Oluwatobi Awolude

Oluwatobi Awolude

Cybersecurity Engineer · SOC Analyst · Cloud & Infrastructure

Newcastle, United Kingdom

oluwatobi.awolude@outlook.com +44 7727 111 482 github.com/tawolude
Get in touch Download CV
About

Profile

Cybersecurity Engineer and Cloud & Infrastructure professional with 5+ years running enterprise security, cloud, and network operations across Microsoft Sentinel, Defender XDR, Azure, and Entra ID. Operates a global Tier 2 / Tier 3 SOC single-handed with zero supervision, closing 20+ tickets a day at a 30-minute MTTR while handling daily phishing cases for a worldwide user base. Authors KQL detections, drives Tenable-led vulnerability remediation in line with ISO 27001 and GDPR, and brings a strong cloud engineering foundation with hands-on Terraform, Azure DevOps, Docker, and CI/CD. Operates a production-style blue-team home lab on Proxmox covering SIEM, DFIR, detection-as-code, and purple-team operations — write-ups in the Projects section below. Looking for a Cybersecurity, IT Security, or Cloud & Infrastructure role where proactive detection and automation have direct business impact.

5+Years in security & cloud ops
20+SOC tickets closed daily
30minMean time to respond
5,000+End users supported at BT/EE
Highlights

Key achievements

Independent Tier 2 / Tier 3 SOC

Closes 20+ tickets per day at a 30-minute MTTR across Sentinel, Defender XDR, Zscaler, and BeyondTrust — owning every alert from triage to post-incident review.

Global phishing response

Handles daily phishing cases for a globally distributed user base, containing credential and payload-based attacks within the same shift they are reported.

Custom KQL detections

Engineered custom KQL detections and hunt queries in Sentinel that surfaced threats default rules missed — lifting overall detection fidelity.

Audit-ready estate

Keeps the estate audit-ready against ISO 27001 and GDPR by driving Tenable Nessus scans, remediation tracking, and fix validation with asset owners.

Supported 5,000+ users

Supported 5,000+ BT and EE users across UK sites while meeting SLAs on VPN, Windows 10/11, Intune, and Active Directory.

Security-as-code

Bridges security and cloud engineering — trained in Terraform, Docker, Jenkins, and Azure DevOps Pipelines (AppMigro 2024–2025) and applies security-as-code to detection content.

Career

Professional experience

  1. IT Analyst, Security (SOC Analyst)

    Jan 2025 – Present

    Mott MacDonald · Newcastle, UK (Hybrid)

    • Close 20+ tickets per day at a 30-minute MTTR as an independent Tier 2 / Tier 3 analyst across Sentinel, Defender XDR, and Zscaler — owning every alert from triage to review.
    • Respond to daily phishing cases for the global user base: analyse headers and payloads, extract IoCs, purge mailboxes, and harden detections to stop repeat campaigns.
    • Engineer custom KQL detections and hunt packs that surface threats default rules miss — raising detection quality across identity, endpoint, and network telemetry.
    • Drive vulnerability management in Tenable Nessus: scope scans, track remediation with asset owners, and validate fixes to keep the risk register clean.
    • Tighten identity and privileged access through Entra ID Conditional Access and BeyondTrust session monitoring, reducing standing privilege exposure.
    • Produce control evidence for ISO 27001 and GDPR, mapping SOC activity to audit requirements.
    • Treat detection content as code: version-controlled in Git and deployed through Azure DevOps Pipelines for repeatable rollouts.

  2. IT Analyst, Application and Cloud Support

    Apr 2023 – Mar 2025

    Mott MacDonald · Newcastle, UK (Hybrid)

    • Delivered L3 support across Microsoft 365, Azure, ServiceNow, AutoDesk, and Bentley for a global engineering user base — protecting uptime on critical platforms.
    • Hardened Intune, Autopilot, and Entra ID configurations, rolling out Conditional Access, device compliance, and zero-touch provisioning.
    • Troubleshot Azure App Services, virtualisation, and identity issues alongside platform teams to unblock upgrades and integrations.
    • Wrote knowledge-base articles, runbooks, and process flows that cut repeat tickets and lifted first-time fix rates.
    • Partnered with security on escalations and early Defender adoption — which led to my internal move into the SOC role.

