- Reposition summary and skills toward hands-on AI + automation (IC track); lead skills with AI/ML Engineering, demote leadership - Condense summary to lead with a hard metric (47% of 3,500 weekly tickets) - Fold NWTF role into Earlier Experience to fit 2 pages - Add build_resume.sh: regenerate docx, render PDF via OnlyOffice x2t, and enforce a hard 3-page maximum - Fix timezone off-by-one in work dates and cert/award years Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
244 lines
9.1 KiB
JSON
244 lines
9.1 KiB
JSON
{
|
|
"$schema": "https://raw.githubusercontent.com/jsonresume/resume-schema/v1.0.0/schema.json",
|
|
"basics": {
|
|
"name": "Phillip Tarrant",
|
|
"label": "Principal Security Engineer | Security Automation & AI Engineering",
|
|
"email": "ptarrant@gmail.com",
|
|
"phone": "(706) 294-6733",
|
|
"url": "https://www.linkedin.com/in/phillip-tarrant-cyber",
|
|
"summary": "Principal-level security engineer with 20+ years building detection and AI-driven automation across MSSP and enterprise environments. Ships production tooling end to end — custom SOAR platforms and LLM triage pipelines; built automation that closed 47% of 3,500 weekly tickets with no human touch. Deep DFIR and threat-hunting roots, now focused on applied AI security.",
|
|
"location": {
|
|
"city": "Morrison",
|
|
"region": "TN",
|
|
"countryCode": "US"
|
|
},
|
|
"profiles": [
|
|
{
|
|
"network": "LinkedIn",
|
|
"username": "phillip-tarrant-cyber",
|
|
"url": "https://www.linkedin.com/in/phillip-tarrant-cyber"
|
|
}
|
|
]
|
|
},
|
|
"work": [
|
|
{
|
|
"name": "TopBuild Corp",
|
|
"position": "Principal Security Engineer",
|
|
"location": "Remote",
|
|
"startDate": "2026-03",
|
|
"summary": "Lead engineer owning security automation, AI development, and SIEM/logging strategy for the enterprise security program; build detection engineering and threat hunting tooling while setting technical direction for the team.",
|
|
"highlights": [
|
|
"Architected and built a custom SOAR web application from the ground up — 20+ automated response actions unifying detection, reporting, and response across Microsoft 365, CrowdStrike, Google SecOps, and ReliaQuest",
|
|
"Engineered a 'user activity tracker' that correlates enterprise telemetry to accelerate incident triage and proactive threat hunting",
|
|
"Automated end-to-end quarantine email release across Microsoft 365 and Abnormal, cutting analyst response time on phishing and malicious mail",
|
|
"Own enterprise security automation, AI development, and SIEM/logging architecture across the security program",
|
|
"Set secure-coding and cybersecurity-forward AI usage standards; mentor engineers and advise leadership on detection engineering investments"
|
|
]
|
|
},
|
|
{
|
|
"name": "Confidential",
|
|
"position": "Senior Information Security Consultant",
|
|
"location": "Remote",
|
|
"startDate": "2025-01",
|
|
"endDate": "2026-03",
|
|
"summary": "Contract consulting role delivering hands-on security engineering, SOC operations, and vulnerability management for defense, fintech, and MSSP clients.",
|
|
"highlights": [
|
|
"Ran SOC operations for a US Defense Space market supplier across multiple Microsoft tenants",
|
|
"Managed the Vulnerability Management Program for one of the largest US fintech clients using Qualys",
|
|
"Restructured SOC workflow and trained analysts at an MSSP",
|
|
"Designed secure architectures and provided compliance guidance (HIPAA, PCI-DSS, GDPR, NIST 800-53)"
|
|
]
|
|
},
|
|
{
|
|
"name": "Compuquip Cybersecurity",
|
|
"position": "SOC Technical Manager → SOC Director → Director of Automation",
|
|
"location": "Tampa/Doral, Florida",
|
|
"startDate": "2021-01",
|
|
"endDate": "2024-12",
|
|
"summary": "Progressive technical and leadership roles culminating in Director of Automation, owning AI development and security automation for MSSP clients.",
|
|
"highlights": [
|
|
"Built automation handling 3,500 tickets weekly, closing 47% without human involvement",
|
|
"Owned all AI development in a secure MSSP environment — AI-powered security automation using Python, AWS Lambda, LLMs, and SOAR platforms",
|
|
"Designed prompt engineering frameworks and AI guardrails ensuring safe, accurate, auditable AI outputs in production security workflows",
|
|
"Built RAG-based knowledge systems and LLM-driven triage pipelines for automated threat classification and analyst augmentation",
|
|
"Established AI governance including model evaluation, output validation, and security controls for LLM deployments",
|
|
"Grew SOC client base from 16 to 52 customers and improved margin from 18% to 52% while leading a 17-person SOC, Red Team, and DFIR org"
|
|
]
|
|
},
|
|
{
|
|
"name": "Travel Syndication Technology (TST)",
|
|
"position": "Sr. Cyber Security Architect",
|
|
"location": "Alpharetta, Georgia",
|
|
"startDate": "2020-04",
|
|
"endDate": "2021-01",
|
|
"summary": "Owned security architecture, detection tooling, and compliance across the organization.",
|
|
"highlights": [
|
|
"Steered the organization through PCI and NIST 800 series audits",
|
|
"Built custom tools to automate attacks against infrastructure and engineer matching detections",
|
|
"Saved $10,000+ through effective vendor/supplier negotiations"
|
|
]
|
|
},
|
|
{
|
|
"name": "Intercontinental Exchange",
|
|
"position": "Cyber Security Engineer → Senior Cyber Security Engineer",
|
|
"location": "Marietta, Georgia",
|
|
"startDate": "2018-08",
|
|
"endDate": "2020-04",
|
|
"summary": "Incident Response/Digital Forensics lead, promoted to the Architecture and Automation Team.",
|
|
"highlights": [
|
|
"Lead investigator on critical incidents; ran multi-server compromise investigations across three teams",
|
|
"Led malware analysis in sandboxed environments and mentored junior analysts",
|
|
"Designed security data flow pipelines and automated SOC triage tooling"
|
|
]
|
|
},
|
|
{
|
|
"name": "Earlier Experience",
|
|
"position": "IT Leadership & Systems Administration Roles",
|
|
"startDate": "1999-01",
|
|
"endDate": "2018-08",
|
|
"summary": "Progressive IT and technical leadership roles, including Technical Services Manager at the National Wild Turkey Federation — led 8 technicians and developers supporting 300+ staff, saved $50,000+/year migrating 3rd-party tools in-house, and owned web/network/application security. Earlier: Network/Server Administrator at NWTF, System Administrator at Morgan Thermal Ceramics, IT Coordinator at Briarwood Academy, and Technical Support at Sitel Group."
