Oluwatobi Awolude

Oluwatobi Awolude

SOC Analyst · IT Security Engineer · Cloud Engineer

Newcastle, United Kingdom

oluwatobi.awolude@outlook.com +44 7727 111 482 github.com/tawolude
Get in touch Download CV
About

Profile

SOC Analyst and Cloud-capable IT Security professional with 5+ years running enterprise security, cloud, and network operations across Microsoft Sentinel, Defender XDR, Azure, and Entra ID. Operates a global Tier 2 / Tier 3 SOC single-handed with zero supervision, closing 20+ tickets a day at a 30-minute MTTR while handling daily phishing cases for a worldwide user base. Authors KQL detections, drives Tenable-led vulnerability remediation in line with ISO 27001 and GDPR, and brings a strong cloud engineering foundation with hands-on Terraform, Azure DevOps, Docker, and CI/CD. Operates a production-style blue-team home lab on Proxmox covering SIEM, DFIR, detection-as-code, and purple-team operations — write-ups in the Projects section below. Looking for a Cybersecurity, IT Security, or Cloud Engineer role where proactive detection and automation have direct business impact.

5+Years in security & cloud ops
20+SOC tickets closed daily
30minMean time to respond
5,000+End users supported at BT/EE
Highlights

Key achievements

Independent Tier 2 / Tier 3 SOC

Closes 20+ tickets per day at a 30-minute MTTR across Sentinel, Defender XDR, Zscaler, and BeyondTrust — owning every alert from triage to post-incident review.

Global phishing response

Handles daily phishing cases for a globally distributed user base, containing credential and payload-based attacks within the same shift they are reported.

Custom KQL detections

Engineered custom KQL detections and hunt queries in Sentinel that surfaced threats default rules missed — lifting overall detection fidelity.

Audit-ready estate

Keeps the estate audit-ready against ISO 27001 and GDPR by driving Tenable Nessus scans, remediation tracking, and fix validation with asset owners.

Supported 5,000+ users

Supported 5,000+ BT and EE users across UK sites while meeting SLAs on VPN, Windows 10/11, Intune, and Active Directory.

Security-as-code

Bridges security and cloud engineering — trained in Terraform, Docker, Jenkins, and Azure DevOps Pipelines (AppMigro 2024–2025) and applies security-as-code to detection content.

Career

Professional experience

  1. IT Analyst, Security (SOC Analyst)

    Jan 2025 – Present

    Mott MacDonald · Newcastle, UK (Hybrid)

    • Close 20+ tickets per day at a 30-minute MTTR as an independent Tier 2 / Tier 3 analyst across Sentinel, Defender XDR, and Zscaler — owning every alert from triage to review.
    • Respond to daily phishing cases for the global user base: analyse headers and payloads, extract IoCs, purge mailboxes, and harden detections to stop repeat campaigns.
    • Engineer custom KQL detections and hunt packs that surface threats default rules miss — raising detection quality across identity, endpoint, and network telemetry.
    • Drive vulnerability management in Tenable Nessus: scope scans, track remediation with asset owners, and validate fixes to keep the risk register clean.
    • Tighten identity and privileged access through Entra ID Conditional Access and BeyondTrust session monitoring, reducing standing privilege exposure.
    • Produce control evidence for ISO 27001 and GDPR, mapping SOC activity to audit requirements.
    • Treat detection content as code: version-controlled in Git and deployed through Azure DevOps Pipelines for repeatable rollouts.

  2. IT Analyst, Application and Cloud Support

    Apr 2023 – Mar 2025

    Mott MacDonald · Newcastle, UK (Hybrid)

    • Delivered L3 support across Microsoft 365, Azure, ServiceNow, AutoDesk, and Bentley for a global engineering user base — protecting uptime on critical platforms.
    • Hardened Intune, Autopilot, and Entra ID configurations, rolling out Conditional Access, device compliance, and zero-touch provisioning.
    • Troubleshot Azure App Services, virtualisation, and identity issues alongside platform teams to unblock upgrades and integrations.
    • Wrote knowledge-base articles, runbooks, and process flows that cut repeat tickets and lifted first-time fix rates.
    • Partnered with security on escalations and early Defender adoption — which led to my internal move into the SOC role.