  3. IT Support Engineer, 2nd & 3rd Line

    Oct 2021 – Mar 2023

    BT / EE via Hays Talent Solutions · Gosforth, North Tyneside & Remote

    • Supported 5,000+ BT and EE users across UK call centres and remote sites — hitting SLAs on Windows 10/11, Microsoft 365, VPN, and Active Directory incidents.
    • Provisioned users and devices through AD and Intune, enforced Group Policy and Conditional Access baselines, and executed Windows patching through SCCM.
    • Acted as backfill engineer across UK sites for upgrades, new-site rollouts, and decommissioning projects.
    • Worked with the cybersecurity team on phishing triage, access reviews, and incident escalations — sharpening the security mindset I use in the SOC today.

  4. IT Analyst, Remote Infrastructure & Cloud

    May 2019 – Sep 2021

    Naynav Engineering Services · Newcastle, UK (Remote)

    • Delivered infrastructure and cloud support for a remote workforce, covering Intune policies, Conditional Access, and Microsoft 365.
    • Performed compliance checks and helped implement cloud security policies across Entra ID and Azure workloads.
    • Documented SOPs and onboarding guides that reduced repeat queries and scaled operational knowledge.

  5. NOC Engineer & Network Surveillance Specialist

    Sep 2017 – Apr 2019

    Biswal Telecoms · Lagos, Nigeria

    • Monitored telecom networks 24×7, triaged critical alarms across regions, and coordinated field engineers to hit MTTR and SLA targets.
    • Produced incident reports and shift handovers that kept the NOC synchronised and customer-facing services stable.
    • Built the TCP/IP, routing, and fault-management fundamentals that still underpin how I investigate today.
Lab work

Home lab projects

A production-style blue-team home lab on Proxmox, building toward an end-to-end SOC stack — SIEM, DFIR, detection-as-code, deception, and purple-team operations. Each project ships with a public write-up, repo, and key learnings. Updated as work lands.

Project 0

Lab Foundation

Done

Proxmox VE host with pfSense gateway and DNS forwarder, Active Directory forest (lab.local) on Windows Server 2022, six OUs and eleven seeded users including SPN-tagged service accounts for later Kerberoast practice, and three domain-joined Windows 11 endpoints. Snapshots taken at every meaningful checkpoint for clean rollback.

Shipped 27 Apr 2026
Proxmox VE pfSense Active Directory Windows 11
Code on GitHub
Project 1

Wazuh SIEM

Done

Wazuh 4.x all-in-one (manager + indexer + dashboard) ingesting three telemetry sources — Sysmon with Olaf Hartong's modular config from DC01 and Win11-User01, File Integrity Monitoring on persistence paths and autorun registry keys, and pfSense syslog (firewall, DHCP, system events). Vulnerability detection module running against NVD + MSRC feeds; documented a real-world feed-coverage gap on Win11 24H2 builds.

Shipped 30 Apr 2026
Wazuh Sysmon FIM Vuln Detection
Project 2

Detection-as-Code

In progress

Atomic Red Team techniques fired against the lab to drive detection engineering: author Sigma rules, convert to Wazuh, version in Git, and measure coverage against MITRE ATT&CK.

Started 30 Apr 2026
Current focus: Sysmon telemetry now flowing from DC01 + Win11-User01 into Wazuh. Next up: install Atomic Red Team and Invoke-AtomicTest, fire ATT&CK techniques against the lab, author Sigma rules to detect each, convert to Wazuh, version-control them in Git.
MITRE ATT&CK Atomic Red Team Sigma Detection Engineering
Project 3

Velociraptor DFIR

Planned

Endpoint hunt and triage at scale — VQL hunts for persistence, lateral movement, and credential access; artefact collection and timeline reconstruction across the AD estate.

Velociraptor VQL Hunt & Triage DFIR
Project 4

MISP Threat Intel

Planned

Self-hosted MISP with curated feeds, IOC enrichment pipeline, and bidirectional integration into the SIEM — surfacing community intel inside Wazuh detections and pushing local findings back out.

