Files
resume/resume.json
Phillip Tarrant ff3adfc438 Refocus resume as Principal Security Engineer; tighten to 2 pages
- Reposition summary and skills toward hands-on AI + automation (IC track);
  lead skills with AI/ML Engineering, demote leadership
- Condense summary to lead with a hard metric (47% of 3,500 weekly tickets)
- Fold NWTF role into Earlier Experience to fit 2 pages
- Add build_resume.sh: regenerate docx, render PDF via OnlyOffice x2t,
  and enforce a hard 3-page maximum
- Fix timezone off-by-one in work dates and cert/award years

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-06 11:19:56 -05:00

244 lines
9.1 KiB
JSON

{
"$schema": "https://raw.githubusercontent.com/jsonresume/resume-schema/v1.0.0/schema.json",
"basics": {
"name": "Phillip Tarrant",
"label": "Principal Security Engineer | Security Automation & AI Engineering",
"email": "ptarrant@gmail.com",
"phone": "(706) 294-6733",
"url": "https://www.linkedin.com/in/phillip-tarrant-cyber",
"summary": "Principal-level security engineer with 20+ years building detection and AI-driven automation across MSSP and enterprise environments. Ships production tooling end to end — custom SOAR platforms and LLM triage pipelines; built automation that closed 47% of 3,500 weekly tickets with no human touch. Deep DFIR and threat-hunting roots, now focused on applied AI security.",
"location": {
"city": "Morrison",
"region": "TN",
"countryCode": "US"
},
"profiles": [
{
"network": "LinkedIn",
"username": "phillip-tarrant-cyber",
"url": "https://www.linkedin.com/in/phillip-tarrant-cyber"
}
]
},
"work": [
{
"name": "TopBuild Corp",
"position": "Principal Security Engineer",
"location": "Remote",
"startDate": "2026-03",
"summary": "Lead engineer owning security automation, AI development, and SIEM/logging strategy for the enterprise security program; build detection engineering and threat hunting tooling while setting technical direction for the team.",
"highlights": [
"Architected and built a custom SOAR web application from the ground up — 20+ automated response actions unifying detection, reporting, and response across Microsoft 365, CrowdStrike, Google SecOps, and ReliaQuest",
"Engineered a 'user activity tracker' that correlates enterprise telemetry to accelerate incident triage and proactive threat hunting",
"Automated end-to-end quarantine email release across Microsoft 365 and Abnormal, cutting analyst response time on phishing and malicious mail",
"Own enterprise security automation, AI development, and SIEM/logging architecture across the security program",
"Set secure-coding and cybersecurity-forward AI usage standards; mentor engineers and advise leadership on detection engineering investments"
]
},
{
"name": "Confidential",
"position": "Senior Information Security Consultant",
"location": "Remote",
"startDate": "2025-01",
"endDate": "2026-03",
"summary": "Contract consulting role delivering hands-on security engineering, SOC operations, and vulnerability management for defense, fintech, and MSSP clients.",
"highlights": [
"Ran SOC operations for a US Defense Space market supplier across multiple Microsoft tenants",
"Managed the Vulnerability Management Program for one of the largest US fintech clients using Qualys",
"Restructured SOC workflow and trained analysts at an MSSP",
"Designed secure architectures and provided compliance guidance (HIPAA, PCI-DSS, GDPR, NIST 800-53)"
]
},
{
"name": "Compuquip Cybersecurity",
"position": "SOC Technical Manager → SOC Director → Director of Automation",
"location": "Tampa/Doral, Florida",
"startDate": "2021-01",
"endDate": "2024-12",
"summary": "Progressive technical and leadership roles culminating in Director of Automation, owning AI development and security automation for MSSP clients.",
"highlights": [
"Built automation handling 3,500 tickets weekly, closing 47% without human involvement",
"Owned all AI development in a secure MSSP environment — AI-powered security automation using Python, AWS Lambda, LLMs, and SOAR platforms",
"Designed prompt engineering frameworks and AI guardrails ensuring safe, accurate, auditable AI outputs in production security workflows",
"Built RAG-based knowledge systems and LLM-driven triage pipelines for automated threat classification and analyst augmentation",
