Darius Vernon Jr.

• Lead advanced threat detection and incident response operations across enterprise environments supporting 10,000+ users and endpoints, leveraging Splunk SIEM, Palo Alto XSOAR, Microsoft Defender, CrowdStrike, and Azure AD.

• Monitor and triage 250–400 security alerts daily within a high-volume 24/7 SOC environment, ensuring timely escalation and response to critical incidents.

• Investigate and manage 25–50 security incidents weekly, maintaining SLA adherence and ensuring accurate documentation, prioritization, and escalation.

• Reduced phishing-related security incidents by 30% through improved detection logic, alert tuning, and response workflow optimization across high-volume email security events.

• Perform in-depth analysis of escalated security events including phishing, endpoint, firewall, and identity-based alerts, identifying root cause, assessing impact, and driving containment and remediation strategies aligned with MITRE ATT&CK.

• Conduct proactive threat hunting across SIEM and endpoint telemetry in a large-scale enterprise environment, identifying anomalous behavior patterns and uncovering previously undetected threats while developing new detection use cases.

• • Reduced false positives and improved alert fidelity through continuous tuning of detection rules and correlation logic, increasing analyst efficiency and detection accuracy.

• Facilitate User Acceptance Testing (UAT) for XSOAR playbooks, automations, and custom use cases, validating logic accuracy and reducing production issues.

• Develop and maintain runbooks, job aids, and triage documentation, improving analyst consistency and reducing mean time to respond (MTTR).

• Collaborate with Threat Intelligence, Security Engineering, and Architecture teams to enhance detection capabilities and optimize incident response workflows.

• Conducted incident response and investigative analysis for high-priority events, applying structured risk assessment and threat evaluation methodologies to support resolution and decision-making.

• Performed detailed investigations and subject interviews, identifying inconsistencies and documenting findings for internal review and legal use.

• Executed real-time threat assessment and response during emergent situations, coordinating with multidisciplinary teams to mitigate risk and restore operational stability.

• Maintained accurate case documentation, evidence logs, and reporting, ensuring compliance and effective handoffs across teams.

• Operated within an enterprise SOC environment, monitoring physical security systems, access controls, and surveillance platforms supporting large-scale corporate operations.

• Conducted real-time alert triage, incident validation, and escalation, ensuring timely response to security events in a 24/7 environment.

• Investigated anomalous access activity and security incidents, applying incident response methodologies to assess risk and recommend appropriate actions.

• Maintained detailed incident reports, documentation, and shift handoffs, ensuring continuity of operations and adherence to enterprise security procedures.

• Provided tier-1 and tier-2 technical support in a high-volume enterprise environment, troubleshooting hardware, software, and network issues for students, faculty, and staff.

• Managed user access, account provisioning, and permission controls in alignment with IT security policies and access management standards.

• Diagnosed endpoint and system issues, escalating complex problems while maintaining accurate documentation and ticket tracking.

• Maintained service tickets and knowledge documentation, improving resolution efficiency and cross-team collaboration.