MISP Threat Intelligence IOCs STIX / TAXII
Project 4.5

Personal OSINT Monitor

Planned

FastAPI app that scans my own digital footprint — HIBP, Sherlock, search dorks, data-broker enumerators — pushes findings into MISP as private events and drafts UK GDPR Article 17 erasure requests via the Gmail API.

FastAPI OSINT Gmail API GDPR Art. 17
Project 5

TheHive + Cortex SOAR

Planned

Case management and analyser/responder framework wired to MISP and Wazuh. Phishing triage playbook that mirrors my day job — observable extraction, multi-source verdict, automated mailbox actions, IOC publishing.

TheHive Cortex SOAR Playbook Design
Project 6

Purple Team Emulation

Planned

Caldera adversary emulation against the lab AD; BloodHound to surface attack paths; close the loop by hardening the directory and validating that detections fire end-to-end.

Caldera BloodHound Purple Team AD Hardening
Project 7

T-Pot Honeypots

Planned

Multi-protocol honeypot stack on the DMZ VLAN. Attacker telemetry forwarded into Wazuh and enriched with MISP intel — turns scan-noise into local IOCs that improve real detections.

T-Pot Deception Honeypots DMZ
Project 8

Phishing & Malware Sandbox

Planned

Detonation chamber for emails and attachments — Cuckoo or any.run-style analysis with verdict feeding straight into TheHive cases and MISP intel records.

Sandbox Malware Analysis Phishing Triage YARA
Project 9

Cloud SOC on Azure

Planned

Free Azure tenant standing up Defender for Cloud, Sentinel, KQL detections, and Logic App responders — mirroring the production SOC tools I run at work, fully owned end-to-end.

Microsoft Sentinel Defender for Cloud KQL Logic Apps
Project 10

Capstone Incident Simulation

Planned

End-to-end breach scenario across the lab — initial access through to exfiltration, exercised against the SIEM, SOAR, and DFIR stack with an audit-ready incident report as the deliverable.

Incident Response End-to-End Reporting Tabletop
Toolbox

Core skills

Security Operations

SOC Tier 2 / Tier 3 Incident Response Threat Hunting Triage Chain-of-Custody

SIEM & Detection

Microsoft Sentinel KQL Log Correlation Detection Engineering SOAR Playbooks

Endpoint & Network Security

Defender XDR Defender for Endpoint Zscaler BeyondTrust Aternity Phishing Triage

Vulnerability Management

Tenable Nessus Patch Reporting Remediation Tracking

Cloud & Identity

Microsoft Azure Entra ID Conditional Access Intune Autopilot SC-900 aligned

Cloud Engineering

Azure App Services Terraform Azure DevOps Pipelines Docker Jenkins Git CI/CD IaC

Networking

TCP/IP Routing & Switching VLANs VPN DNS DHCP NOC Monitoring MTTR Management

Systems & Platforms

Windows Server 2012–2019 Active Directory Group Policy SCCM Citrix Microsoft 365

Compliance & Frameworks

ISO 27001 GDPR NIST-aligned ITIL v4

Scripting & Automation

PowerShell Bash KQL YAML
Credentials

Certifications & training

CEH v12

Certified Ethical Hacker · EC-Council

ISC2 CC

Certified in Cybersecurity

SC-900

Microsoft Security, Compliance & Identity Fundamentals

AWS CCP

AWS Certified Cloud Practitioner

CompTIA Network+

Networking fundamentals

ITIL v4 Foundation

Service management

Azure DevOps & IaC

AppMigro 2024–2025 · Terraform, Docker, Jenkins, Git, CI/CD

In view: CompTIA Security+ · Microsoft MD-102 · Microsoft AZ-900 · ServiceNow Admin

Education

Academic background

B.Tech, Computer Science

Ladoke Akintola University of Technology, Nigeria · 2011

Affiliations

Professional memberships

ISC2 EC-Council BCS (British Computer Society)
Get in touch

Let's talk

Open to Cybersecurity, IT Security, or Cloud & Infrastructure roles where proactive detection and automation have direct business impact. Based in Newcastle, available UK-wide and hybrid/remote.

Email

oluwatobi.awolude@outlook.com

Phone

+44 7727 111 482

GitHub

github.com/tawolude