Bhadresh Ghevariya
SOC Analyst
SOC-focused security analyst — CompTIA Security+ certified, with hands-on detection from a self-built Wazuh SIEM lab. I turn raw logs into triaged, actionable alerts.
From building systems to defending them
I'm a SOC-focused security analyst with CompTIA Security+ and a completed Information Security Analyst program (Correlation One, sponsored by Amazon Career Choice). My hands-on detection experience comes from a self-built Wazuh SIEM lab where I collect logs, tune rules, and triage alerts end to end.
My full-stack development background gives me a builder's understanding of how systems are architected — and therefore how they're attacked. I map adversary behavior to the MITRE ATT&CK framework and focus on turning noisy telemetry into clear, actionable escalations. I'm seeking a SOC Analyst role to contribute from day one.
- CompTIA Security+ (SY0-701) certified
- Built and operate a single-node Wazuh SIEM home lab on Ubuntu Server
- Detection & triage: log analysis, alert correlation, brute-force detection, Wireshark
- Maps adversary activity to MITRE ATT&CK (e.g. T1110, Credential Access)
Tools & methodology
The blue-team stack I work with — detection, analysis, and the frameworks that tie findings together.
Security & SOC
Systems & Networking
Tools & Development
Certifications & training
Credentials that back the hands-on work — earned, not aspirational.
CompTIA Security+ (SY0-701)
CompTIA
Information Security Analyst Program
Correlation One · sponsored by Amazon Career Choice
A SOC-focused program covering threat detection, log analysis, incident response, SIEM operations, and MITRE ATT&CK — mapped to SOC Tier 1 responsibilities.
Hands-on practice
Where I actually do the work: a self-built Wazuh SIEM lab, from deployment to detection to triage.
Wazuh SIEM deployment
Deployed a single-node Wazuh stack (indexer, manager, dashboard) on a self-provisioned Ubuntu Server host, configured for headless remote administration.
Brute-force detection pipeline
Simulated SSH brute-force attacks and validated the full pipeline — log collection, rule matching, alert correlation, and triage — distinguishing single auth failures (level 5) from correlated attacks (level 10), mapped to MITRE ATT&CK T1110.
Secure remote access
Configured remote administration over a WireGuard-based mesh VPN (Tailscale), with no ports exposed to the public internet.
Where I've worked
FC Associate
Oct 2024 — PresentAmazon — Toronto, ON
High-throughput operations role where I practice the structured escalation discipline that underpins SOC work.
- Diagnosed and escalated technology malfunctions following structured escalation procedures, supporting rapid resolution for operations teams
- Maintained data accuracy across integrated warehouse management systems while processing thousands of items per shift under time pressure
- Trained and assisted 10+ peers on device troubleshooting procedures, improving team self-sufficiency
Security work
Practical projects that show detection thinking, automation, and analysis.
Home SOC Lab — Wazuh SIEM
A single-node Wazuh SIEM (indexer, manager, dashboard) on Ubuntu Server. Simulated SSH brute-force attacks and validated the full detection pipeline — collection, rule matching, correlation, and triage — mapping activity to MITRE ATT&CK T1110.
ProSystemz — Custom PC Builder Platform
Full-stack e-commerce platform with authentication, API security, and role-based access control across user and vendor roles. Integrated Stripe checkout and built a vendor dashboard managing 50+ product listings.
Notes from the lab
Investigations, detections, and CTF writeups — thinking made visible.
Background
Web Development Diploma
Conestoga College
Ontario, Canada
May 2022 — Aug 2023
B.Sc. Information Technology
Uka Tarsadia University
India
Jul 2018 — Jun 2021
Let's talk
Open to SOC and security analyst roles, and to freelance security work. The fastest way to reach me is email.