, and produce audit-ready artifacts that improve compliance posture and speed leadership decision-making.

Experience

Work history, roles, and key accomplishments

Current

SOC Analyst

Current

Merkle

Apr 2024 - Present (1 year 4 months)

Monitored high-volume SIEM and IDS telemetry, triaged alerts against MITRE ATT&CK, and led full incident response and threat hunts to reduce alert fatigue and improve containment.

Splunk QRadar Crowdstrike Snort Suricata PowerShell

Security Analyst

Aultman Health Foundation

Jul 2022 - Mar 2024 (1 year 8 months)

Supported HIPAA-regulated security operations, investigated endpoint and identity alerts, and enforced privileged access controls while coordinating vulnerability remediation to protect clinical workflows.

Conditional Access MFA HIPAA

IT Administrator

International Association for IT Asset Management

Sep 2018 - Jul 2022 (3 years 10 months)

Administered AD, M365, and endpoint management, established IT asset and license tracking to improve inventory accuracy, and implemented patch and backup processes to strengthen resiliency and audit readiness.

Active Directory Patch Management IT Asset Management Backup PowerShell

Tier 3 Technical Support

Spectrum

Jan 2018 - Aug 2018 (7 months)

Resolved escalated outages and complex connectivity issues using packet captures and device logs, coordinated fixes with network operations, and mentored Tier 1/2 teams to raise first-call resolution.

Packet Captures Root Cause Analysis Device Logs

Mobility Service Manager

AT&T (VXI)

Jul 2017 - Dec 2017 (5 months)

Managed enterprise mobility incidents and device enrollments, enforced device compliance and SLAs, and implemented self-service capabilities to reduce repeat contacts and accelerate resolutions.

Mobile Device Management SLA Management Troubleshooting Escalation Management

Technical Support

Comcast (VXI)

Jan 2016 - Jul 2017 (1 year 6 months)

Provided remote troubleshooting for internet and voice services, documented recurring defects and recommended fixes, and simplified technical steps for non-technical users to improve CSAT and reduce callbacks.

Internet & Voice Services Customer Support Root Cause Analysis CSAT