  3. IT Support Engineer, 2nd & 3rd Line

    Oct 2021 – Mar 2023

    BT / EE via Hays Talent Solutions · Gosforth, North Tyneside & Remote

    • Supported 5,000+ BT and EE users across UK call centres and remote sites — hitting SLAs on Windows 10/11, Microsoft 365, VPN, and Active Directory incidents.
    • Provisioned users and devices through AD and Intune, enforced Group Policy and Conditional Access baselines, and executed Windows patching through SCCM.
    • Acted as backfill engineer across UK sites for upgrades, new-site rollouts, and decommissioning projects.
    • Worked with the cybersecurity team on phishing triage, access reviews, and incident escalations — sharpening the security mindset I use in the SOC today.

  4. IT Analyst, Remote Infrastructure & Cloud

    May 2019 – Sep 2021

    Naynav Engineering Services · Newcastle, UK (Remote)

    • Delivered infrastructure and cloud support for a remote workforce, covering Intune policies, Conditional Access, and Microsoft 365.
    • Performed compliance checks and helped implement cloud security policies across Entra ID and Azure workloads.
    • Documented SOPs and onboarding guides that reduced repeat queries and scaled operational knowledge.

  5. NOC Engineer & Network Surveillance Specialist

    Sep 2017 – Apr 2019

    Biswal Telecoms · Lagos, Nigeria

    • Monitored telecom networks 24×7, triaged critical alarms across regions, and coordinated field engineers to hit MTTR and SLA targets.
    • Produced incident reports and shift handovers that kept the NOC synchronised and customer-facing services stable.
    • Built the TCP/IP, routing, and fault-management fundamentals that still underpin how I investigate today.
Lab work

Home lab projects

A production-style blue-team home lab on Proxmox, building toward an end-to-end SOC stack — SIEM, DFIR, detection-as-code, deception, and purple-team operations. Each project ships with a public write-up, repo, and key learnings. Updated as work lands.

Project 0

Lab Foundation

Done

Proxmox VE host with pfSense gateway and DNS forwarder, Active Directory forest (lab.local) on Windows Server 2022, six OUs and eleven seeded users including SPN-tagged service accounts for later Kerberoast practice, and three domain-joined Windows 11 endpoints. Snapshots taken at every meaningful checkpoint for clean rollback.

Shipped 27 Apr 2026
Proxmox VE pfSense Active Directory Windows 11
Code on GitHub
Project 1

Wazuh SIEM

Done

Wazuh 4.x all-in-one (manager + indexer + dashboard) ingesting three telemetry sources — Sysmon with Olaf Hartong's modular config from DC01 and Win11-User01, File Integrity Monitoring on persistence paths and autorun registry keys, and pfSense syslog (firewall, DHCP, system events). Vulnerability detection module running against NVD + MSRC feeds; documented a real-world feed-coverage gap on Win11 24H2 builds.

Shipped 30 Apr 2026
Wazuh Sysmon FIM Vuln Detection
Project 2

Detection-as-Code

In progress

Atomic Red Team techniques fired against the lab to drive detection engineering: author Sigma rules, convert to Wazuh, version in Git, and measure coverage against MITRE ATT&CK.

Started 30 Apr 2026
Current focus: Sysmon telemetry now flowing from DC01 + Win11-User01 into Wazuh. Next up: install Atomic Red Team and Invoke-AtomicTest, fire ATT&CK techniques against the lab, author Sigma rules to detect each, convert to Wazuh, version-control them in Git.
MITRE ATT&CK Atomic Red Team Sigma Detection Engineering
Project 3

Velociraptor DFIR

Planned

Endpoint hunt and triage at scale — VQL hunts for persistence, lateral movement, and credential access; artefact collection and timeline reconstruction across the AD estate.

Velociraptor VQL Hunt & Triage DFIR
Project 4

MISP Threat Intel

Planned

Self-hosted MISP with curated feeds, IOC enrichment pipeline, and bidirectional integration into the SIEM — surfacing community intel inside Wazuh detections and pushing local findings back out.

