Open to opportunities

Santiago Andres Arias Reyes

@santiagoandresariasr

Cybersecurity Analyst (SOC) with 2 years' experience in SIEM correlation, MITRE ATT&CK detection, and incident response.

Colombia

Message

What I'm looking for

I’m looking for a SOC/Cybersecurity role where I can own escalated incident response, improve SIEM detections with Splunk/Elastic, and automate workflows (Python, SOAR). I want a team that values continuous improvement and measurable security outcomes.

I’m an Electronic Engineer turned SOC cybersecurity professional with 2 years of experience handling escalated incidents (L1/L2), performing root cause analysis, and assessing impact. I strengthen enterprise defenses through advanced event correlation in SIEM platforms like Splunk and Elastic, including detection rule tuning, false positive reduction, and MITRE ATT&CK–based use case development.

I also manage EDR/XDR tools such as CrowdStrike, SentinelOne, Trend Micro, and Cortex, while conducting deep log analysis across Windows, Linux, and cloud environments (Azure, AWS). I automate repetitive workflows with Python scripting and Splunk macros to support SOAR integrations, and I communicate findings through technical incident reports while mentoring Level 1 analysts. Alongside cybersecurity work, I’m pursuing a specialization in Databases to expand my SQL skills and integrate analytical, programming, and administrative capabilities into how I handle security data.

Experience

Work history, roles, and key accomplishments

Current

CyberSecurity Analyst L2

Current

A3SEC S.A.S

May 2025 - Present (1 year)

Investigated and resolved security incidents escalated from Level 1, performing root cause analysis and impact assessments. Advanced event correlation across SIEM (Splunk, Elastic), built MITRE ATT&CK-based use cases, and tuned SPL queries/detection rules to reduce false positives.

SIEM SPL Query Tuning Incident Response

CyberSecurity Analyst L1

A3SEC

Mar 2024 - May 2025 (1 year 2 months)

Monitored SOC security events using SIEM tools, ensuring proper alert classification and prioritization. Validated log ingestion integrity, identified potential IoCs, documented activity in logs/ticketing, and escalated incidents to Level 2 with supporting technical reports.

SOC IOC Analysis Log Ingestion Validation Escalations Technical Reporting Case Documentation

Centralized Database Programmer

Kampilac

Jul 2023 - Dec 2023 (5 months)

Developed an Excel VBA macro solution to manage the supplier database and complete required tax declaration forms for Colombia’s Ministry of Agriculture. Updated the program to adapt to changes in mandated form formats while maintaining regulatory compliance.

VBA Excel Macros Database Management Regulatory Compliance Formatting

Centralized Database Programmer

Fresquecito

Jul 2023 - Nov 2023 (4 months)

Built an Excel VBA macro program to manage the supplier database and complete tax declaration forms in accordance with Colombia’s Ministry of Agriculture requirements. Implemented updates to reflect changes in the required form formats.

VBA Excel Macros Database Management Regulatory Compliance Formatting

Education

Degrees, certifications, and relevant coursework

Universidad Pedagógica y Tecnológica de Colombia (UPTC)

Specialization in Databases, Databases

2025 -

Currently pursuing a specialization in Databases at UPTC to strengthen analytical, programming, and administrative skills while applying cybersecurity practices to data handling. Includes work with SQL and SPL to support SIEM event correlation.

Universidad Pedagógica y Tecnológica de Colombia (UPTC)

Licensed Electronic Engineer, Electronic Engineering

2019 - 2025

Pursued Electronic Engineering at UPTC in Tunja, Boyacá, concluding in August 2025. Received a Licensed Electronic Engineer credential starting February 2025.

AttackIQ Academy

Practical training (MITRE ATT&CK v13), MITRE ATT&CK

Completed practical training using the MITRE ATT&CK framework to improve threat detection and incident response. Covered attack technique analysis and threat-detection use cases.

Splunk Education

Splunk training (SPL, Fields, Dashboards, Alerts), Splunk (SPL/SPL2) SIEM analytics

Studied Splunk fundamentals including SPL searches, log analysis, event monitoring, and creating visualizations. Covered field extraction, SPL/SPL2 querying, statistical comparisons, and scheduling reports and alerts for continuous monitoring.

Cybrary

OSINT Fundamentals, Open Source Intelligence (OSINT)

Completed Open Source Intelligence (OSINT) fundamentals focused on collecting and analyzing publicly available information for cybersecurity investigations and threat intelligence.