|
|
}
|
|
],
|
|
"education": [
|
|
{
|
|
"institution": "Virginia College",
|
|
"area": "Network Administration",
|
|
"studyType": "Associate",
|
|
"startDate": "2014",
|
|
"endDate": "2016",
|
|
"score": "4.0",
|
|
"courses": []
|
|
}
|
|
],
|
|
"certificates": [
|
|
{
|
|
"name": "GWAPT - Web Application Penetration Tester",
|
|
"issuer": "GIAC",
|
|
"date": "2020-01-01"
|
|
},
|
|
{
|
|
"name": "GCFA - Forensic Analyst",
|
|
"issuer": "GIAC",
|
|
"date": "2019-01-01"
|
|
},
|
|
{
|
|
"name": "GCIH - Incident Handler",
|
|
"issuer": "GIAC",
|
|
"date": "2018-01-01"
|
|
}
|
|
],
|
|
"awards": [
|
|
{
|
|
"title": "Lethal Forensicator Coin Winner",
|
|
"awarder": "SANS/GIAC",
|
|
"date": "2019-01-01",
|
|
"summary": "SANS Challenge Coin for excellence in digital forensics"
|
|
}
|
|
],
|
|
"skills": [
|
|
{
|
|
"name": "AI/ML Engineering & Automation",
|
|
"level": "Expert",
|
|
"keywords": [
|
|
"LLM Integration",
|
|
"RAG Systems",
|
|
"Prompt Engineering",
|
|
"Agentic AI",
|
|
"AI Security & Guardrails",
|
|
"AI Governance",
|
|
"Model Evaluation",
|
|
"AWS Bedrock",
|
|
"AWS Lambda",
|
|
"Python Automation",
|
|
"Custom SOAR Development"
|
|
]
|
|
},
|
|
{
|
|
"name": "Security Operations, SIEM & SOAR",
|
|
"level": "Expert",
|
|
"keywords": [
|
|
"Splunk",
|
|
"ELK Stack",
|
|
"Microsoft Sentinel/Defender",
|
|
"Google SecOps (Chronicle)",
|
|
"CrowdStrike",
|
|
"ReliaQuest",
|
|
"Sentinel One",
|
|
"Rapid7 IDR",
|
|
"Swimlane",
|
|
"D3 SOAR",
|
|
"Torq",
|
|
"Playbook Development"
|
|
]
|
|
},
|
|
{
|
|
"name": "Detection Engineering, DFIR & Red Team",
|
|
"level": "Expert",
|
|
"keywords": [
|
|
"Detection Engineering",
|
|
"Threat Hunting",
|
|
"Malware Analysis",
|
|
"Incident Response",
|
|
"Volatility",
|
|
"Darktrace",
|
|
"Tanium",
|
|
"Vectra",
|
|
"FireEye",
|
|
"Abnormal Security",
|
|
"Metasploit",
|
|
"Purple Team"
|
|
]
|
|
},
|
|
{
|
|
"name": "Cloud, Infrastructure & Programming",
|
|
"level": "Advanced",
|
|
"keywords": [
|
|
"Python",
|
|
"PowerShell",
|
|
"Bash",
|
|
"AWS",
|
|
"Azure",
|
|
"Oracle Cloud",
|
|
"Docker",
|
|
"Kubernetes",
|
|
"Windows Server",
|
|
"Linux/UNIX",
|
|
"Active Directory"
|
|
]
|
|
},
|
|
{
|
|
"name": "Compliance & Frameworks",
|
|
"level": "Advanced",
|
|
"keywords": [
|
|
"NIST 800-53",
|
|
"PCI-DSS",
|
|
"HIPAA",
|
|
"GDPR",
|
|
"CIS Benchmarks"
|
|
]
|
|
},
|
|
{
|
|
"name": "Leadership & Mentorship",
|
|
"level": "Expert",
|
|
"keywords": [
|
|
"Technical Leadership",
|
|
"Engineer Mentorship",
|
|
"MSSP Operations",
|
|
"Team Leadership (17+ reports)",
|
|
"Vendor Negotiations"
|
|
]
|
|
}
|
|
],
|
|
"languages": [
|
|
{
|
|
"language": "English",
|
|
"fluency": "Native speaker"
|
|
}
|
|
],
|
|
"meta": {
|
|
"theme": "elegant",
|
|
"version": "v1.0.0",
|
|
"lastModified": "2026-07-06"
|
|
}
|
|
}
|