MISP Threat Intelligence IOCs STIX / TAXII
Project 4.5

Personal OSINT Monitor

Planned

FastAPI app that scans my own digital footprint — HIBP, Sherlock, search dorks, data-broker enumerators — pushes findings into MISP as private events and drafts UK GDPR Article 17 erasure requests via the Gmail API.

FastAPI OSINT Gmail API GDPR Art. 17
Project 5

TheHive + Cortex SOAR

Planned

Case management and analyser/responder framework wired to MISP and Wazuh. Phishing triage playbook that mirrors my day job — observable extraction, multi-source verdict, automated mailbox actions, IOC publishing.

TheHive Cortex SOAR Playbook Design
Project 6

Purple Team Emulation

Planned

Caldera adversary emulation against the lab AD; BloodHound to surface attack paths; close the loop by hardening the directory and validating that detections fire end-to-end.

Caldera BloodHound Purple Team AD Hardening
Project 7

T-Pot Honeypots

Planned

Multi-protocol honeypot stack on the DMZ VLAN. Attacker telemetry forwarded into Wazuh and enriched with MISP intel — turns scan-noise into local IOCs that improve real detections.

T-Pot Deception Honeypots DMZ
Project 8

Phishing & Malware Sandbox

Planned

Detonation chamber for emails and attachments — Cuckoo or any.run-style analysis with verdict feeding straight into TheHive cases and MISP intel records.

Sandbox Malware Analysis Phishing Triage YARA
Project 9

Cloud SOC on Azure

Planned

Free Azure tenant standing up Defender for Cloud, Sentinel, KQL detections, and Logic App responders — mirroring the production SOC tools I run at work, fully owned end-to-end.

Microsoft Sentinel Defender for Cloud KQL Logic Apps
Project 10

Capstone Incident Simulation

Planned

End-to-end breach scenario across the lab — initial access through to exfiltration, exercised against the SIEM, SOAR, and DFIR stack with an audit-ready incident report as the deliverable.

Incident Response End-to-End Reporting Tabletop
Toolbox

Core skills

Security Operations

SOC Tier 2 / Tier 3 Incident Response Threat Hunting Triage Chain-of-Custody

SIEM & Detection

Microsoft Sentinel KQL Log Correlation Detection Engineering SOAR Playbooks

Endpoint & Network Security

Defender XDR Defender for Endpoint Zscaler BeyondTrust Aternity Phishing Triage

Vulnerability Management

Tenable Nessus Patch Reporting Remediation Tracking

Cloud & Identity

Microsoft Azure Entra ID Conditional Access Intune Autopilot SC-900 aligned

Cloud Engineering

Azure App Services Terraform Azure DevOps Pipelines Docker Jenkins Git CI/CD IaC

Networking

TCP/IP Routing & Switching VLANs VPN DNS DHCP NOC Monitoring MTTR Management

Systems & Platforms

Windows Server 2012–2019 Active Directory Group Policy SCCM Citrix Microsoft 365

Compliance & Frameworks

ISO 27001 GDPR NIST-aligned ITIL v4

Scripting & Automation

PowerShell Bash KQL YAML
Credentials

Certifications & training

CEH v12

Certified Ethical Hacker · EC-Council

ISC2 CC

Certified in Cybersecurity

SC-900

Microsoft Security, Compliance & Identity Fundamentals

AWS CCP

AWS Certified Cloud Practitioner

CompTIA Network+

Networking fundamentals

ITIL v4 Foundation

Service management

Azure DevOps & IaC

AppMigro 2024–2025 · Terraform, Docker, Jenkins, Git, CI/CD

In view: CompTIA Security+ · Microsoft MD-102 · Microsoft AZ-900 · ServiceNow Admin

Education

Academic background

B.Tech, Computer Science

Ladoke Akintola University of Technology, Nigeria · 2011

Affiliations

Professional memberships

ISC2 EC-Council BCS (British Computer Society)
Get in touch

Let's talk

Open to Cybersecurity, IT Security, or Cloud Engineer roles where proactive detection and automation have direct business impact. Based in Newcastle, available UK-wide and hybrid/remote.

Email

oluwatobi.awolude@outlook.com

Phone

+44 7727 111 482

GitHub

github.com/tawolude