"Established AI governance including model evaluation, output validation, and security controls for LLM deployments",
"Grew SOC client base from 16 to 52 customers and improved margin from 18% to 52% while leading a 17-person SOC, Red Team, and DFIR org"
]
},
{
"name": "Travel Syndication Technology (TST)",
"position": "Sr. Cyber Security Architect",
"location": "Alpharetta, Georgia",
"startDate": "2020-04",
"endDate": "2021-01",
"summary": "Owned security architecture, detection tooling, and compliance across the organization.",
"highlights": [
"Steered the organization through PCI and NIST 800 series audits",
"Built custom tools to automate attacks against infrastructure and engineer matching detections",
"Saved $10,000+ through effective vendor/supplier negotiations"
]
},
{
"name": "Intercontinental Exchange",
"position": "Cyber Security Engineer → Senior Cyber Security Engineer",
"location": "Marietta, Georgia",
"startDate": "2018-08",
"endDate": "2020-04",
"summary": "Incident Response/Digital Forensics lead, promoted to the Architecture and Automation Team.",
"highlights": [
"Lead investigator on critical incidents; ran multi-server compromise investigations across three teams",
"Led malware analysis in sandboxed environments and mentored junior analysts",
"Designed security data flow pipelines and automated SOC triage tooling"
]
},
{
"name": "Earlier Experience",
"position": "IT Leadership & Systems Administration Roles",
"startDate": "1999-01",
"endDate": "2018-08",
"summary": "Progressive IT and technical leadership roles, including Technical Services Manager at the National Wild Turkey Federation — led 8 technicians and developers supporting 300+ staff, saved $50,000+/year migrating 3rd-party tools in-house, and owned web/network/application security. Earlier: Network/Server Administrator at NWTF, System Administrator at Morgan Thermal Ceramics, IT Coordinator at Briarwood Academy, and Technical Support at Sitel Group."
}
],
"education": [
{
"institution": "Virginia College",
"area": "Network Administration",
"studyType": "Associate",
"startDate": "2014",
"endDate": "2016",
"score": "4.0",
"courses": []
}
],
"certificates": [
{
"name": "GWAPT - Web Application Penetration Tester",
"issuer": "GIAC",
"date": "2020-01-01"
},
{
"name": "GCFA - Forensic Analyst",
"issuer": "GIAC",
"date": "2019-01-01"
},
{
"name": "GCIH - Incident Handler",
"issuer": "GIAC",
"date": "2018-01-01"
}
],
"awards": [
{
"title": "Lethal Forensicator Coin Winner",
"awarder": "SANS/GIAC",
"date": "2019-01-01",
"summary": "SANS Challenge Coin for excellence in digital forensics"
}
],
"skills": [
{
"name": "AI/ML Engineering & Automation",
"level": "Expert",
"keywords": [
"LLM Integration",
"RAG Systems",
"Prompt Engineering",
"Agentic AI",
"AI Security & Guardrails",
"AI Governance",
"Model Evaluation",
"AWS Bedrock",
"AWS Lambda",
"Python Automation",
"Custom SOAR Development"
]
},
{
"name": "Security Operations, SIEM & SOAR",
"level": "Expert",
"keywords": [
"Splunk",
"ELK Stack",
"Microsoft Sentinel/Defender",
"Google SecOps (Chronicle)",
"CrowdStrike",
"ReliaQuest",
"Sentinel One",
"Rapid7 IDR",
"Swimlane",
"D3 SOAR",
"Torq",
"Playbook Development"
]
},
{
"name": "Detection Engineering, DFIR & Red Team",
"level": "Expert",
"keywords": [
"Detection Engineering",
"Threat Hunting",
"Malware Analysis",
"Incident Response",
"Volatility",
"Darktrace",
"Tanium",
"Vectra",
"FireEye",
"Abnormal Security",
"Metasploit",
"Purple Team"
]
},
{
"name": "Cloud, Infrastructure & Programming",
"level": "Advanced",
"keywords": [
"Python",
"PowerShell",
"Bash",
"AWS",
"Azure",
"Oracle Cloud",
"Docker",
"Kubernetes",
"Windows Server",
"Linux/UNIX",
"Active Directory"
]
},
{
"name": "Compliance & Frameworks",
"level": "Advanced",
"keywords": [
"NIST 800-53",
"PCI-DSS",
"HIPAA",
"GDPR",
"CIS Benchmarks"
]
},
{
"name": "Leadership & Mentorship",
"level": "Expert",
"keywords": [
"Technical Leadership",
"Engineer Mentorship",
"MSSP Operations",
"Team Leadership (17+ reports)",
"Vendor Negotiations"
]
}
],
"languages": [
{
"language": "English",
"fluency": "Native speaker"
}
],
"meta": {
"theme": "elegant",
"version": "v1.0.0",
"lastModified": "2026-07-06"
}
}